Example 1 with Rule
use of org.graylog.plugins.pipelineprocessor.ast.Rule in project graylog2-server by Graylog2.
the class FunctionsSnippetsTest method stringLength.
@Test
public void stringLength() {
final Rule rule = parser.parseRule(ruleForTest(), false);
final Message message = evaluateRule(rule);
assertThat(message).isNotNull();
assertThat(message.getField("chars_utf8")).isEqualTo(5L);
assertThat(message.getField("bytes_utf8")).isEqualTo(6L);
assertThat(message.getField("chars_ascii")).isEqualTo(5L);
assertThat(message.getField("bytes_ascii")).isEqualTo(5L);
}
Also used :
CreateMessage(org.graylog.plugins.pipelineprocessor.functions.messages.CreateMessage)
CloneMessage(org.graylog.plugins.pipelineprocessor.functions.messages.CloneMessage)
DropMessage(org.graylog.plugins.pipelineprocessor.functions.messages.DropMessage)
Message(org.graylog2.plugin.Message)
MockitoRule(org.mockito.junit.MockitoRule)
Rule(org.graylog.plugins.pipelineprocessor.ast.Rule)
BaseParserTest(org.graylog.plugins.pipelineprocessor.BaseParserTest)
Test(org.junit.Test)
Example 2 with Rule
use of org.graylog.plugins.pipelineprocessor.ast.Rule in project graylog2-server by Graylog2.
the class FunctionsSnippetsTest method dateArithmetic.
@Test
public void dateArithmetic() {
final InstantMillisProvider clock = new InstantMillisProvider(GRAYLOG_EPOCH);
DateTimeUtils.setCurrentMillisProvider(clock);
try {
final Rule rule = parser.parseRule(ruleForTest(), true);
final Message message = evaluateRule(rule);
assertThat(actionsTriggered.get()).isTrue();
assertThat(message).isNotNull();
assertThat(message.getField("interval")).isInstanceOf(Duration.class).matches(o -> ((Duration) o).isEqual(Duration.standardDays(1)), "Exactly one day difference");
assertThat(message.getField("years")).isEqualTo(Period.years(2));
assertThat(message.getField("months")).isEqualTo(Period.months(2));
assertThat(message.getField("weeks")).isEqualTo(Period.weeks(2));
assertThat(message.getField("days")).isEqualTo(Period.days(2));
assertThat(message.getField("hours")).isEqualTo(Period.hours(2));
assertThat(message.getField("minutes")).isEqualTo(Period.minutes(2));
assertThat(message.getField("seconds")).isEqualTo(Period.seconds(2));
assertThat(message.getField("millis")).isEqualTo(Period.millis(2));
assertThat(message.getField("period")).isEqualTo(Period.parse("P1YT1M"));
assertThat(message.getFieldAs(DateTime.class, "long_time_ago")).matches(date -> date.plus(Period.years(10000)).equals(GRAYLOG_EPOCH));
assertThat(message.getTimestamp()).isEqualTo(GRAYLOG_EPOCH.plusHours(1));
} finally {
DateTimeUtils.setCurrentMillisSystem();
}
}
Also used :
CreateMessage(org.graylog.plugins.pipelineprocessor.functions.messages.CreateMessage)
CloneMessage(org.graylog.plugins.pipelineprocessor.functions.messages.CloneMessage)
DropMessage(org.graylog.plugins.pipelineprocessor.functions.messages.DropMessage)
Message(org.graylog2.plugin.Message)
InstantMillisProvider(org.graylog2.plugin.InstantMillisProvider)
Duration(org.joda.time.Duration)
MockitoRule(org.mockito.junit.MockitoRule)
Rule(org.graylog.plugins.pipelineprocessor.ast.Rule)
BaseParserTest(org.graylog.plugins.pipelineprocessor.BaseParserTest)
Test(org.junit.Test)
Example 3 with Rule
use of org.graylog.plugins.pipelineprocessor.ast.Rule in project graylog2-server by Graylog2.
the class FunctionsSnippetsTest method int2ipv4.
@Test
public void int2ipv4() {
final Rule rule = parser.parseRule(ruleForTest(), true);
evaluateRule(rule);
assertThat(actionsTriggered.get()).isTrue();
}
Also used :
MockitoRule(org.mockito.junit.MockitoRule)
Rule(org.graylog.plugins.pipelineprocessor.ast.Rule)
BaseParserTest(org.graylog.plugins.pipelineprocessor.BaseParserTest)
Test(org.junit.Test)
Example 4 with Rule
use of org.graylog.plugins.pipelineprocessor.ast.Rule in project graylog2-server by Graylog2.
the class FunctionsSnippetsTest method routeToStream.
