Example 1 with TestEvent
use of org.graylog.events.event.TestEvent in project graylog2-server by Graylog2.
the class AggregationEventProcessorTest method sourceMessagesWithAggregation.
// Helper to call sourceMessagesForEvent when testing query string values - we don't care about anything else
private void sourceMessagesWithAggregation(Map<String, String> groupByFields, int batchLimit) throws EventProcessorException {
final DateTime now = DateTime.now(DateTimeZone.UTC);
final AbsoluteRange timeRange = AbsoluteRange.create(now.minusHours(1), now.plusHours(1));
final TestEvent event = new TestEvent(timeRange.to());
event.setTimerangeStart(timeRange.from());
event.setTimerangeEnd(timeRange.to());
event.setGroupByFields(groupByFields);
final AggregationSeries series = AggregationSeries.builder().id("abc123").function(AggregationFunction.COUNT).field("source").build();
final EventDefinitionDto eventDefinitionDto = buildEventDefinitionDto(ImmutableSet.of(), ImmutableList.of(series), null);
final AggregationEventProcessor eventProcessor = new AggregationEventProcessor(eventDefinitionDto, searchFactory, eventProcessorDependencyCheck, stateService, moreSearch, streamService, messages);
eventProcessor.sourceMessagesForEvent(event, messageConsumer, batchLimit);
}
Also used :
EventDefinitionDto(org.graylog.events.processor.EventDefinitionDto)
TestEvent(org.graylog.events.event.TestEvent)
AbsoluteRange(org.graylog2.plugin.indexer.searches.timeranges.AbsoluteRange)
DateTime(org.joda.time.DateTime)
Example 2 with TestEvent
use of org.graylog.events.event.TestEvent in project graylog2-server by Graylog2.
the class LookupTableFieldValueProviderTest method testWithMessageContext.
@Test
public void testWithMessageContext() {
final String fieldValueString = "world";
final String expectedLookupValue = "lookup-world";
final TestEvent event = new TestEvent();
final Message message = newMessage(ImmutableMap.of("hello", fieldValueString));
final EventWithContext eventWithContext = EventWithContext.create(event, message);
final LookupTableFieldValueProvider.Config config = newConfig("test", "hello");
setupMocks("test");
when(lookupTableFunction.lookup("world")).thenReturn(LookupResult.single("lookup-" + message.getField("hello")));
final FieldValue fieldValue = newProvider(config).doGet("test", eventWithContext);
assertThat(fieldValue.value()).isEqualTo(expectedLookupValue);
}
Also used :
Message(org.graylog2.plugin.Message)
TestEvent(org.graylog.events.event.TestEvent)
EventWithContext(org.graylog.events.event.EventWithContext)
FieldValue(org.graylog.events.fields.FieldValue)
Test(org.junit.Test)
Example 3 with TestEvent
use of org.graylog.events.event.TestEvent in project graylog2-server by Graylog2.
the class AggregationEventProcessorTest method testEventsFromAggregationResultWithEmptyResultUsesEventDefinitionStreamAsSourceStreams.
@Test
public void testEventsFromAggregationResultWithEmptyResultUsesEventDefinitionStreamAsSourceStreams() {
final DateTime now = DateTime.now(DateTimeZone.UTC);
final AbsoluteRange timerange = AbsoluteRange.create(now.minusHours(1), now.plusHours(1));
// We expect to get the end of the aggregation timerange as event time
final TestEvent event1 = new TestEvent(timerange.to());
final TestEvent event2 = new TestEvent(timerange.to());
when(eventFactory.createEvent(any(EventDefinition.class), eq(now), anyString())).thenReturn(// first invocation return value
event1).thenReturn(// second invocation return value
event2);
final EventDefinitionDto eventDefinitionDto = buildEventDefinitionDto(ImmutableSet.of("stream-2"), ImmutableList.of(), null);
final AggregationEventProcessorParameters parameters = AggregationEventProcessorParameters.builder().timerange(timerange).build();
final AggregationEventProcessor eventProcessor = new AggregationEventProcessor(eventDefinitionDto, searchFactory, eventProcessorDependencyCheck, stateService, moreSearch, streamService, messages);
final AggregationResult result = buildAggregationResult(timerange, now, ImmutableList.of("one", "two"));
