Example 16 with Messages
use of org.graylog2.indexer.messages.Messages in project graylog2-server by Graylog2.
the class AggregationEventProcessorTest method sourceMessagesWithAggregation.
// Helper to call sourceMessagesForEvent when testing query string values - we don't care about anything else
private void sourceMessagesWithAggregation(Map<String, String> groupByFields, int batchLimit) throws EventProcessorException {
final DateTime now = DateTime.now(DateTimeZone.UTC);
final AbsoluteRange timeRange = AbsoluteRange.create(now.minusHours(1), now.plusHours(1));
final TestEvent event = new TestEvent(timeRange.to());
event.setTimerangeStart(timeRange.from());
event.setTimerangeEnd(timeRange.to());
event.setGroupByFields(groupByFields);
final AggregationSeries series = AggregationSeries.builder().id("abc123").function(AggregationFunction.COUNT).field("source").build();
final EventDefinitionDto eventDefinitionDto = buildEventDefinitionDto(ImmutableSet.of(), ImmutableList.of(series), null);
final AggregationEventProcessor eventProcessor = new AggregationEventProcessor(eventDefinitionDto, searchFactory, eventProcessorDependencyCheck, stateService, moreSearch, streamService, messages);
eventProcessor.sourceMessagesForEvent(event, messageConsumer, batchLimit);
}
Also used :
EventDefinitionDto(org.graylog.events.processor.EventDefinitionDto)
TestEvent(org.graylog.events.event.TestEvent)
AbsoluteRange(org.graylog2.plugin.indexer.searches.timeranges.AbsoluteRange)
DateTime(org.joda.time.DateTime)
Example 17 with Messages
use of org.graylog2.indexer.messages.Messages in project graylog2-server by Graylog2.
the class AggregationEventProcessorTest method createEventsWithoutRequiredMessagesBeingIndexed.
@Test
public void createEventsWithoutRequiredMessagesBeingIndexed() throws Exception {
final DateTime now = DateTime.now(DateTimeZone.UTC);
final AbsoluteRange timerange = AbsoluteRange.create(now.minusHours(1), now.plusHours(1));
final AggregationEventProcessorConfig config = AggregationEventProcessorConfig.builder().query("aQueryString").streams(ImmutableSet.of()).groupBy(ImmutableList.of()).series(ImmutableList.of()).conditions(null).searchWithinMs(30000).executeEveryMs(30000).build();
final EventDefinitionDto eventDefinitionDto = buildEventDefinitionDto(ImmutableSet.of(), ImmutableList.of(), null);
final AggregationEventProcessorParameters parameters = AggregationEventProcessorParameters.builder().timerange(timerange).build();
final AggregationEventProcessor eventProcessor = new AggregationEventProcessor(eventDefinitionDto, searchFactory, eventProcessorDependencyCheck, stateService, moreSearch, streamService, messages);
// If the dependency check returns true, there should be no exception raised and the state service should be called
when(eventProcessorDependencyCheck.hasMessagesIndexedUpTo(timerange.to())).thenReturn(true);
assertThatCode(() -> eventProcessor.createEvents(eventFactory, parameters, (events) -> {
})).doesNotThrowAnyException();
verify(stateService, times(1)).setState("dto-id-1", timerange.from(), timerange.to());
verify(moreSearch, times(1)).scrollQuery(eq(config.query()), eq(config.streams()), eq(config.queryParameters()), eq(parameters.timerange()), eq(parameters.batchSize()), any(MoreSearch.ScrollCallback.class));
// Rest mocks so we can verify it again
reset(stateService, moreSearch, searchFactory);
// If the dependency check returns false, a precondition exception should be raised and the state service not be called
when(eventProcessorDependencyCheck.hasMessagesIndexedUpTo(timerange.to())).thenReturn(false);
assertThatCode(() -> eventProcessor.createEvents(eventFactory, parameters, (events) -> {
})).hasMessageContaining(eventDefinitionDto.title()).hasMessageContaining(eventDefinitionDto.id()).hasMessageContaining(timerange.from().toString()).hasMessageContaining(timerange.to().toString()).isInstanceOf(EventProcessorPreconditionException.class);
verify(stateService, never()).setState(any(String.class), any(DateTime.class), any(DateTime.class));
verify(searchFactory, never()).create(any(), any(), any(), any());
verify(moreSearch, never()).scrollQuery(eq(config.query()), eq(config.streams()), eq(config.queryParameters()), eq(parameters.timerange()), eq(parameters.batchSize()), any(MoreSearch.ScrollCallback.class));
}
Also used :
EventDefinitionDto(org.graylog.events.processor.EventDefinitionDto)
AbsoluteRange(org.graylog2.plugin.indexer.searches.timeranges.AbsoluteRange)
ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString)
DateTime(org.joda.time.DateTime)
Test(org.junit.Test)
Example 18 with Messages
use of org.graylog2.indexer.messages.Messages in project graylog2-server by Graylog2.
the class CmdLineTool method setupCoreConfigInjector.
