Examples with EventWithContext org.graylog.events.event.EventWithContext used on opensource projects

Example 1 with EventWithContext

use of org.graylog.events.event.EventWithContext in project graylog2-server by Graylog2.

the class LookupTableFieldValueProviderTest method testWithMessageContext.

@Test
public void testWithMessageContext() {
    final String fieldValueString = "world";
    final String expectedLookupValue = "lookup-world";
    final TestEvent event = new TestEvent();
    final Message message = newMessage(ImmutableMap.of("hello", fieldValueString));
    final EventWithContext eventWithContext = EventWithContext.create(event, message);
    final LookupTableFieldValueProvider.Config config = newConfig("test", "hello");
    setupMocks("test");
    when(lookupTableFunction.lookup("world")).thenReturn(LookupResult.single("lookup-" + message.getField("hello")));
    final FieldValue fieldValue = newProvider(config).doGet("test", eventWithContext);
    assertThat(fieldValue.value()).isEqualTo(expectedLookupValue);
}

Example 2 with EventWithContext

use of org.graylog.events.event.EventWithContext in project graylog2-server by Graylog2.

the class AggregationEventProcessorTest method testEventsFromAggregationResultWithEmptyResultUsesEventDefinitionStreamAsSourceStreams.

@Test
public void testEventsFromAggregationResultWithEmptyResultUsesEventDefinitionStreamAsSourceStreams() {
    final DateTime now = DateTime.now(DateTimeZone.UTC);
    final AbsoluteRange timerange = AbsoluteRange.create(now.minusHours(1), now.plusHours(1));
    // We expect to get the end of the aggregation timerange as event time
    final TestEvent event1 = new TestEvent(timerange.to());
    final TestEvent event2 = new TestEvent(timerange.to());
    when(eventFactory.createEvent(any(EventDefinition.class), eq(now), anyString())).thenReturn(// first invocation return value
    event1).thenReturn(// second invocation return value
    event2);
    final EventDefinitionDto eventDefinitionDto = buildEventDefinitionDto(ImmutableSet.of("stream-2"), ImmutableList.of(), null);
    final AggregationEventProcessorParameters parameters = AggregationEventProcessorParameters.builder().timerange(timerange).build();
    final AggregationEventProcessor eventProcessor = new AggregationEventProcessor(eventDefinitionDto, searchFactory, eventProcessorDependencyCheck, stateService, moreSearch, streamService, messages);
    final AggregationResult result = buildAggregationResult(timerange, now, ImmutableList.of("one", "two"));
    final ImmutableList<EventWithContext> eventsWithContext = eventProcessor.eventsFromAggregationResult(eventFactory, parameters, result);
    assertThat(eventsWithContext).hasSize(1);
    assertThat(eventsWithContext.get(0)).satisfies(eventWithContext -> {
        final Event event = eventWithContext.event();
        assertThat(event.getId()).isEqualTo(event1.getId());
        assertThat(event.getMessage()).isEqualTo(event1.getMessage());
        assertThat(event.getEventTimestamp()).isEqualTo(timerange.to());
        assertThat(event.getTimerangeStart()).isEqualTo(timerange.from());
        assertThat(event.getTimerangeEnd()).isEqualTo(timerange.to());
        // Must contain the stream from the event definition because there is none in the result
        assertThat(event.getSourceStreams()).containsOnly("stream-2");
        final Message message = eventWithContext.messageContext().orElse(null);
        assertThat(message).isNotNull();
        assertThat(message.getField("group_field_one")).isEqualTo("one");
        assertThat(message.getField("group_field_two")).isEqualTo("two");
        assertThat(message.getField("aggregation_key")).isEqualTo("one|two");
        assertThat(message.getField("aggregation_value_count")).isEqualTo(0.0d);
    });
}

Example 3 with EventWithContext

use of org.graylog.events.event.EventWithContext in project graylog2-server by Graylog2.

the class TemplateFieldValueProviderTest method templateWithError.

@Test
public void templateWithError() {
    final TestEvent event = new TestEvent();
    final EventWithContext eventWithContext = EventWithContext.create(event, newMessage(ImmutableMap.of("hello", "world")));
    final FieldValue fieldValue = newTemplate("hello: ${source.yolo}", true).doGet("test", eventWithContext);
    assertThat(fieldValue.dataType()).isEqualTo(FieldValueType.ERROR);
}

Example 4 with EventWithContext

use of org.graylog.events.event.EventWithContext in project graylog2-server by Graylog2.

the class TemplateFieldValueProviderTest method templateWithEventContext.

@Test
public void templateWithEventContext() {
    final TestEvent event = new TestEvent();
    final TestEvent eventContext = new TestEvent();
    eventContext.setField("hello", FieldValue.string("event"));
    final EventWithContext eventWithContext = EventWithContext.create(event, eventContext);
    final FieldValue fieldValue = newTemplate("hello: ${source.hello}").doGet("test", eventWithContext);
    assertThat(fieldValue.value()).isEqualTo("hello: event");
}

Example 5 with EventWithContext

use of org.graylog.events.event.EventWithContext in project graylog2-server by Graylog2.

the class TemplateFieldValueProviderTest method templateWithSyntaxError.

@Test
public void templateWithSyntaxError() {
    final TestEvent event = new TestEvent();
    final EventWithContext eventWithContext = EventWithContext.create(event, newMessage(ImmutableMap.of("hello", "world")));
    final FieldValue fieldValue = newTemplate("hello: ${source.hello").doGet("test", eventWithContext);
    assertThat(fieldValue.dataType()).isEqualTo(FieldValueType.ERROR);
}