Examples with Event org.graylog.events.event.Event used on opensource projects

Search in sources :

Example 1 with Event

use of org.graylog.events.event.Event in project graylog2-server by Graylog2.

the class AggregationEventProcessor method sourceMessagesForEvent.

@Override
public void sourceMessagesForEvent(Event event, Consumer<List<MessageSummary>> messageConsumer, long limit) throws EventProcessorException {
    if (config.series().isEmpty()) {
        if (limit <= 0) {
            return;
        }
        final EventOriginContext.ESEventOriginContext esContext = EventOriginContext.parseESContext(event.getOriginContext()).orElseThrow(() -> new EventProcessorException("Failed to parse origin context", false, eventDefinition));
        try {
            final ResultMessage message;
            message = messages.get(esContext.messageId(), esContext.indexName());
            messageConsumer.accept(Lists.newArrayList(new MessageSummary(message.getIndex(), message.getMessage())));
        } catch (IOException e) {
            throw new EventProcessorException("Failed to query origin context message", false, eventDefinition, e);
        }
    } else {
        final AtomicLong msgCount = new AtomicLong(0L);
        final MoreSearch.ScrollCallback callback = (messages, continueScrolling) -> {
            final List<MessageSummary> summaries = Lists.newArrayList();
            for (final ResultMessage resultMessage : messages) {
                if (msgCount.incrementAndGet() > limit) {
                    continueScrolling.set(false);
                    break;
                }
                final Message msg = resultMessage.getMessage();
                summaries.add(new MessageSummary(resultMessage.getIndex(), msg));
            }
            messageConsumer.accept(summaries);
        };
        ElasticsearchQueryString scrollQueryString = ElasticsearchQueryString.of(config.query());
        scrollQueryString = scrollQueryString.concatenate(groupByQueryString(event));
        LOG.debug("scrollQueryString: {}", scrollQueryString);
        final TimeRange timeRange = AbsoluteRange.create(event.getTimerangeStart(), event.getTimerangeEnd());
        moreSearch.scrollQuery(scrollQueryString.queryString(), config.streams(), config.queryParameters(), timeRange, Math.min(500, Ints.saturatedCast(limit)), callback);
    }
}
Also used : EventProcessorException(org.graylog.events.processor.EventProcessorException) MoreSearch(org.graylog.events.search.MoreSearch) LoggerFactory(org.slf4j.LoggerFactory) EventOriginContext(org.graylog.events.event.EventOriginContext) MessageSummary(org.graylog2.plugin.MessageSummary) EventConsumer(org.graylog.events.processor.EventConsumer) Assisted(com.google.inject.assistedinject.Assisted) EventProcessor(org.graylog.events.processor.EventProcessor) ResultMessage(org.graylog2.indexer.results.ResultMessage) Locale(java.util.Locale) Map(java.util.Map) Event(org.graylog.events.event.Event) AbsoluteRange(org.graylog2.plugin.indexer.searches.timeranges.AbsoluteRange) EventDefinition(org.graylog.events.processor.EventDefinition) EventProcessorException(org.graylog.events.processor.EventProcessorException) TimeRange(org.graylog2.plugin.indexer.searches.timeranges.TimeRange) ImmutableSet(com.google.common.collect.ImmutableSet) ImmutableMap(com.google.common.collect.ImmutableMap) Persisted(org.graylog2.plugin.database.Persisted) Set(java.util.Set) Collectors(java.util.stream.Collectors) Sets(com.google.common.collect.Sets) MoreSearch(org.graylog.events.search.MoreSearch) EventFactory(org.graylog.events.event.EventFactory) ParameterExpansionError(org.graylog.plugins.views.search.errors.ParameterExpansionError) List(java.util.List) Stream(org.graylog2.plugin.streams.Stream) StreamService(org.graylog2.streams.StreamService) Strings(org.apache.logging.log4j.util.Strings) Optional(java.util.Optional) MoreSearch.luceneEscape(org.graylog.events.search.MoreSearch.luceneEscape) HashMap(java.util.HashMap) SearchException(org.graylog.plugins.views.search.errors.SearchException) ElasticsearchQueryString(org.graylog.plugins.views.search.elasticsearch.ElasticsearchQueryString) Inject(javax.inject.Inject) DBEventProcessorStateService(org.graylog.events.processor.DBEventProcessorStateService) BooleanNumberConditionsVisitor(org.graylog.events.conditions.BooleanNumberConditionsVisitor) Lists(com.google.common.collect.Lists) ImmutableList(com.google.common.collect.ImmutableList) Messages(org.graylog2.indexer.messages.Messages) EventProcessorParameters(org.graylog.events.processor.EventProcessorParameters) Logger(org.slf4j.Logger) EventWithContext(org.graylog.events.event.EventWithContext) DateTime(org.joda.time.DateTime) IOException(java.io.IOException) Maps(com.google.common.collect.Maps) Ints(com.google.common.primitives.Ints) Consumer(java.util.function.Consumer) AtomicLong(java.util.concurrent.atomic.AtomicLong) EventProcessorDependencyCheck(org.graylog.events.processor.EventProcessorDependencyCheck) VisibleForTesting(com.google.common.annotations.VisibleForTesting) Message(org.graylog2.plugin.Message) EventProcessorPreconditionException(org.graylog.events.processor.EventProcessorPreconditionException) ResultMessage(org.graylog2.indexer.results.ResultMessage) Message(org.graylog2.plugin.Message) ElasticsearchQueryString(org.graylog.plugins.views.search.elasticsearch.ElasticsearchQueryString) IOException(java.io.IOException) ResultMessage(org.graylog2.indexer.results.ResultMessage) TimeRange(org.graylog2.plugin.indexer.searches.timeranges.TimeRange) AtomicLong(java.util.concurrent.atomic.AtomicLong) EventOriginContext(org.graylog.events.event.EventOriginContext) List(java.util.List) ImmutableList(com.google.common.collect.ImmutableList) MessageSummary(org.graylog2.plugin.MessageSummary)

