Examples with EventProcessorException org.graylog.events.processor.EventProcessorException used on opensource projects

Search in sources :

Example 1 with EventProcessorException

use of org.graylog.events.processor.EventProcessorException in project graylog2-server by Graylog2.

the class PivotAggregationSearch method extractValues.

@VisibleForTesting
ImmutableList<AggregationKeyResult> extractValues(PivotResult pivotResult) throws EventProcessorException {
    final ImmutableList.Builder<AggregationKeyResult> results = ImmutableList.builder();
    // }
    for (final PivotResult.Row row : pivotResult.rows()) {
        if (!"leaf".equals(row.source())) {
            // "non-leaf" values can show up when the "rollup" feature is enabled in the pivot search type
            continue;
        }
        // Safety guard against programming errors
        if (row.key().size() == 0 || isNullOrEmpty(row.key().get(0))) {
            throw new EventProcessorException("Invalid row key! Expected at least the date range timestamp value: " + row.key().toString(), true, eventDefinition);
        }
        // We always wrap aggregations in date range buckets so we can run aggregations for multiple ranges at once.
        // The timestamp value of the date range bucket will be part of the result.
        final String timeKey = row.key().get(0);
        final ImmutableList<String> groupKey;
        if (row.key().size() > 1) {
            // The date range bucket value must not be exposed to consumers as part of the key so they
            // don't have to unwrap the key all the time.
            groupKey = row.key().subList(1, row.key().size());
        } else {
            groupKey = ImmutableList.of();
        }
        final ImmutableList.Builder<AggregationSeriesValue> values = ImmutableList.builder();
        for (final PivotResult.Value value : row.values()) {
            if (!"row-leaf".equals(value.source())) {
                // "row-inner" values can show up when the "rollup" feature is enabled in the pivot search type
                continue;
            }
            for (final AggregationSeries series : config.series()) {
                if (!value.key().isEmpty() && value.key().get(0).equals(metricName(series))) {
                    // Some Elasticsearch aggregations can return a "null" value. (e.g. avg on a non-existent field)
                    // We are using NaN in that case to make sure our conditions will work.
                    final Object maybeNumberValue = firstNonNull(value.value(), Double.NaN);
                    if (maybeNumberValue instanceof Number) {
                        final double numberValue = ((Number) maybeNumberValue).doubleValue();
                        final AggregationSeriesValue seriesValue = AggregationSeriesValue.builder().key(groupKey).value(numberValue).series(series).build();
                        values.add(seriesValue);
                    } else {
                        // Should not happen
                        throw new IllegalStateException("Got unexpected non-number value for " + series.toString() + " " + row.toString() + " " + value.toString());
                    }
                }
            }
        }
        results.add(AggregationKeyResult.builder().key(groupKey).timestamp(DateTime.parse(timeKey).withZone(DateTimeZone.UTC)).seriesValues(values.build()).build());
    }
    return results.build();
}
Also used : EventProcessorException(org.graylog.events.processor.EventProcessorException) ImmutableList(com.google.common.collect.ImmutableList) ElasticsearchQueryString(org.graylog.plugins.views.search.elasticsearch.ElasticsearchQueryString) PivotResult(org.graylog.plugins.views.search.searchtypes.pivot.PivotResult) VisibleForTesting(com.google.common.annotations.VisibleForTesting)

Example 2 with EventProcessorException

use of org.graylog.events.processor.EventProcessorException in project graylog2-server by Graylog2.

the class PivotAggregationSearch method getSearchJob.

private SearchJob getSearchJob(AggregationEventProcessorParameters parameters, String username, long searchWithinMs, long executeEveryMs) throws EventProcessorException {
    Search search = Search.builder().queries(ImmutableSet.of(getAggregationQuery(parameters, searchWithinMs, executeEveryMs), getSourceStreamsQuery(parameters))).parameters(config.queryParameters()).build();
    // This adds all streams if none were provided
    // TODO: Once we introduce "EventProcessor owners" this should only load the permitted streams of the
    // user who created this EventProcessor.
    search = search.addStreamsToQueriesWithoutStreams(() -> permittedStreams.load((streamId) -> true));
    final SearchJob searchJob = queryEngine.execute(searchJobService.create(search, username));
    try {
        Uninterruptibles.getUninterruptibly(searchJob.getResultFuture(), configurationProvider.get().eventsSearchTimeout(), TimeUnit.MILLISECONDS);
    } catch (ExecutionException e) {
        throw new EventProcessorException("Error executing search job: " + e.getMessage(), false, eventDefinition, e);
    } catch (TimeoutException e) {
        throw new EventProcessorException("Timeout while executing search job.", false, eventDefinition, e);
    } catch (Exception e) {
        throw new EventProcessorException("Unhandled exception in search job.", false, eventDefinition, e);
    }
    return searchJob;
}
Also used : EventProcessorException(org.graylog.events.processor.EventProcessorException) MoreSearch(org.graylog.events.search.MoreSearch) Search(org.graylog.plugins.views.search.Search) SearchJob(org.graylog.plugins.views.search.SearchJob) ExecutionException(java.util.concurrent.ExecutionException) TimeoutException(java.util.concurrent.TimeoutException) EventProcessorException(org.graylog.events.processor.EventProcessorException) ExecutionException(java.util.concurrent.ExecutionException) TimeoutException(java.util.concurrent.TimeoutException)

Example 3 with EventProcessorException

use of org.graylog.events.processor.EventProcessorException in project graylog2-server by Graylog2.

the class AggregationEventProcessor method sourceMessagesForEvent.

@Override
public void sourceMessagesForEvent(Event event, Consumer<List<MessageSummary>> messageConsumer, long limit) throws EventProcessorException {
    if (config.series().isEmpty()) {
        if (limit <= 0) {
            return;
        }
        final EventOriginContext.ESEventOriginContext esContext = EventOriginContext.parseESContext(event.getOriginContext()).orElseThrow(() -> new EventProcessorException("Failed to parse origin context", false, eventDefinition));
        try {
            final ResultMessage message;
            message = messages.get(esContext.messageId(), esContext.indexName());
            messageConsumer.accept(Lists.newArrayList(new MessageSummary(message.getIndex(), message.getMessage())));
        } catch (IOException e) {
            throw new EventProcessorException("Failed to query origin context message", false, eventDefinition, e);
        }
    } else {
        final AtomicLong msgCount = new AtomicLong(0L);
        final MoreSearch.ScrollCallback callback = (messages, continueScrolling) -> {
            final List<MessageSummary> summaries = Lists.newArrayList();
            for (final ResultMessage resultMessage : messages) {
                if (msgCount.incrementAndGet() > limit) {
                    continueScrolling.set(false);
                    break;
                }
                final Message msg = resultMessage.getMessage();
                summaries.add(new MessageSummary(resultMessage.getIndex(), msg));
            }
            messageConsumer.accept(summaries);
        };
        ElasticsearchQueryString scrollQueryString = ElasticsearchQueryString.of(config.query());
        scrollQueryString = scrollQueryString.concatenate(groupByQueryString(event));
        LOG.debug("scrollQueryString: {}", scrollQueryString);
        final TimeRange timeRange = AbsoluteRange.create(event.getTimerangeStart(), event.getTimerangeEnd());
        moreSearch.scrollQuery(scrollQueryString.queryString(), config.streams(), config.queryParameters(), timeRange, Math.min(500, Ints.saturatedCast(limit)), callback);
    }
}
Also used : EventProcessorException(org.graylog.events.processor.EventProcessorException) MoreSearch(org.graylog.events.search.MoreSearch) LoggerFactory(org.slf4j.LoggerFactory) EventOriginContext(org.graylog.events.event.EventOriginContext) MessageSummary(org.graylog2.plugin.MessageSummary) EventConsumer(org.graylog.events.processor.EventConsumer) Assisted(com.google.inject.assistedinject.Assisted) EventProcessor(org.graylog.events.processor.EventProcessor) ResultMessage(org.graylog2.indexer.results.ResultMessage) Locale(java.util.Locale) Map(java.util.Map) Event(org.graylog.events.event.Event) AbsoluteRange(org.graylog2.plugin.indexer.searches.timeranges.AbsoluteRange) EventDefinition(org.graylog.events.processor.EventDefinition) EventProcessorException(org.graylog.events.processor.EventProcessorException) TimeRange(org.graylog2.plugin.indexer.searches.timeranges.TimeRange) ImmutableSet(com.google.common.collect.ImmutableSet) ImmutableMap(com.google.common.collect.ImmutableMap) Persisted(org.graylog2.plugin.database.Persisted) Set(java.util.Set) Collectors(java.util.stream.Collectors) Sets(com.google.common.collect.Sets) MoreSearch(org.graylog.events.search.MoreSearch) EventFactory(org.graylog.events.event.EventFactory) ParameterExpansionError(org.graylog.plugins.views.search.errors.ParameterExpansionError) List(java.util.List) Stream(org.graylog2.plugin.streams.Stream) StreamService(org.graylog2.streams.StreamService) Strings(org.apache.logging.log4j.util.Strings) Optional(java.util.Optional) MoreSearch.luceneEscape(org.graylog.events.search.MoreSearch.luceneEscape) HashMap(java.util.HashMap) SearchException(org.graylog.plugins.views.search.errors.SearchException) ElasticsearchQueryString(org.graylog.plugins.views.search.elasticsearch.ElasticsearchQueryString) Inject(javax.inject.Inject) DBEventProcessorStateService(org.graylog.events.processor.DBEventProcessorStateService) BooleanNumberConditionsVisitor(org.graylog.events.conditions.BooleanNumberConditionsVisitor) Lists(com.google.common.collect.Lists) ImmutableList(com.google.common.collect.ImmutableList) Messages(org.graylog2.indexer.messages.Messages) EventProcessorParameters(org.graylog.events.processor.EventProcessorParameters) Logger(org.slf4j.Logger) EventWithContext(org.graylog.events.event.EventWithContext) DateTime(org.joda.time.DateTime) IOException(java.io.IOException) Maps(com.google.common.collect.Maps) Ints(com.google.common.primitives.Ints) Consumer(java.util.function.Consumer) AtomicLong(java.util.concurrent.atomic.AtomicLong) EventProcessorDependencyCheck(org.graylog.events.processor.EventProcessorDependencyCheck) VisibleForTesting(com.google.common.annotations.VisibleForTesting) Message(org.graylog2.plugin.Message) EventProcessorPreconditionException(org.graylog.events.processor.EventProcessorPreconditionException) ResultMessage(org.graylog2.indexer.results.ResultMessage) Message(org.graylog2.plugin.Message) ElasticsearchQueryString(org.graylog.plugins.views.search.elasticsearch.ElasticsearchQueryString) IOException(java.io.IOException) ResultMessage(org.graylog2.indexer.results.ResultMessage) TimeRange(org.graylog2.plugin.indexer.searches.timeranges.TimeRange) AtomicLong(java.util.concurrent.atomic.AtomicLong) EventOriginContext(org.graylog.events.event.EventOriginContext) List(java.util.List) ImmutableList(com.google.common.collect.ImmutableList) MessageSummary(org.graylog2.plugin.MessageSummary)