@Test
public void routeToStream() {
final Rule rule = parser.parseRule(ruleForTest(), true);
final Message message = evaluateRule(rule);
assertThat(message).isNotNull();
assertThat(message.getStreams()).isNotEmpty();
assertThat(message.getStreams().size()).isEqualTo(2);
final Message message2 = evaluateRule(rule);
assertThat(message2).isNotNull();
assertThat(message2.getStreams().size()).isEqualTo(2);
}
Also used :
CreateMessage(org.graylog.plugins.pipelineprocessor.functions.messages.CreateMessage)
CloneMessage(org.graylog.plugins.pipelineprocessor.functions.messages.CloneMessage)
DropMessage(org.graylog.plugins.pipelineprocessor.functions.messages.DropMessage)
Message(org.graylog2.plugin.Message)
MockitoRule(org.mockito.junit.MockitoRule)
Rule(org.graylog.plugins.pipelineprocessor.ast.Rule)
BaseParserTest(org.graylog.plugins.pipelineprocessor.BaseParserTest)
Test(org.junit.Test)
Example 5 with Rule
use of org.graylog.plugins.pipelineprocessor.ast.Rule in project graylog2-server by Graylog2.
the class FunctionsSnippetsTest method clonedMessageWithInvalidTimestamp.
@Test
public void clonedMessageWithInvalidTimestamp() {
final Message message = new Message("test", "test", Tools.nowUTC());
message.addField("timestamp", "foobar");
final Rule rule = parser.parseRule(ruleForTest(), false);
final EvaluationContext context = contextForRuleEval(rule, message);
final Message origMessage = context.currentMessage();
final Message clonedMessage = Iterables.get(context.createdMessages(), 0);
assertThat(origMessage).isNotEqualTo(clonedMessage);
assertThat(origMessage.getField("timestamp")).isInstanceOf(DateTime.class);
assertThat(clonedMessage).isNotNull();
assertThat(clonedMessage.getMessage()).isEqualTo(origMessage.getMessage());
assertThat(clonedMessage.getSource()).isEqualTo(origMessage.getSource());
assertThat(clonedMessage.getStreams()).isEqualTo(origMessage.getStreams());
assertThat(clonedMessage.getTimestamp()).isNotNull();
assertThat(clonedMessage.getTimestamp()).isEqualTo(origMessage.getTimestamp());
}
Also used :
CreateMessage(org.graylog.plugins.pipelineprocessor.functions.messages.CreateMessage)
CloneMessage(org.graylog.plugins.pipelineprocessor.functions.messages.CloneMessage)
DropMessage(org.graylog.plugins.pipelineprocessor.functions.messages.DropMessage)
Message(org.graylog2.plugin.Message)
MockitoRule(org.mockito.junit.MockitoRule)
Rule(org.graylog.plugins.pipelineprocessor.ast.Rule)
EvaluationContext(org.graylog.plugins.pipelineprocessor.EvaluationContext)
BaseParserTest(org.graylog.plugins.pipelineprocessor.BaseParserTest)
Test(org.junit.Test)
Aggregations
Rule (org.graylog.plugins.pipelineprocessor.ast.Rule)73
Test (org.junit.Test)68
BaseParserTest (org.graylog.plugins.pipelineprocessor.BaseParserTest)67
MockitoRule (org.mockito.junit.MockitoRule)46
Message (org.graylog2.plugin.Message)45
CloneMessage (org.graylog.plugins.pipelineprocessor.functions.messages.CloneMessage)35
CreateMessage (org.graylog.plugins.pipelineprocessor.functions.messages.CreateMessage)35
DropMessage (org.graylog.plugins.pipelineprocessor.functions.messages.DropMessage)35
EvaluationContext (org.graylog.plugins.pipelineprocessor.EvaluationContext)9
IsString (org.graylog.plugins.pipelineprocessor.functions.conversion.IsString)7
ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)7
ParseException (org.graylog.plugins.pipelineprocessor.parser.ParseException)6
LogicalExpression (org.graylog.plugins.pipelineprocessor.ast.expressions.LogicalExpression)5
InstantMillisProvider (org.graylog2.plugin.InstantMillisProvider)4
ApiOperation (io.swagger.annotations.ApiOperation)3
BadRequestException (javax.ws.rs.BadRequestException)3
Pipeline (org.graylog.plugins.pipelineprocessor.ast.Pipeline)3
NoAuditEvent (org.graylog2.audit.jersey.NoAuditEvent)3
POST (javax.ws.rs.POST)2
Path (javax.ws.rs.Path)2
