Merge pull request #237 from CybercentreCanada/hotfix/group_search_total

Hotfix/group search total

assemblyline_ui/api/v4/alert.py

@@ -230,14 +230,15 @@ def list_alerts(**kwargs):
     None
 
     Arguments:
-    fq          => Post filter queries (you can have multiple of those)
-    q           => Query to apply to the alert list
-    no_delay    => Do not delay alerts
-    offset      => Offset at which we start giving alerts
-    rows        => Numbers of alerts to return
-    tc_start    => Time offset at which we start the time constraint
-    tc          => Time constraint applied to the API
-    use_archive => List alerts from archive as well (Default: False)
+    fq                => Post filter queries (you can have multiple of those)
+    q                 => Query to apply to the alert list
+    no_delay          => Do not delay alerts
+    offset            => Offset at which we start giving alerts
+    rows              => Numbers of alerts to return
+    tc_start          => Time offset at which we start the time constraint
+    tc                => Time constraint applied to the API
+    use_archive       => List alerts from archive as well (Default: False)
+    track_total_hits  => Track the total number of item that match the query (Default: 10 000)
 
     Data Block:
     None
@@ -265,6 +266,7 @@ def list_alerts(**kwargs):
     if tc and config.ui.read_only:
         tc += config.ui.read_only_offset
     timming_filter = get_timming_filter(tc_start, tc)
+    track_total_hits = request.args.get('track_total_hits', False)
 
     filters = [x for x in request.args.getlist("fq") if x != ""]
     if timming_filter:
@@ -274,7 +276,7 @@ def list_alerts(**kwargs):
         res = STORAGE.alert.search(
             query, offset=offset, rows=rows, fl="alert_id", sort="reporting_ts desc",
             access_control=user['access_control'],
-            filters=filters, as_obj=False, use_archive=use_archive)
+            filters=filters, as_obj=False, use_archive=use_archive, track_total_hits=track_total_hits)
         res['items'] = sorted(STORAGE.alert.multiget([v['alert_id'] for v in res['items']],
                                                      as_dictionary=False, as_obj=False),
                               key=lambda k: k['reporting_ts'], reverse=True)
@@ -293,13 +295,15 @@ def list_grouped_alerts(field, **kwargs):
     None
 
     Arguments:
-    fq         => Post filter queries (you can have multiple of those)
-    q          => Query to apply to the alert list
-    no_delay   => Do not delay alerts
-    offset     => Offset at which we start giving alerts
-    rows       => Numbers of alerts to return
-    tc_start   => Time offset at which we start the time constraint
-    tc         => Time constraint applied to the API
+    fq                => Post filter queries (you can have multiple of those)
+    q                 => Query to apply to the alert list
+    no_delay          => Do not delay alerts
+    offset            => Offset at which we start giving alerts
+    rows              => Numbers of alerts to return
+    tc_start          => Time offset at which we start the time constraint
+    tc                => Time constraint applied to the API
+    use_archive       => List alerts from archive as well (Default: False)
+    track_total_hits  => Track the total number of item that match the query (Default: 10 000)
 
     Data Block:
     None
@@ -329,6 +333,8 @@ def get_dict_item(parent, cur_item):
     rows = int(request.args.get('rows', 100))
     query = request.args.get('q', "alert_id:*") or "alert_id:*"
     tc_start = request.args.get('tc_start', None)
+    track_total_hits = request.args.get('track_total_hits', False)
+    use_archive = request.args.get('use_archive', 'false').lower() == 'true'
 
     if not tc_start:
         if "no_delay" not in request.args and config.core.alerter.delay != 0:
@@ -349,7 +355,8 @@ def get_dict_item(parent, cur_item):
     try:
         res = STORAGE.alert.grouped_search(field, query=query, offset=offset, rows=rows, sort="reporting_ts desc",
                                            group_sort="reporting_ts desc", access_control=user['access_control'],
-                                           filters=filters, fl=f"alert_id,{field}", as_obj=False)
+                                           filters=filters, fl=f"alert_id,{field}", as_obj=False,
+                                           use_archive=use_archive, track_total_hits=track_total_hits)
         alert_keys = []
         hash_list = []
         hint_list = []

assemblyline_ui/api/v4/error.py

@@ -54,11 +54,12 @@ def list_errors(**_):
     None
 
     Arguments:
-    offset       => Offset at which we start giving errors
-    query        => Query to apply to the error list
-    rows         => Numbers of errors to return
-    sort         => Sort order
-    use_archive  => List error from archive as well (Default: False)
+    offset            => Offset at which we start giving errors
+    query             => Query to apply to the error list
+    rows              => Numbers of errors to return
+    sort              => Sort order
+    use_archive       => List error from archive as well (Default: False)
+    track_total_hits  => Track the total number of item that match the query (Default: 10 000)
 
     Data Block:
     None
@@ -75,9 +76,11 @@ def list_errors(**_):
     query = request.args.get('query', "id:*") or "id:*"
     sort = request.args.get('sort', "created desc")
     use_archive = request.args.get('use_archive', "false").lower() == 'true'
+    track_total_hits = request.args.get('track_total_hits', False)
 
     try:
         return make_api_response(STORAGE.error.search(query, offset=offset, rows=rows, as_obj=False,
-                                                      sort=sort, use_archive=use_archive))
+                                                      sort=sort, use_archive=use_archive,
+                                                      track_total_hits=track_total_hits))
     except SearchException as e:
         return make_api_response("", f"The specified search query is not valid. ({e})", 400)