我对 Solr 非常陌生,并试图实现一个每 30 秒查询一次 solr 的 java 程序。
设想:
当程序启动时,它会查询 solr 以检索前 1 个月的 DDI 网络活动。以下是查询。query.set("q","pname:'Deep Discovery Inspector' AND eventName:MALWARE_DETECTION AND logTime:[NOW-1MONTH TO NOW] AND app:HTTP"); 查询.setRows(10000);
初始化后,程序每 30 秒查询一次 DDA。以下是查询。query.set("q","pname:'Deep Discovery Inspector' AND eventName:MALWARE_DETECTION AND logTime:[NOW-30SECOND TO NOW] AND app:HTTP"); 查询.setRows(10000);
#1 中的查询返回一些结果。但是每 30 秒调用一次的第二个查询不会返回任何内容。SolrDocumentList.size() 始终为 0。
以下是我的java代码。
public void run(){
Connection conn;
PreparedStatement ps;
int dda_count = glob_var.dda_cnt;
long threadId = Thread.currentThread().getId();
System.out.println("Solr handling thread started... Thread ID: " + threadId);
System.out.println("Solr monitoring started... Thread ID: " + threadId);
while(true){
try{
for(int j = 0; j < glob_var.dda_cnt; j++){
Query_DDA_Solr(dda_solr[j], my_url);
Thread.sleep(100);
}
Thread.sleep(30000);
} catch(Exception e){
log.write_log("DDIC_SOLR_CON/run: " + e);
}
}
}
public static void Query_DDA_Solr(String dda_s, String my_u){
try{
Connection conn;
PreparedStatement ps;
SolrServer server = new HttpSolrServer(dda_s);
SolrQuery query = new SolrQuery();
//query.set("q","pname:'Deep Discovery Inspector' AND eventName:MALWARE_DETECTION AND logTime:[NOW-5MINUTE TO NOW] AND app:HTTP");
query.set("q","pname:'Deep Discovery Inspector' AND eventName:MALWARE_DETECTION AND app:HTTP");
query.setRows(10000);
QueryResponse rsp = server.query(query);
SolrDocumentList results = rsp.getResults();
conn = DriverManager.getConnection(my_u, glob_var.my_userid, glob_var.my_userpw);
System.out.println("size of result = " + results.size());
for (int i = 0; i < results.size(); ++i) {
//boolean insert = false;
String virusname = "", request = "";
Timestamp etime = null;
String element = results.get(i).toString();
StringTokenizer ts = new StringTokenizer(element, "{");
ts.nextElement();
String ts2 = ts.nextElement().toString();
ts = new StringTokenizer(ts2, ",");
while(ts.hasMoreTokens()){
String pair = ts.nextToken();
StringTokenizer ts_2 = new StringTokenizer(pair, "=");
String temp_attr = ts_2.nextElement().toString();
if(temp_attr.equals(" logTime")){
String eventtime = ts_2.nextElement().toString();
SimpleDateFormat sdf = new SimpleDateFormat("EEE MMM dd kk:mm:ss z yyyy", Locale.ENGLISH);
Date d = (Date) sdf.parse(eventtime);
Timestamp temp_ts = new Timestamp(d.getTime());
etime = temp_ts;
break;
}
}
String app = "";
// other works here
//if(insert){
if(etime.after(glob_var.solr_timestamp)){
ResultSet trs = null;
PreparedStatement my_ps;
// database insert here
}
}
conn.close();
results.clear();
query.clear();
server.shutdown();
Thread.sleep(5);
} catch(Exception e){
log.write_log("SOLR_CON/Query_DDA_Solr: " + e);
}
}
有谁知道这段代码有什么问题?
提前致谢