List of usage examples for org.joda.time Interval getEndMillis
public long getEndMillis()
From source file:org.sleuthkit.autopsy.timeline.db.EventDB.java
License:Open Source License
/** * Get the IDs of all the events within the given time range that pass the * given filter./* w w w.j a va 2 s .co m*/ * * @param timeRange The Interval that all returned events must be within. * @param filter The Filter that all returned events must pass. * * @return A List of event ids, sorted by timestamp of the corresponding * event.. */ List<Long> getEventIDs(Interval timeRange, RootFilter filter) { Long startTime = timeRange.getStartMillis() / 1000; Long endTime = timeRange.getEndMillis() / 1000; if (Objects.equals(startTime, endTime)) { endTime++; //make sure end is at least 1 millisecond after start } ArrayList<Long> resultIDs = new ArrayList<>(); DBLock.lock(); final String query = "SELECT events.event_id AS event_id FROM events" + useHashHitTablesHelper(filter) + useTagTablesHelper(filter) + " WHERE time >= " + startTime + " AND time <" + endTime + " AND " + SQLHelper.getSQLWhere(filter) + " ORDER BY time ASC"; // NON-NLS try (Statement stmt = con.createStatement(); ResultSet rs = stmt.executeQuery(query)) { while (rs.next()) { resultIDs.add(rs.getLong("event_id")); //NON-NLS } } catch (SQLException sqlEx) { LOGGER.log(Level.SEVERE, "failed to execute query for event ids in range", sqlEx); // NON-NLS } finally { DBLock.unlock(); } return resultIDs; }
From source file:org.sleuthkit.autopsy.timeline.db.EventDB.java
License:Open Source License
/** * Get a representation of all the events, within the given time range, that * pass the given filter, grouped by time and description such that file * system events for the same file, with the same timestamp, are combined * together./*from w w w .j a va 2s .c o m*/ * * @param timeRange The Interval that all returned events must be within. * @param filter The Filter that all returned events must pass. * * @return A List of combined events, sorted by timestamp. */ List<CombinedEvent> getCombinedEvents(Interval timeRange, RootFilter filter) { Long startTime = timeRange.getStartMillis() / 1000; Long endTime = timeRange.getEndMillis() / 1000; if (Objects.equals(startTime, endTime)) { endTime++; //make sure end is at least 1 millisecond after start } ArrayList<CombinedEvent> results = new ArrayList<>(); DBLock.lock(); final String query = "SELECT full_description, time, file_id, GROUP_CONCAT(events.event_id), GROUP_CONCAT(sub_type)" + " FROM events " + useHashHitTablesHelper(filter) + useTagTablesHelper(filter) + " WHERE time >= " + startTime + " AND time <" + endTime + " AND " + SQLHelper.getSQLWhere(filter) + " GROUP BY time,full_description, file_id ORDER BY time ASC, full_description"; try (Statement stmt = con.createStatement(); ResultSet rs = stmt.executeQuery(query)) { while (rs.next()) { //make a map from event type to event ID List<Long> eventIDs = SQLHelper.unGroupConcat(rs.getString("GROUP_CONCAT(events.event_id)"), Long::valueOf); List<EventType> eventTypes = SQLHelper.unGroupConcat(rs.getString("GROUP_CONCAT(sub_type)"), s -> RootEventType.allTypes.get(Integer.valueOf(s))); Map<EventType, Long> eventMap = new HashMap<>(); for (int i = 0; i < eventIDs.size(); i++) { eventMap.put(eventTypes.get(i), eventIDs.get(i)); } results.add(new CombinedEvent(rs.getLong("time") * 1000, rs.getString("full_description"), rs.getLong("file_id"), eventMap)); } } catch (SQLException sqlEx) { LOGGER.log(Level.SEVERE, "failed to execute query for combined events", sqlEx); // NON-NLS } finally { DBLock.unlock(); } return results; }
From source file:org.sleuthkit.autopsy.timeline.db.EventDB.java
License:Open Source License
/** * get a list of {@link EventStripe}s, clustered according to the given zoom * paramaters.//from ww w. ja v a2s .c o m * * @param params the {@link ZoomParams} that determine the zooming, * filtering and clustering. * * @return a list of aggregate events within the given timerange, that pass * the supplied filter, aggregated according to the given event type * and description zoom levels */ List<EventStripe> getEventStripes(ZoomParams params) { //unpack params Interval timeRange = params.getTimeRange(); RootFilter filter = params.getFilter(); DescriptionLoD descriptionLOD = params.getDescriptionLOD(); EventTypeZoomLevel typeZoomLevel = params.getTypeZoomLevel(); long start = timeRange.getStartMillis() / 1000; long end = timeRange.getEndMillis() / 1000; //ensure length of querried interval is not 0 end = Math.max(end, start + 1); //get some info about the time range requested RangeDivisionInfo rangeInfo = RangeDivisionInfo.getRangeDivisionInfo(timeRange); //build dynamic parts of query String strfTimeFormat = SQLHelper.getStrfTimeFormat(rangeInfo.getPeriodSize()); String descriptionColumn = SQLHelper.getDescriptionColumn(descriptionLOD); final boolean useSubTypes = typeZoomLevel.equals(EventTypeZoomLevel.SUB_TYPE); String timeZone = TimeLineController.getTimeZone().get().equals(TimeZone.getDefault()) ? ", 'localtime'" : ""; // NON-NLS String typeColumn = typeColumnHelper(useSubTypes); //compose query string, the new-lines are only for nicer formatting if printing the entire query String query = "SELECT strftime('" + strfTimeFormat + "',time , 'unixepoch'" + timeZone + ") AS interval," // NON-NLS + "\n group_concat(events.event_id) as event_ids," //NON-NLS + "\n group_concat(CASE WHEN hash_hit = 1 THEN events.event_id ELSE NULL END) as hash_hits," //NON-NLS + "\n group_concat(CASE WHEN tagged = 1 THEN events.event_id ELSE NULL END) as taggeds," //NON-NLS + "\n min(time), max(time), " + typeColumn + ", " + descriptionColumn // NON-NLS + "\n FROM events" + useHashHitTablesHelper(filter) + useTagTablesHelper(filter) // NON-NLS + "\n WHERE time >= " + start + " AND time < " + end + " AND " + SQLHelper.getSQLWhere(filter) // NON-NLS + "\n GROUP BY interval, " + typeColumn + " , " + descriptionColumn // NON-NLS + "\n ORDER BY min(time)"; // NON-NLS switch (Version.getBuildType()) { case DEVELOPMENT: // LOGGER.log(Level.INFO, "executing timeline query: {0}", query); //NON-NLS break; case RELEASE: default: } // perform query and map results to AggregateEvent objects List<EventCluster> events = new ArrayList<>(); DBLock.lock(); try (Statement createStatement = con.createStatement(); ResultSet rs = createStatement.executeQuery(query)) { while (rs.next()) { events.add(eventClusterHelper(rs, useSubTypes, descriptionLOD, filter.getTagsFilter())); } } catch (SQLException ex) { LOGGER.log(Level.SEVERE, "Failed to get events with query: " + query, ex); // NON-NLS } finally { DBLock.unlock(); } return mergeClustersToStripes(rangeInfo.getPeriodSize().getPeriod(), events); }
From source file:org.sleuthkit.autopsy.timeline.events.db.EventDB.java
License:Open Source License
Interval getBoundingEventsInterval(Interval timeRange, Filter filter) { long start = timeRange.getStartMillis() / 1000; long end = timeRange.getEndMillis() / 1000; final String sqlWhere = getSQLWhere(filter); dbReadLock();/*from www.ja v a2s. c om*/ try (Statement stmt = con.createStatement(); //can't use prepared statement because of complex where clause ResultSet rs = stmt.executeQuery(" select (select Max(time) from events where time <=" + start + " and " + sqlWhere + ") as start,(select Min(time) from events where time >= " + end + " and " + sqlWhere + ") as end")) { // NON-NLS while (rs.next()) { long start2 = rs.getLong("start"); // NON-NLS long end2 = rs.getLong("end"); // NON-NLS if (end2 == 0) { end2 = getMaxTime(); } //System.out.println(start2 + " " + start + " " + end + " " + end2); return new Interval(start2 * 1000, (end2 + 1) * 1000, TimeLineController.getJodaTimeZone()); } } catch (SQLException ex) { LOGGER.log(Level.SEVERE, "Failed to get MIN time.", ex); // NON-NLS } finally { dbReadUnlock(); } return null; }
From source file:org.sleuthkit.autopsy.timeline.events.db.EventDB.java
License:Open Source License
Set<Long> getEventIDs(Interval timeRange, Filter filter) { return getEventIDs(timeRange.getStartMillis() / 1000, timeRange.getEndMillis() / 1000, filter); }
From source file:org.sleuthkit.autopsy.timeline.events.db.EventDB.java
License:Open Source License
/** * //TODO: update javadoc //TODO: split this into helper methods * * get a list of {@link AggregateEvent}s. * * General algorithm is as follows:// w w w . j a va 2 s.c o m * * - get all aggregate events, via one db query. * - sort them into a map from (type, description)-> aggevent * - for each key in map, merge the events and accumulate them in a list * to return * * * @param timeRange the Interval within in which all returned aggregate * events will be. * @param filter only events that pass the filter will be included in * aggregates events returned * @param zoomLevel only events of this level will be included * @param lod description level of detail to use when grouping events * * * @return a list of aggregate events within the given timerange, that pass * the supplied filter, aggregated according to the given event type and * description zoom levels */ private List<AggregateEvent> getAggregatedEvents(Interval timeRange, Filter filter, EventTypeZoomLevel zoomLevel, DescriptionLOD lod) { String descriptionColumn = getDescriptionColumn(lod); final boolean useSubTypes = (zoomLevel.equals(EventTypeZoomLevel.SUB_TYPE)); //get some info about the time range requested RangeDivisionInfo rangeInfo = RangeDivisionInfo.getRangeDivisionInfo(timeRange); //use 'rounded out' range long start = timeRange.getStartMillis() / 1000;//.getLowerBound(); long end = timeRange.getEndMillis() / 1000;//Millis();//rangeInfo.getUpperBound(); if (Objects.equals(start, end)) { end++; } //get a sqlite srtftime format string String strfTimeFormat = getStrfTimeFormat(rangeInfo.getPeriodSize()); //effectively map from type to (map from description to events) Map<EventType, SetMultimap<String, AggregateEvent>> typeMap = new HashMap<>(); //get all agregate events in this time unit dbReadLock(); String query = "select strftime('" + strfTimeFormat + "',time , 'unixepoch'" + (TimeLineController.getTimeZone().get().equals(TimeZone.getDefault()) ? ", 'localtime'" : "") + ") as interval, group_concat(event_id) as event_ids, Min(time), Max(time), " + descriptionColumn + ", " + (useSubTypes ? SUB_TYPE_COLUMN : BASE_TYPE_COLUMN) // NON-NLS + " from events where time >= " + start + " and time < " + end + " and " + getSQLWhere(filter) // NON-NLS + " group by interval, " + (useSubTypes ? SUB_TYPE_COLUMN : BASE_TYPE_COLUMN) + " , " + descriptionColumn // NON-NLS + " order by Min(time)"; // NON-NLS //System.out.println(query); ResultSet rs = null; try (Statement stmt = con.createStatement(); // scoop up requested events in groups organized by interval, type, and desription ) { Stopwatch stopwatch = new Stopwatch(); stopwatch.start(); rs = stmt.executeQuery(query); stopwatch.stop(); //System.out.println(stopwatch.elapsedMillis() / 1000.0 + " seconds"); while (rs.next()) { EventType type = useSubTypes ? RootEventType.allTypes.get(rs.getInt(SUB_TYPE_COLUMN)) : BaseTypes.values()[rs.getInt(BASE_TYPE_COLUMN)]; AggregateEvent aggregateEvent = new AggregateEvent( new Interval(rs.getLong("Min(time)") * 1000, rs.getLong("Max(time)") * 1000, TimeLineController.getJodaTimeZone()), // NON-NLS type, Arrays.asList(rs.getString("event_ids").split(",")), // NON-NLS rs.getString(descriptionColumn), lod); //put events in map from type/descrition -> event SetMultimap<String, AggregateEvent> descrMap = typeMap.get(type); if (descrMap == null) { descrMap = HashMultimap.<String, AggregateEvent>create(); typeMap.put(type, descrMap); } descrMap.put(aggregateEvent.getDescription(), aggregateEvent); } } catch (SQLException ex) { Exceptions.printStackTrace(ex); } finally { try { rs.close(); } catch (SQLException ex) { Exceptions.printStackTrace(ex); } dbReadUnlock(); } //result list to return ArrayList<AggregateEvent> aggEvents = new ArrayList<>(); //save this for use when comparing gap size Period timeUnitLength = rangeInfo.getPeriodSize().getPeriod(); //For each (type, description) key, merge agg events for (SetMultimap<String, AggregateEvent> descrMap : typeMap.values()) { for (String descr : descrMap.keySet()) { //run through the sorted events, merging together adjacent events Iterator<AggregateEvent> iterator = descrMap.get(descr).stream() .sorted((AggregateEvent o1, AggregateEvent o2) -> Long .compare(o1.getSpan().getStartMillis(), o2.getSpan().getStartMillis())) .iterator(); AggregateEvent current = iterator.next(); while (iterator.hasNext()) { AggregateEvent next = iterator.next(); Interval gap = current.getSpan().gap(next.getSpan()); //if they overlap or gap is less one quarter timeUnitLength //TODO: 1/4 factor is arbitrary. review! -jm if (gap == null || gap.toDuration() .getMillis() <= timeUnitLength.toDurationFrom(gap.getStart()).getMillis() / 4) { //merge them current = AggregateEvent.merge(current, next); } else { //done merging into current, set next as new current aggEvents.add(current); current = next; } } aggEvents.add(current); } } //at this point we should have a list of aggregate events. //one per type/description spanning consecutive time units as determined in rangeInfo return aggEvents; }
From source file:org.sleuthkit.autopsy.timeline.ui.VisualizationPanel.java
License:Open Source License
private void refreshTimeUI(Interval interval) { RangeDivisionInfo rangeDivisionInfo = RangeDivisionInfo .getRangeDivisionInfo(filteredEvents.getSpanningInterval()); final Long minTime = rangeDivisionInfo.getLowerBound(); final long maxTime = rangeDivisionInfo.getUpperBound(); if (minTime > 0 && maxTime > minTime) { Platform.runLater(() -> {/*w w w .ja va 2s . com*/ startPicker.localDateTimeProperty().removeListener(startListener); endPicker.localDateTimeProperty().removeListener(endListener); rangeSlider.highValueChangingProperty().removeListener(rangeSliderListener); rangeSlider.lowValueChangingProperty().removeListener(rangeSliderListener); rangeSlider.setMax((Long) (maxTime - minTime)); rangeSlider.setHighValue(interval.getEndMillis() - minTime); rangeSlider.setLowValue(interval.getStartMillis() - minTime); endPicker.setLocalDateTime(LocalDateTime.ofInstant(Instant.ofEpochMilli(interval.getEndMillis()), TimeLineController.getTimeZoneID())); startPicker.setLocalDateTime(LocalDateTime.ofInstant( Instant.ofEpochMilli(interval.getStartMillis()), TimeLineController.getTimeZoneID())); rangeSlider.highValueChangingProperty().addListener(rangeSliderListener); rangeSlider.lowValueChangingProperty().addListener(rangeSliderListener); startPicker.localDateTimeProperty().addListener(startListener); endPicker.localDateTimeProperty().addListener(endListener); }); } }
From source file:org.sleuthkit.autopsy.timeline.utils.IntervalUtils.java
License:Open Source License
static public Interval span(Interval range, final Interval range2) { return new Interval(Math.min(range.getStartMillis(), range2.getStartMillis()), Math.max(range.getEndMillis(), range2.getEndMillis()), DateTimeZone.UTC); }
From source file:org.sleuthkit.autopsy.timeline.utils.IntervalUtils.java
License:Open Source License
static public Interval extendInterval(Interval range, final Long eventTime) { return new Interval(Math.min(range.getStartMillis(), eventTime), Math.max(range.getEndMillis(), eventTime + 1), DateTimeZone.UTC); }
From source file:org.sleuthkit.autopsy.timeline.utils.IntervalUtils.java
License:Open Source License
public static DateTime middleOf(Interval interval) { return new DateTime((interval.getStartMillis() + interval.getEndMillis()) / 2); }