Example 2 with Event

use of org.graylog.events.event.Event in project graylog2-server by Graylog2.

the class AggregationEventProcessorTest method testEventsFromAggregationResultWithEmptyResultUsesEventDefinitionStreamAsSourceStreams.

@Test
public void testEventsFromAggregationResultWithEmptyResultUsesEventDefinitionStreamAsSourceStreams() {
    final DateTime now = DateTime.now(DateTimeZone.UTC);
    final AbsoluteRange timerange = AbsoluteRange.create(now.minusHours(1), now.plusHours(1));
    // We expect to get the end of the aggregation timerange as event time
    final TestEvent event1 = new TestEvent(timerange.to());
    final TestEvent event2 = new TestEvent(timerange.to());
    when(eventFactory.createEvent(any(EventDefinition.class), eq(now), anyString())).thenReturn(// first invocation return value
    event1).thenReturn(// second invocation return value
    event2);
    final EventDefinitionDto eventDefinitionDto = buildEventDefinitionDto(ImmutableSet.of("stream-2"), ImmutableList.of(), null);
    final AggregationEventProcessorParameters parameters = AggregationEventProcessorParameters.builder().timerange(timerange).build();
    final AggregationEventProcessor eventProcessor = new AggregationEventProcessor(eventDefinitionDto, searchFactory, eventProcessorDependencyCheck, stateService, moreSearch, streamService, messages);
    final AggregationResult result = buildAggregationResult(timerange, now, ImmutableList.of("one", "two"));
    final ImmutableList<EventWithContext> eventsWithContext = eventProcessor.eventsFromAggregationResult(eventFactory, parameters, result);
    assertThat(eventsWithContext).hasSize(1);
    assertThat(eventsWithContext.get(0)).satisfies(eventWithContext -> {
        final Event event = eventWithContext.event();
        assertThat(event.getId()).isEqualTo(event1.getId());
        assertThat(event.getMessage()).isEqualTo(event1.getMessage());
        assertThat(event.getEventTimestamp()).isEqualTo(timerange.to());
        assertThat(event.getTimerangeStart()).isEqualTo(timerange.from());
        assertThat(event.getTimerangeEnd()).isEqualTo(timerange.to());
        // Must contain the stream from the event definition because there is none in the result
        assertThat(event.getSourceStreams()).containsOnly("stream-2");
        final Message message = eventWithContext.messageContext().orElse(null);
        assertThat(message).isNotNull();
        assertThat(message.getField("group_field_one")).isEqualTo("one");
        assertThat(message.getField("group_field_two")).isEqualTo("two");
        assertThat(message.getField("aggregation_key")).isEqualTo("one|two");
        assertThat(message.getField("aggregation_value_count")).isEqualTo(0.0d);
    });
}
Also used : EventDefinitionDto(org.graylog.events.processor.EventDefinitionDto) Message(org.graylog2.plugin.Message) TestEvent(org.graylog.events.event.TestEvent) AbsoluteRange(org.graylog2.plugin.indexer.searches.timeranges.AbsoluteRange) Event(org.graylog.events.event.Event) TestEvent(org.graylog.events.event.TestEvent) EventWithContext(org.graylog.events.event.EventWithContext) DateTime(org.joda.time.DateTime) Test(org.junit.Test)

Example 3 with Event

use of org.graylog.events.event.Event in project graylog2-server by Graylog2.

the class NotificationGracePeriodServiceTest method emptyKey.

@Test
public void emptyKey() {
    final NotificationGracePeriodService notificationGracePeriodService = new NotificationGracePeriodService();
    when(settings.gracePeriodMs()).thenReturn(10L);
    when(definition.notificationSettings()).thenReturn(settings);
    when(definition.id()).thenReturn("1234");
    final Event event = new TestEvent();
    event.setKeyTuple(ImmutableList.of());
    final Event event2 = new TestEvent();
    event.setKeyTuple(ImmutableList.of());
    event2.setEventTimestamp(event.getEventTimestamp().plus(1L));
    assertThat(notificationGracePeriodService.inGracePeriod(definition, "5678", event)).isFalse();
    assertThat(notificationGracePeriodService.inGracePeriod(definition, "5678", event2)).isTrue();
}
Also used : NotificationGracePeriodService(org.graylog.events.notifications.NotificationGracePeriodService) TestEvent(org.graylog.events.event.TestEvent) TestEvent(org.graylog.events.event.TestEvent) Event(org.graylog.events.event.Event) Test(org.junit.Test)

Example 4 with Event

use of org.graylog.events.event.Event in project graylog2-server by Graylog2.

the class NotificationGracePeriodServiceTest method falseWithDisabledGracePeriod.

@Test
public void falseWithDisabledGracePeriod() {
    final NotificationGracePeriodService notificationGracePeriodService = new NotificationGracePeriodService();
    when(settings.gracePeriodMs()).thenReturn(0L);
    when(definition.notificationSettings()).thenReturn(settings);
    when(definition.id()).thenReturn("1234");
    final Event event = new TestEvent();
    event.setKeyTuple(ImmutableList.of("testkey"));
    assertThat(notificationGracePeriodService.inGracePeriod(definition, "5678", event)).isFalse();
    assertThat(notificationGracePeriodService.inGracePeriod(definition, "5678", event)).isFalse();
}
Also used : NotificationGracePeriodService(org.graylog.events.notifications.NotificationGracePeriodService) TestEvent(org.graylog.events.event.TestEvent) TestEvent(org.graylog.events.event.TestEvent) Event(org.graylog.events.event.Event) Test(org.junit.Test)

Example 5 with Event

use of org.graylog.events.event.Event in project graylog2-server by Graylog2.

the class NotificationGracePeriodServiceTest method differentKey.

@Test
public void differentKey() {
    final NotificationGracePeriodService notificationGracePeriodService = new NotificationGracePeriodService();
    when(settings.gracePeriodMs()).thenReturn(10L);
    when(definition.notificationSettings()).thenReturn(settings);
    when(definition.id()).thenReturn("1234");
    final Event event = new TestEvent();
    event.setKeyTuple(ImmutableList.of("testkey"));
    final Event event2 = new TestEvent();
    event2.setKeyTuple(ImmutableList.of("otherkey"));
    event2.setEventTimestamp(event.getEventTimestamp().plus(1L));
    assertThat(notificationGracePeriodService.inGracePeriod(definition, "5678", event)).isFalse();
    assertThat(notificationGracePeriodService.inGracePeriod(definition, "5678", event2)).isFalse();
}
Also used : NotificationGracePeriodService(org.graylog.events.notifications.NotificationGracePeriodService) TestEvent(org.graylog.events.event.TestEvent) TestEvent(org.graylog.events.event.TestEvent) Event(org.graylog.events.event.Event) Test(org.junit.Test)

Aggregations

Event (org.graylog.events.event.Event)16 TestEvent (org.graylog.events.event.TestEvent)12 Test (org.junit.Test)12 EventWithContext (org.graylog.events.event.EventWithContext)8 NotificationGracePeriodService (org.graylog.events.notifications.NotificationGracePeriodService)8 Message (org.graylog2.plugin.Message)6 DateTime (org.joda.time.DateTime)6 AbsoluteRange (org.graylog2.plugin.indexer.searches.timeranges.AbsoluteRange)5 EventDefinitionDto (org.graylog.events.processor.EventDefinitionDto)4 VisibleForTesting (com.google.common.annotations.VisibleForTesting)2 ImmutableList (com.google.common.collect.ImmutableList)2 HashMap (java.util.HashMap)2 Map (java.util.Map)2 ImmutableMap (com.google.common.collect.ImmutableMap)1 ImmutableSet (com.google.common.collect.ImmutableSet)1 Lists (com.google.common.collect.Lists)1 Maps (com.google.common.collect.Maps)1 Sets (com.google.common.collect.Sets)1 Ints (com.google.common.primitives.Ints)1 Assisted (com.google.inject.assistedinject.Assisted)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial