Examples with Event org.graylog.events.event.Event used on opensource projects

Search in sources :

Example 16 with Event

use of org.graylog.events.event.Event in project graylog2-server by Graylog2.

the class AggregationEventProcessor method eventsFromAggregationResult.

@VisibleForTesting
ImmutableList<EventWithContext> eventsFromAggregationResult(EventFactory eventFactory, AggregationEventProcessorParameters parameters, AggregationResult result) {
    final ImmutableList.Builder<EventWithContext> eventsWithContext = ImmutableList.builder();
    final Set<String> sourceStreams = buildEventSourceStreams(getStreams(parameters), result.sourceStreams());
    for (final AggregationKeyResult keyResult : result.keyResults()) {
        if (!satisfiesConditions(keyResult)) {
            LOG.debug("Skipping result <{}> because the conditions <{}> don't match", keyResult, config.conditions());
            continue;
        }
        final String keyString = Strings.join(keyResult.key(), '|');
        final String eventMessage = createEventMessageString(keyString, keyResult);
        // Extract eventTime from the key result or use query time range as fallback
        final DateTime eventTime = keyResult.timestamp().orElse(result.effectiveTimerange().to());
        final Event event = eventFactory.createEvent(eventDefinition, eventTime, eventMessage);
        // TODO: Do we have to set any other event fields here?
        event.setTimerangeStart(parameters.timerange().getFrom());
        event.setTimerangeEnd(parameters.timerange().getTo());
        sourceStreams.forEach(event::addSourceStream);
        final Map<String, Object> fields = new HashMap<>();
        // username=jane
        for (int i = 0; i < config.groupBy().size(); i++) {
            fields.put(config.groupBy().get(i), keyResult.key().get(i));
        }
        // Group By fields need to be saved on the event so they are available to the subsequent notification events
        event.setGroupByFields(fields.entrySet().stream().collect(Collectors.toMap(Map.Entry::getKey, e -> e.getValue().toString())));
        // aggregation_value_card_anonid=23
        for (AggregationSeriesValue seriesValue : keyResult.seriesValues()) {
            final String function = seriesValue.series().function().toString().toLowerCase(Locale.ROOT);
            final Optional<String> field = seriesValue.series().field();
            final String fieldName;
            if (field.isPresent()) {
                fieldName = String.format(Locale.ROOT, "aggregation_value_%s_%s", function, field.get());
            } else {
                fieldName = String.format(Locale.ROOT, "aggregation_value_%s", function);
            }
            fields.put(fieldName, seriesValue.value());
        }
        // This is the concatenated key value
        fields.put("aggregation_key", keyString);
        // TODO: Can we find a useful source value?
        final Message message = new Message(eventMessage, "", result.effectiveTimerange().to());
        message.addFields(fields);
        LOG.debug("Creating event {}/{} - {} {} ({})", eventDefinition.title(), eventDefinition.id(), keyResult.key(), seriesString(keyResult), fields);
        eventsWithContext.add(EventWithContext.create(event, message));
    }
    return eventsWithContext.build();
}
Also used : ResultMessage(org.graylog2.indexer.results.ResultMessage) Message(org.graylog2.plugin.Message) HashMap(java.util.HashMap) ImmutableList(com.google.common.collect.ImmutableList) EventWithContext(org.graylog.events.event.EventWithContext) ElasticsearchQueryString(org.graylog.plugins.views.search.elasticsearch.ElasticsearchQueryString) DateTime(org.joda.time.DateTime) Event(org.graylog.events.event.Event) VisibleForTesting(com.google.common.annotations.VisibleForTesting)

Aggregations

Event (org.graylog.events.event.Event)16 TestEvent (org.graylog.events.event.TestEvent)12 Test (org.junit.Test)12 EventWithContext (org.graylog.events.event.EventWithContext)8 NotificationGracePeriodService (org.graylog.events.notifications.NotificationGracePeriodService)8 Message (org.graylog2.plugin.Message)6 DateTime (org.joda.time.DateTime)6 AbsoluteRange (org.graylog2.plugin.indexer.searches.timeranges.AbsoluteRange)5 EventDefinitionDto (org.graylog.events.processor.EventDefinitionDto)4 VisibleForTesting (com.google.common.annotations.VisibleForTesting)2 ImmutableList (com.google.common.collect.ImmutableList)2 HashMap (java.util.HashMap)2 Map (java.util.Map)2 ImmutableMap (com.google.common.collect.ImmutableMap)1 ImmutableSet (com.google.common.collect.ImmutableSet)1 Lists (com.google.common.collect.Lists)1 Maps (com.google.common.collect.Maps)1 Sets (com.google.common.collect.Sets)1 Ints (com.google.common.primitives.Ints)1 Assisted (com.google.inject.assistedinject.Assisted)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial