Example 1 with EventDefinition
use of org.graylog.events.processor.EventDefinition in project graylog2-server by Graylog2.
the class AggregationEventProcessor method sourceMessagesForEvent.
@Override
public void sourceMessagesForEvent(Event event, Consumer<List<MessageSummary>> messageConsumer, long limit) throws EventProcessorException {
if (config.series().isEmpty()) {
if (limit <= 0) {
return;
}
final EventOriginContext.ESEventOriginContext esContext = EventOriginContext.parseESContext(event.getOriginContext()).orElseThrow(() -> new EventProcessorException("Failed to parse origin context", false, eventDefinition));
try {
final ResultMessage message;
message = messages.get(esContext.messageId(), esContext.indexName());
messageConsumer.accept(Lists.newArrayList(new MessageSummary(message.getIndex(), message.getMessage())));
} catch (IOException e) {
throw new EventProcessorException("Failed to query origin context message", false, eventDefinition, e);
}
} else {
final AtomicLong msgCount = new AtomicLong(0L);
final MoreSearch.ScrollCallback callback = (messages, continueScrolling) -> {
final List<MessageSummary> summaries = Lists.newArrayList();
for (final ResultMessage resultMessage : messages) {
if (msgCount.incrementAndGet() > limit) {
continueScrolling.set(false);
break;
}
final Message msg = resultMessage.getMessage();
summaries.add(new MessageSummary(resultMessage.getIndex(), msg));
}
messageConsumer.accept(summaries);
};
ElasticsearchQueryString scrollQueryString = ElasticsearchQueryString.of(config.query());
scrollQueryString = scrollQueryString.concatenate(groupByQueryString(event));
LOG.debug("scrollQueryString: {}", scrollQueryString);
final TimeRange timeRange = AbsoluteRange.create(event.getTimerangeStart(), event.getTimerangeEnd());
moreSearch.scrollQuery(scrollQueryString.queryString(), config.streams(), config.queryParameters(), timeRange, Math.min(500, Ints.saturatedCast(limit)), callback);
}
}
Also used :
EventProcessorException(org.graylog.events.processor.EventProcessorException)
MoreSearch(org.graylog.events.search.MoreSearch)
LoggerFactory(org.slf4j.LoggerFactory)
EventOriginContext(org.graylog.events.event.EventOriginContext)
MessageSummary(org.graylog2.plugin.MessageSummary)
EventConsumer(org.graylog.events.processor.EventConsumer)
Assisted(com.google.inject.assistedinject.Assisted)
EventProcessor(org.graylog.events.processor.EventProcessor)
ResultMessage(org.graylog2.indexer.results.ResultMessage)
Locale(java.util.Locale)
Map(java.util.Map)
Event(org.graylog.events.event.Event)
AbsoluteRange(org.graylog2.plugin.indexer.searches.timeranges.AbsoluteRange)
EventDefinition(org.graylog.events.processor.EventDefinition)
EventProcessorException(org.graylog.events.processor.EventProcessorException)
TimeRange(org.graylog2.plugin.indexer.searches.timeranges.TimeRange)
ImmutableSet(com.google.common.collect.ImmutableSet)
ImmutableMap(com.google.common.collect.ImmutableMap)
Persisted(org.graylog2.plugin.database.Persisted)
Set(java.util.Set)
Collectors(java.util.stream.Collectors)
Sets(com.google.common.collect.Sets)
MoreSearch(org.graylog.events.search.MoreSearch)
EventFactory(org.graylog.events.event.EventFactory)
ParameterExpansionError(org.graylog.plugins.views.search.errors.ParameterExpansionError)
List(java.util.List)
Stream(org.graylog2.plugin.streams.Stream)
StreamService(org.graylog2.streams.StreamService)
Strings(org.apache.logging.log4j.util.Strings)
Optional(java.util.Optional)
MoreSearch.luceneEscape(org.graylog.events.search.MoreSearch.luceneEscape)
HashMap(java.util.HashMap)
SearchException(org.graylog.plugins.views.search.errors.SearchException)
ElasticsearchQueryString(org.graylog.plugins.views.search.elasticsearch.ElasticsearchQueryString)
Inject(javax.inject.Inject)
DBEventProcessorStateService(org.graylog.events.processor.DBEventProcessorStateService)
BooleanNumberConditionsVisitor(org.graylog.events.conditions.BooleanNumberConditionsVisitor)
Lists(com.google.common.collect.Lists)