final ImmutableList<EventWithContext> eventsWithContext = eventProcessor.eventsFromAggregationResult(eventFactory, parameters, result);
assertThat(eventsWithContext).hasSize(1);
assertThat(eventsWithContext.get(0)).satisfies(eventWithContext -> {
final Event event = eventWithContext.event();
assertThat(event.getId()).isEqualTo(event1.getId());
assertThat(event.getMessage()).isEqualTo(event1.getMessage());
assertThat(event.getEventTimestamp()).isEqualTo(timerange.to());
assertThat(event.getTimerangeStart()).isEqualTo(timerange.from());
assertThat(event.getTimerangeEnd()).isEqualTo(timerange.to());
// Must contain the stream from the event definition because there is none in the result
assertThat(event.getSourceStreams()).containsOnly("stream-2");
final Message message = eventWithContext.messageContext().orElse(null);
assertThat(message).isNotNull();
assertThat(message.getField("group_field_one")).isEqualTo("one");
assertThat(message.getField("group_field_two")).isEqualTo("two");
assertThat(message.getField("aggregation_key")).isEqualTo("one|two");
assertThat(message.getField("aggregation_value_count")).isEqualTo(0.0d);
});
}
Also used :
EventDefinitionDto(org.graylog.events.processor.EventDefinitionDto)
Message(org.graylog2.plugin.Message)
TestEvent(org.graylog.events.event.TestEvent)
AbsoluteRange(org.graylog2.plugin.indexer.searches.timeranges.AbsoluteRange)
Event(org.graylog.events.event.Event)
TestEvent(org.graylog.events.event.TestEvent)
EventWithContext(org.graylog.events.event.EventWithContext)
DateTime(org.joda.time.DateTime)
Test(org.junit.Test)
Example 4 with TestEvent
use of org.graylog.events.event.TestEvent in project graylog2-server by Graylog2.
the class NotificationGracePeriodServiceTest method emptyKey.
@Test
public void emptyKey() {
final NotificationGracePeriodService notificationGracePeriodService = new NotificationGracePeriodService();
when(settings.gracePeriodMs()).thenReturn(10L);
when(definition.notificationSettings()).thenReturn(settings);
when(definition.id()).thenReturn("1234");
final Event event = new TestEvent();
event.setKeyTuple(ImmutableList.of());
final Event event2 = new TestEvent();
event.setKeyTuple(ImmutableList.of());
event2.setEventTimestamp(event.getEventTimestamp().plus(1L));
assertThat(notificationGracePeriodService.inGracePeriod(definition, "5678", event)).isFalse();
assertThat(notificationGracePeriodService.inGracePeriod(definition, "5678", event2)).isTrue();
}
Also used :
NotificationGracePeriodService(org.graylog.events.notifications.NotificationGracePeriodService)
TestEvent(org.graylog.events.event.TestEvent)
TestEvent(org.graylog.events.event.TestEvent)
Event(org.graylog.events.event.Event)
Test(org.junit.Test)
Example 5 with TestEvent
use of org.graylog.events.event.TestEvent in project graylog2-server by Graylog2.
the class TemplateFieldValueProviderTest method templateWithError.
@Test
public void templateWithError() {
final TestEvent event = new TestEvent();
final EventWithContext eventWithContext = EventWithContext.create(event, newMessage(ImmutableMap.of("hello", "world")));
final FieldValue fieldValue = newTemplate("hello: ${source.yolo}", true).doGet("test", eventWithContext);
assertThat(fieldValue.dataType()).isEqualTo(FieldValueType.ERROR);
}
Also used :
TestEvent(org.graylog.events.event.TestEvent)
EventWithContext(org.graylog.events.event.EventWithContext)
FieldValue(org.graylog.events.fields.FieldValue)
Test(org.junit.Test)
Aggregations
TestEvent (org.graylog.events.event.TestEvent)24
Test (org.junit.Test)23
EventWithContext (org.graylog.events.event.EventWithContext)15
Event (org.graylog.events.event.Event)12
FieldValue (org.graylog.events.fields.FieldValue)10
NotificationGracePeriodService (org.graylog.events.notifications.NotificationGracePeriodService)8
EventDefinitionDto (org.graylog.events.processor.EventDefinitionDto)5
Message (org.graylog2.plugin.Message)5
AbsoluteRange (org.graylog2.plugin.indexer.searches.timeranges.AbsoluteRange)5
DateTime (org.joda.time.DateTime)5
StreamMock (org.graylog2.streams.StreamMock)1
Ignore (org.junit.Ignore)1
