1

我对 Solr 非常陌生,并试图实现一个每 30 秒查询一次 solr 的 java 程序。

设想:

  1. 当程序启动时,它会查询 solr 以检索前 1 个月的 DDI 网络活动。以下是查询。query.set("q","pname:'Deep Discovery Inspector' AND eventName:MALWARE_DETECTION AND logTime:[NOW-1MONTH TO NOW] AND app:HTTP"); 查询.setRows(10000);

  2. 初始化后,程序每 30 秒查询一次 DDA。以下是查询。query.set("q","pname:'Deep Discovery Inspector' AND eventName:MALWARE_DETECTION AND logTime:[NOW-30SECOND TO NOW] AND app:HTTP"); 查询.setRows(10000);

#1 中的查询返回一些结果。但是每 30 秒调用一次的第二个查询不会返回任何内容。SolrDocumentList.size() 始终为 0。

以下是我的java代码。

 public void run(){
    Connection conn;
    PreparedStatement ps;

    int dda_count = glob_var.dda_cnt;

    long threadId = Thread.currentThread().getId();
    System.out.println("Solr handling thread started... Thread ID: " + threadId);

    System.out.println("Solr monitoring started... Thread ID: " + threadId);

    while(true){
        try{
            for(int j = 0; j < glob_var.dda_cnt; j++){
                Query_DDA_Solr(dda_solr[j], my_url);
                Thread.sleep(100);
            }

            Thread.sleep(30000);

        } catch(Exception e){
            log.write_log("DDIC_SOLR_CON/run: " + e);
        }
    }
}

public static void Query_DDA_Solr(String dda_s, String my_u){

try{
    Connection conn;
    PreparedStatement ps;

    SolrServer server = new HttpSolrServer(dda_s);          
    SolrQuery query = new SolrQuery();

    //query.set("q","pname:'Deep Discovery Inspector' AND eventName:MALWARE_DETECTION AND logTime:[NOW-5MINUTE TO NOW] AND app:HTTP"); 
    query.set("q","pname:'Deep Discovery Inspector' AND eventName:MALWARE_DETECTION AND app:HTTP"); 
    query.setRows(10000);
    QueryResponse rsp = server.query(query);
    SolrDocumentList results = rsp.getResults();

    conn = DriverManager.getConnection(my_u, glob_var.my_userid, glob_var.my_userpw);
            System.out.println("size of result = " + results.size());                   
    for (int i = 0; i < results.size(); ++i) {
        //boolean insert = false;
        String virusname = "", request = "";
        Timestamp etime = null;

        String element = results.get(i).toString();
        StringTokenizer ts = new StringTokenizer(element, "{");
        ts.nextElement();
        String ts2 = ts.nextElement().toString();
        ts = new StringTokenizer(ts2, ",");

        while(ts.hasMoreTokens()){
            String pair = ts.nextToken();
            StringTokenizer ts_2 = new StringTokenizer(pair, "=");
            String temp_attr = ts_2.nextElement().toString();

            if(temp_attr.equals(" logTime")){
                String eventtime = ts_2.nextElement().toString();
                SimpleDateFormat sdf = new SimpleDateFormat("EEE MMM dd kk:mm:ss z yyyy", Locale.ENGLISH);
                Date d = (Date) sdf.parse(eventtime);
                Timestamp temp_ts = new Timestamp(d.getTime());
                etime = temp_ts;

                break;
            }
        }   

        String app = "";

        // other works here

        //if(insert){
        if(etime.after(glob_var.solr_timestamp)){
            ResultSet trs = null;
            PreparedStatement my_ps;

            // database insert here
        }
    }

    conn.close();
    results.clear();
    query.clear();
    server.shutdown();

    Thread.sleep(5);

} catch(Exception e){
        log.write_log("SOLR_CON/Query_DDA_Solr: " + e);
}

}

有谁知道这段代码有什么问题?

提前致谢

4

1 回答 1

0

将 query.setRows(xxxx) 增加到一些大数字并检查,它对我有帮助

于 2014-11-27T06:05:24.250 回答