Examples with StreamRule org.graylog2.plugin.streams.StreamRule used on opensource projects

Example 6 with StreamRule

use of org.graylog2.plugin.streams.StreamRule in project graylog2-server by Graylog2.

the class StreamListFingerprint method buildFingerprint.

private String buildFingerprint(List<Stream> streams) {
    final MessageDigest sha1Digest = DigestUtils.getSha1Digest();
    final StringBuilder sb = new StringBuilder();
    for (Stream stream : Ordering.from(getStreamComparator()).sortedCopy(streams)) {
        sb.append(stream.hashCode());
        for (StreamRule rule : Ordering.from(getStreamRuleComparator()).sortedCopy(stream.getStreamRules())) {
            sb.append(rule.hashCode());
        }
        for (Output output : Ordering.from(getOutputComparator()).sortedCopy(stream.getOutputs())) {
            sb.append(output.hashCode());
        }
    }
    return String.valueOf(Hex.encodeHex(sha1Digest.digest(sb.toString().getBytes(StandardCharsets.US_ASCII))));
}

Example 7 with StreamRule

use of org.graylog2.plugin.streams.StreamRule in project graylog2-server by Graylog2.

the class StreamRouterEngine method match.

/**
     * Returns a list of matching streams for the given message.
     *
     * @param message the message
     * @return the list of matching streams
     */
public List<Stream> match(Message message) {
    final Set<Stream> result = Sets.newHashSet();
    final Set<Stream> blackList = Sets.newHashSet();
    for (final Rule rule : rulesList) {
        if (blackList.contains(rule.getStream())) {
            continue;
        }
        final StreamRule streamRule = rule.getStreamRule();
        final StreamRuleType streamRuleType = streamRule.getType();
        final Stream.MatchingType matchingType = rule.getMatchingType();
        if (!ruleTypesNotNeedingFieldPresence.contains(streamRuleType) && !message.hasField(streamRule.getField())) {
            if (matchingType == Stream.MatchingType.AND) {
                result.remove(rule.getStream());
                // blacklist stream because it can't match anymore
                blackList.add(rule.getStream());
            }
            continue;
        }
        final Stream stream;
        if (streamRuleType != StreamRuleType.REGEX) {
            stream = rule.match(message);
        } else {
            stream = rule.matchWithTimeOut(message, streamProcessingTimeout, TimeUnit.MILLISECONDS);
        }
        if (stream == null) {
            if (matchingType == Stream.MatchingType.AND) {
                result.remove(rule.getStream());
                // blacklist stream because it can't match anymore
                blackList.add(rule.getStream());
            }
        } else {
            result.add(stream);
            if (matchingType == Stream.MatchingType.OR) {
                // blacklist stream because it is already matched
                blackList.add(rule.getStream());
            }
        }
    }
    final Stream defaultStream = defaultStreamProvider.get();
    boolean alreadyRemovedDefaultStream = false;
    for (Stream stream : result) {
        streamMetrics.markIncomingMeter(stream.getId());
        if (stream.getRemoveMatchesFromDefaultStream()) {
            if (alreadyRemovedDefaultStream || message.removeStream(defaultStream)) {
                alreadyRemovedDefaultStream = true;
                if (LOG.isTraceEnabled()) {
                    LOG.trace("Successfully removed default stream <{}> from message <{}>", defaultStream.getId(), message.getId());
                }
            } else {
                if (LOG.isWarnEnabled()) {
                    LOG.warn("Couldn't remove default stream <{}> from message <{}>", defaultStream.getId(), message.getId());
                }
            }
        }
    }
    // or someone removed it, in which case we don't mark it.
    if (!alreadyRemovedDefaultStream) {
        streamMetrics.markIncomingMeter(defaultStream.getId());
    }
    return ImmutableList.copyOf(result);
}

Example 8 with StreamRule

use of org.graylog2.plugin.streams.StreamRule in project graylog2-server by Graylog2.

the class StreamRuleServiceImpl method loadForStreamId.

@Override
public List<StreamRule> loadForStreamId(String streamId) throws NotFoundException {
    ObjectId id = new ObjectId(streamId);
    final List<StreamRule> streamRules = new ArrayList<>();
    final List<DBObject> respStreamRules = query(StreamRuleImpl.class, new BasicDBObject(StreamRuleImpl.FIELD_STREAM_ID, id));
    for (DBObject streamRule : respStreamRules) {
        streamRules.add(toStreamRule(streamRule));
    }
    return streamRules;
}

Example 9 with StreamRule

use of org.graylog2.plugin.streams.StreamRule in project graylog2-server by Graylog2.

the class StreamServiceImpl method load.

public Stream load(ObjectId id) throws NotFoundException {
    final DBObject o = get(StreamImpl.class, id);
    if (o == null) {
        throw new NotFoundException("Stream <" + id + "> not found!");
    }
    final List<StreamRule> streamRules = streamRuleService.loadForStreamId(id.toHexString());
    final Set<Output> outputs = loadOutputsForRawStream(o);
    @SuppressWarnings("unchecked") final Map<String, Object> fields = o.toMap();
    return new StreamImpl((ObjectId) o.get("_id"), fields, streamRules, outputs, getIndexSet(o));
}

Example 10 with StreamRule

use of org.graylog2.plugin.streams.StreamRule in project graylog2-server by Graylog2.

the class RegexMatcher method match.

@Override
public boolean match(Message msg, StreamRule rule) {
    if (msg.getField(rule.getField()) == null)
        return rule.getInverted();
    try {
        final Pattern pattern = patternCache.get(rule.getValue());
        final CharSequence charSequence = new InterruptibleCharSequence(msg.getField(rule.getField()).toString());
        return rule.getInverted() ^ pattern.matcher(charSequence).find();
    } catch (ExecutionException e) {
        LOG.error("Unable to get pattern from regex cache: ", e);
    }
    return false;
}