/**
* Set up a separate injector, containing only the core configuration bindings. It can be used to look up
* configuration values in modules at binding time.
*/
protected Injector setupCoreConfigInjector() {
final NamedConfigParametersModule configModule = new NamedConfigParametersModule(jadConfig.getConfigurationBeans());
Injector coreConfigInjector = null;
try {
coreConfigInjector = Guice.createInjector(Stage.PRODUCTION, ImmutableList.of(configModule, (Module) Binder::requireExplicitBindings, this::featureFlagsBinding));
} catch (CreationException e) {
annotateInjectorCreationException(e);
} catch (Exception e) {
LOG.error("Injector creation failed!", e);
}
if (coreConfigInjector == null) {
LOG.error("Injector for core configuration could not be created, exiting! (Please include the previous " + "error messages in bug reports.)");
System.exit(1);
}
return coreConfigInjector;
}
Also used :
NamedConfigParametersModule(com.github.joschi.jadconfig.guice.NamedConfigParametersModule)
Injector(com.google.inject.Injector)
CreationException(com.google.inject.CreationException)
ParameterException(com.github.joschi.jadconfig.ParameterException)
NodeIdPersistenceException(org.graylog2.plugin.system.NodeIdPersistenceException)
RepositoryException(com.github.joschi.jadconfig.RepositoryException)
UnsupportedSearchException(org.graylog2.storage.UnsupportedSearchException)
ValidationException(com.github.joschi.jadconfig.ValidationException)
ElasticsearchProbeException(org.graylog2.storage.versionprobe.ElasticsearchProbeException)
AccessDeniedException(java.nio.file.AccessDeniedException)
CreationException(com.google.inject.CreationException)
Example 19 with Messages
use of org.graylog2.indexer.messages.Messages in project graylog2-server by Graylog2.
the class CmdLineTool method annotateInjectorExceptions.
protected void annotateInjectorExceptions(Collection<Message> messages) {
for (Message message : messages) {
// noinspection ThrowableResultOfMethodCallIgnored
final Throwable rootCause = ExceptionUtils.getRootCause(message.getCause());
if (rootCause instanceof NodeIdPersistenceException) {
LOG.error(UI.wallString("Unable to read or persist your NodeId file. This means your node id file (" + configuration.getNodeIdFile() + ") is not readable or writable by the current user. The following exception might give more information: " + message));
System.exit(-1);
} else if (rootCause instanceof AccessDeniedException) {
LOG.error(UI.wallString("Unable to access file " + rootCause.getMessage()));
System.exit(-2);
} else if (rootCause instanceof UnsupportedSearchException) {
final SearchVersion search = ((UnsupportedSearchException) rootCause).getSearchMajorVersion();
LOG.error(UI.wallString("Unsupported search version: " + search, DocsHelper.PAGE_ES_VERSIONS.toString()));
System.exit(-3);
} else if (rootCause instanceof ElasticsearchProbeException) {
LOG.error(UI.wallString(rootCause.getMessage(), DocsHelper.PAGE_ES_CONFIGURATION.toString()));
System.exit(-4);
} else {
// other guice error, still print the raw messages
// TODO this could potentially print duplicate messages depending on what a subclass does...
LOG.error("Guice error (more detail on log level debug): {}", message.getMessage());
if (rootCause != null) {
LOG.debug("Stacktrace:", rootCause);
}
}
}
}
Also used :
ElasticsearchProbeException(org.graylog2.storage.versionprobe.ElasticsearchProbeException)
AccessDeniedException(java.nio.file.AccessDeniedException)
Message(com.google.inject.spi.Message)
UnsupportedSearchException(org.graylog2.storage.UnsupportedSearchException)
SearchVersion(org.graylog2.storage.SearchVersion)
NodeIdPersistenceException(org.graylog2.plugin.system.NodeIdPersistenceException)
Example 20 with Messages
use of org.graylog2.indexer.messages.Messages in project graylog2-server by Graylog2.
the class FieldValueAlertCondition method runCheck.