Example 4 with EventProcessorException

use of org.graylog.events.processor.EventProcessorException in project graylog2-server by Graylog2.

the class MoreSearchAdapterES6 method scrollEvents.

@Override
public void scrollEvents(String queryString, TimeRange timeRange, Set<String> affectedIndices, Set<String> streams, String scrollTime, int batchSize, ScrollEventsCallback resultCallback) throws EventProcessorException {
    final QueryBuilder query = (queryString.trim().isEmpty() || queryString.trim().equals("*")) ? matchAllQuery() : queryStringQuery(queryString).allowLeadingWildcard(allowLeadingWildcard);
    final BoolQueryBuilder filter = boolQuery().filter(query).filter(requireNonNull(TimeRangeQueryFactory.create(timeRange)));
    // Filtering with an empty streams list doesn't work and would return zero results
    if (!streams.isEmpty()) {
        filter.filter(termsQuery(Message.FIELD_STREAMS, streams));
    }
    final SearchSourceBuilder searchSourceBuilder = new SearchSourceBuilder().query(filter).size(batchSize);
    final Search.Builder searchBuilder = new Search.Builder(searchSourceBuilder.toString()).addType(IndexMapping.TYPE_MESSAGE).addIndex(affectedIndices.isEmpty() ? Collections.singleton("") : affectedIndices).addSort(new Sort("timestamp", Sort.Sorting.ASC)).allowNoIndices(false).ignoreUnavailable(false).setParameter(Parameters.SCROLL, scrollTime);
    if (LOG.isDebugEnabled()) {
        LOG.debug("Query:\n{}", searchSourceBuilder.toString(new ToXContent.MapParams(Collections.singletonMap("pretty", "true"))));
        LOG.debug("Execute search: {}", searchBuilder.build().toString());
    }
    final ScrollResult scrollResult = scroll.scroll(searchBuilder.build(), () -> "Unable to scroll indices.", searchSourceBuilder.toString(), scrollTime, Collections.emptyList());
    final AtomicBoolean continueScrolling = new AtomicBoolean(true);
    final Stopwatch stopwatch = Stopwatch.createStarted();
    try {
        ScrollResult.ScrollChunk scrollChunk = scrollResult.nextChunk();
        while (continueScrolling.get() && scrollChunk != null) {
            final List<ResultMessage> messages = scrollChunk.getMessages();
            LOG.debug("Passing <{}> messages to callback", messages.size());
            resultCallback.accept(Collections.unmodifiableList(messages), continueScrolling);
            // Stop if the resultCallback told us to stop
            if (!continueScrolling.get()) {
                break;
            }
            scrollChunk = scrollResult.nextChunk();
        }
    } catch (IOException e) {
        throw new UncheckedIOException(e);
    } finally {
        try {
            // Tell Elasticsearch that we are done with the scroll so it can release resources as soon as possible
            // instead of waiting for the scroll timeout to kick in.
            scrollResult.cancel();
        } catch (Exception ignored) {
        }
        LOG.debug("Scrolling done - took {} ms", stopwatch.stop().elapsed(TimeUnit.MILLISECONDS));
    }
}
Also used : QueryBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.index.query.QueryBuilder) BoolQueryBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.index.query.BoolQueryBuilder) SearchSourceBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.search.builder.SearchSourceBuilder) Stopwatch(com.google.common.base.Stopwatch) UncheckedIOException(java.io.UncheckedIOException) QueryBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.index.query.QueryBuilder) BoolQueryBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.index.query.BoolQueryBuilder) IOException(java.io.IOException) UncheckedIOException(java.io.UncheckedIOException) ResultMessage(org.graylog2.indexer.results.ResultMessage) EventProcessorException(org.graylog.events.processor.EventProcessorException) IOException(java.io.IOException) UncheckedIOException(java.io.UncheckedIOException) SearchSourceBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.search.builder.SearchSourceBuilder) AtomicBoolean(java.util.concurrent.atomic.AtomicBoolean) BoolQueryBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.index.query.BoolQueryBuilder) ScrollResult(org.graylog2.indexer.results.ScrollResult) Search(io.searchbox.core.Search) MoreSearch(org.graylog.events.search.MoreSearch) Sort(io.searchbox.core.search.sort.Sort)