ImmutableList(com.google.common.collect.ImmutableList)
Messages(org.graylog2.indexer.messages.Messages)
EventProcessorParameters(org.graylog.events.processor.EventProcessorParameters)
Logger(org.slf4j.Logger)
EventWithContext(org.graylog.events.event.EventWithContext)
DateTime(org.joda.time.DateTime)
IOException(java.io.IOException)
Maps(com.google.common.collect.Maps)
Ints(com.google.common.primitives.Ints)
Consumer(java.util.function.Consumer)
AtomicLong(java.util.concurrent.atomic.AtomicLong)
EventProcessorDependencyCheck(org.graylog.events.processor.EventProcessorDependencyCheck)
VisibleForTesting(com.google.common.annotations.VisibleForTesting)
Message(org.graylog2.plugin.Message)
EventProcessorPreconditionException(org.graylog.events.processor.EventProcessorPreconditionException)
ResultMessage(org.graylog2.indexer.results.ResultMessage)
Message(org.graylog2.plugin.Message)
ElasticsearchQueryString(org.graylog.plugins.views.search.elasticsearch.ElasticsearchQueryString)
IOException(java.io.IOException)
ResultMessage(org.graylog2.indexer.results.ResultMessage)
TimeRange(org.graylog2.plugin.indexer.searches.timeranges.TimeRange)
AtomicLong(java.util.concurrent.atomic.AtomicLong)
EventOriginContext(org.graylog.events.event.EventOriginContext)
List(java.util.List)
ImmutableList(com.google.common.collect.ImmutableList)
MessageSummary(org.graylog2.plugin.MessageSummary)
Example 2 with EventDefinition
use of org.graylog.events.processor.EventDefinition in project graylog2-server by Graylog2.
the class EventBacklogService method getMessagesForEvent.
public ImmutableList<MessageSummary> getMessagesForEvent(EventDto eventDto, long backlogSize) throws NotFoundException {
if (backlogSize <= 0) {
return ImmutableList.of();
}
final EventProcessor.Factory factory = eventProcessorFactories.get(eventDto.eventDefinitionType());
if (factory == null) {
throw new NotFoundException("Couldn't find event processor factory for type " + eventDto.eventDefinitionType());
}
final EventDefinition eventDefinition = eventDefinitionService.get(eventDto.eventDefinitionId()).orElseThrow(() -> new NotFoundException("Could not find event definintion <" + eventDto.eventDefinitionId() + ">"));
final EventProcessor eventProcessor = factory.create(eventDefinition);
final ImmutableList.Builder<MessageSummary> backlogBuilder = ImmutableList.builder();
try {
eventProcessor.sourceMessagesForEvent(Event.fromDto(eventDto), backlogBuilder::addAll, backlogSize);
} catch (EventProcessorException e) {
// TODO return this error, so it can be included in the notification message?
LOG.error("Failed to query backlog messages for Event {}", eventDto.id(), e);
}
return backlogBuilder.build();
}
Also used :
EventProcessorException(org.graylog.events.processor.EventProcessorException)
ImmutableList(com.google.common.collect.ImmutableList)
EventProcessor(org.graylog.events.processor.EventProcessor)
NotFoundException(org.graylog2.database.NotFoundException)
EventDefinition(org.graylog.events.processor.EventDefinition)
MessageSummary(org.graylog2.plugin.MessageSummary)
Aggregations
ImmutableList (com.google.common.collect.ImmutableList)2
EventDefinition (org.graylog.events.processor.EventDefinition)2
EventProcessor (org.graylog.events.processor.EventProcessor)2
EventProcessorException (org.graylog.events.processor.EventProcessorException)2
VisibleForTesting (com.google.common.annotations.VisibleForTesting)1
ImmutableMap (com.google.common.collect.ImmutableMap)1
ImmutableSet (com.google.common.collect.ImmutableSet)1
Lists (com.google.common.collect.Lists)1
Maps (com.google.common.collect.Maps)1
Sets (com.google.common.collect.Sets)1
Ints (com.google.common.primitives.Ints)1
Assisted (com.google.inject.assistedinject.Assisted)1
IOException (java.io.IOException)1
HashMap (java.util.HashMap)1
List (java.util.List)1
Locale (java.util.Locale)1
Map (java.util.Map)1
Optional (java.util.Optional)1
Set (java.util.Set)1
AtomicLong (java.util.concurrent.atomic.AtomicLong)1