@Override
public CheckResult runCheck() {
try {
final String filter = buildQueryFilter(stream.getId(), query);
// TODO we don't support cardinality yet
final FieldStatsResult fieldStatsResult = searches.fieldStats(field, "*", filter, RelativeRange.create(time * 60), false, true, false);
if (fieldStatsResult.count() == 0) {
LOG.debug("Alert check <{}> did not match any messages. Returning not triggered.", type);
return new NegativeCheckResult();
}
final double result;
switch(type) {
case MEAN:
result = fieldStatsResult.mean();
break;
case MIN:
result = fieldStatsResult.min();
break;
case MAX:
result = fieldStatsResult.max();
break;
case SUM:
result = fieldStatsResult.sum();
break;
case STDDEV:
result = fieldStatsResult.stdDeviation();
break;
default:
LOG.error("No such field value check type: [{}]. Returning not triggered.", type);
return new NegativeCheckResult();
}
LOG.debug("Alert check <{}> result: [{}]", id, result);
if (Double.isInfinite(result)) {
// This happens when there are no ES results/docs.
LOG.debug("Infinite value. Returning not triggered.");
return new NegativeCheckResult();
}
final boolean triggered;
switch(thresholdType) {
case HIGHER:
triggered = result > threshold.doubleValue();
break;
case LOWER:
triggered = result < threshold.doubleValue();
break;
default:
triggered = false;
}
if (triggered) {
final String resultDescription = "Field " + field + " had a " + type + " of " + decimalFormat.format(result) + " in the last " + time + " minutes with trigger condition " + thresholdType + " than " + decimalFormat.format(threshold) + ". " + "(Current grace time: " + grace + " minutes)";
final List<MessageSummary> summaries;
if (getBacklog() > 0) {
final List<ResultMessage> searchResult = fieldStatsResult.searchHits();
summaries = Lists.newArrayListWithCapacity(searchResult.size());
for (ResultMessage resultMessage : searchResult) {
final Message msg = resultMessage.getMessage();
summaries.add(new MessageSummary(resultMessage.getIndex(), msg));
}
} else {
summaries = Collections.emptyList();
}
return new CheckResult(true, this, resultDescription, Tools.nowUTC(), summaries);
} else {
return new NegativeCheckResult();
}
} catch (InvalidRangeParametersException e) {
// cannot happen lol
LOG.error("Invalid timerange.", e);
return null;
} catch (FieldTypeException e) {
LOG.debug("Field [{}] seems not to have a numerical type or doesn't even exist at all. Returning not triggered.", field, e);
return new NegativeCheckResult();
}
}
Also used :
InvalidRangeParametersException(org.graylog2.plugin.indexer.searches.timeranges.InvalidRangeParametersException)
ResultMessage(org.graylog2.indexer.results.ResultMessage)
Message(org.graylog2.plugin.Message)
ResultMessage(org.graylog2.indexer.results.ResultMessage)
FieldStatsResult(org.graylog2.indexer.results.FieldStatsResult)
FieldTypeException(org.graylog2.indexer.FieldTypeException)
MessageSummary(org.graylog2.plugin.MessageSummary)
Aggregations
Message (org.graylog2.plugin.Message)41
Test (org.junit.Test)31
DateTime (org.joda.time.DateTime)17
Map (java.util.Map)15
ApiOperation (io.swagger.annotations.ApiOperation)14
Produces (javax.ws.rs.Produces)14
Timed (com.codahale.metrics.annotation.Timed)13
ApiResponses (io.swagger.annotations.ApiResponses)12
Messages (org.graylog2.plugin.Messages)12
List (java.util.List)11
GET (javax.ws.rs.GET)11
AbsoluteRange (org.graylog2.plugin.indexer.searches.timeranges.AbsoluteRange)11
ResultMessage (org.graylog2.indexer.results.ResultMessage)10
TimeRange (org.graylog2.plugin.indexer.searches.timeranges.TimeRange)10
ArrayList (java.util.ArrayList)9
Collectors (java.util.stream.Collectors)9
ResultMessageSummary (org.graylog2.rest.models.messages.responses.ResultMessageSummary)9
ImmutableMap (com.google.common.collect.ImmutableMap)8
IOException (java.io.IOException)8
Inject (javax.inject.Inject)8