Example 5 with EventProcessorException

use of org.graylog.events.processor.EventProcessorException in project graylog2-server by Graylog2.

the class MoreSearchAdapterES7 method scrollEvents.

@Override
public void scrollEvents(String queryString, TimeRange timeRange, Set<String> affectedIndices, Set<String> streams, String scrollTime, int batchSize, ScrollEventsCallback resultCallback) throws EventProcessorException {
    final ScrollCommand scrollCommand = buildScrollCommand(queryString, timeRange, affectedIndices, streams, batchSize);
    final ScrollResult scrollResult = scroll.scroll(scrollCommand);
    final AtomicBoolean continueScrolling = new AtomicBoolean(true);
    final Stopwatch stopwatch = Stopwatch.createStarted();
    try {
        ScrollResult.ScrollChunk scrollChunk = scrollResult.nextChunk();
        while (continueScrolling.get() && scrollChunk != null) {
            final List<ResultMessage> messages = scrollChunk.getMessages();
            LOG.debug("Passing <{}> messages to callback", messages.size());
            resultCallback.accept(Collections.unmodifiableList(messages), continueScrolling);
            // Stop if the resultCallback told us to stop
            if (!continueScrolling.get()) {
                break;
            }
            scrollChunk = scrollResult.nextChunk();
        }
    } catch (IOException e) {
        throw new UncheckedIOException(e);
    } finally {
        try {
            // Tell Elasticsearch that we are done with the scroll so it can release resources as soon as possible
            // instead of waiting for the scroll timeout to kick in.
            scrollResult.cancel();
        } catch (Exception ignored) {
        }
        LOG.debug("Scrolling done - took {} ms", stopwatch.stop().elapsed(TimeUnit.MILLISECONDS));
    }
}
Also used : AtomicBoolean(java.util.concurrent.atomic.AtomicBoolean) ScrollResult(org.graylog2.indexer.results.ScrollResult) ScrollCommand(org.graylog2.indexer.searches.ScrollCommand) Stopwatch(com.google.common.base.Stopwatch) UncheckedIOException(java.io.UncheckedIOException) IOException(java.io.IOException) UncheckedIOException(java.io.UncheckedIOException) ResultMessage(org.graylog2.indexer.results.ResultMessage) EventProcessorException(org.graylog.events.processor.EventProcessorException) IOException(java.io.IOException) UncheckedIOException(java.io.UncheckedIOException)

Aggregations

EventProcessorException (org.graylog.events.processor.EventProcessorException)7 ImmutableList (com.google.common.collect.ImmutableList)3 IOException (java.io.IOException)3 MoreSearch (org.graylog.events.search.MoreSearch)3 ElasticsearchQueryString (org.graylog.plugins.views.search.elasticsearch.ElasticsearchQueryString)3 VisibleForTesting (com.google.common.annotations.VisibleForTesting)2 Stopwatch (com.google.common.base.Stopwatch)2 UncheckedIOException (java.io.UncheckedIOException)2 AtomicBoolean (java.util.concurrent.atomic.AtomicBoolean)2 EventDefinition (org.graylog.events.processor.EventDefinition)2 EventProcessor (org.graylog.events.processor.EventProcessor)2 ResultMessage (org.graylog2.indexer.results.ResultMessage)2 ScrollResult (org.graylog2.indexer.results.ScrollResult)2 ImmutableMap (com.google.common.collect.ImmutableMap)1 ImmutableSet (com.google.common.collect.ImmutableSet)1 Lists (com.google.common.collect.Lists)1 Maps (com.google.common.collect.Maps)1 Sets (com.google.common.collect.Sets)1 Ints (com.google.common.primitives.Ints)1 Assisted (com.google.inject.assistedinject.Assisted)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial