Example 21 with EventDefinitionDto
use of org.graylog.events.processor.EventDefinitionDto in project graylog2-server by Graylog2.
the class LegacyAlertConditionMigrator method migrateFieldContentValue.
/**
* Example field content value alert condition data structure on streams:
* <pre>{@code
* {
* "id" : "00000000-0000-0000-0000-000000000001",
* "type" : "field_content_value",
* "title" : "Field Content - WITHOUT QUERY",
* "parameters" : {
* "backlog" : 100,
* "repeat_notifications" : false,
* "field" : "test_field_2",
* "query" : "",
* "grace" : 2,
* "value" : "hello"
* },
* "creator_user_id" : "admin",
* "created_at": "2019-01-01T00:00:00.000Z"
* }
* }</pre>
*/
private void migrateFieldContentValue(Helper helper) {
final String field = helper.parameters().getString("field");
final String value = helper.parameters().getString("value");
// The configured condition query can be empty
String query = field + ":\"" + value + "\"";
if (!isNullOrEmpty(helper.query) && !"*".equals(helper.query.trim())) {
query = query + " AND " + helper.query;
}
final String seriesId = helper.newSeriesId();
final AggregationSeries messageCountSeries = AggregationSeries.builder().id(seriesId).function(AggregationFunction.COUNT).field(null).build();
final Expr.NumberReference left = Expr.NumberReference.create(seriesId);
final Expr.NumberValue right = Expr.NumberValue.create(0);
final Expression<Boolean> expression = Expr.Greater.create(left, right);
final EventProcessorConfig config = AggregationEventProcessorConfig.builder().streams(ImmutableSet.of(helper.streamId)).query(query).series(ImmutableList.of(messageCountSeries)).groupBy(ImmutableList.of()).conditions(AggregationConditions.builder().expression(expression).build()).searchWithinMs(// The FieldContentValueAlertCondition was just using the alert scanner interval
executeEveryMs).executeEveryMs(executeEveryMs).build();
final EventDefinitionDto definitionDto = helper.createEventDefinition(config);
LOG.info("Migrate legacy field content value alert condition <{}>", definitionDto.title());
eventDefinitionHandler.create(definitionDto, userService.getRootUser());
}
Also used :
Expr(org.graylog.events.conditions.Expr)
EventDefinitionDto(org.graylog.events.processor.EventDefinitionDto)
AggregationSeries(org.graylog.events.processor.aggregation.AggregationSeries)
EventProcessorConfig(org.graylog.events.processor.EventProcessorConfig)
AggregationEventProcessorConfig(org.graylog.events.processor.aggregation.AggregationEventProcessorConfig)
Example 22 with EventDefinitionDto
use of org.graylog.events.processor.EventDefinitionDto in project graylog2-server by Graylog2.
the class LegacyAlertConditionMigrator method migrateMessageCount.
/**
* Example message count alert condition data structure on streams:
* <pre>{@code
* {
* "id" : "00000000-0000-0000-0000-000000000001",
* "type" : "message_count",
* "title" : "Message Count - MORE",
* "parameters" : {
* "backlog" : 10,
* "repeat_notifications" : false,
* "query" : "hello:world",
* "grace" : 2,
* "threshold_type" : "MORE",
* "threshold" : 1,
* "time" : 10
* },
* "creator_user_id" : "admin",
* "created_at": "2019-01-01T00:00:00.000Z"
* }
* }</pre>
*/
private void migrateMessageCount(Helper helper) {
final String seriesId = helper.newSeriesId();
final AggregationSeries messageCountSeries = AggregationSeries.builder().id(seriesId).function(AggregationFunction.COUNT).field(null).build();
final Expression<Boolean> expression = helper.createExpression(seriesId, "MORE");
final EventProcessorConfig config = helper.createAggregationProcessorConfig(messageCountSeries, expression, executeEveryMs);
final EventDefinitionDto definitionDto = helper.createEventDefinition(config);
LOG.info("Migrate legacy message count alert condition <{}>", definitionDto.title());
eventDefinitionHandler.create(definitionDto, userService.getRootUser());
}
Also used :
EventDefinitionDto(org.graylog.events.processor.EventDefinitionDto)
AggregationSeries(org.graylog.events.processor.aggregation.AggregationSeries)
EventProcessorConfig(org.graylog.events.processor.EventProcessorConfig)
AggregationEventProcessorConfig(org.graylog.events.processor.aggregation.AggregationEventProcessorConfig)
Example 23 with EventDefinitionDto
use of org.graylog.events.processor.EventDefinitionDto in project graylog2-server by Graylog2.
the class EventDefinitionFacade method resolveNativeEntity.
@Override
public Graph<EntityDescriptor> resolveNativeEntity(EntityDescriptor entityDescriptor) {
final MutableGraph<EntityDescriptor> mutableGraph = GraphBuilder.directed().build();
mutableGraph.addNode(entityDescriptor);
final ModelId modelId = entityDescriptor.id();
final Optional<EventDefinitionDto> eventDefinition = eventDefinitionService.get(modelId.id());
if (eventDefinition.isPresent()) {
eventDefinition.get().resolveNativeEntity(entityDescriptor, mutableGraph);
} else {
LOG.debug("Couldn't find event definition {}", entityDescriptor);
}
return ImmutableGraph.copyOf(mutableGraph);
}
Also used :
EntityDescriptor(org.graylog2.contentpacks.model.entities.EntityDescriptor)
NativeEntityDescriptor(org.graylog2.contentpacks.model.entities.NativeEntityDescriptor)
EventDefinitionDto(org.graylog.events.processor.EventDefinitionDto)
ModelId(org.graylog2.contentpacks.model.ModelId)
Example 24 with EventDefinitionDto
use of org.graylog.events.processor.EventDefinitionDto in project graylog2-server by Graylog2.
the class EventDefinitionFacade method decode.
private NativeEntity<EventDefinitionDto> decode(EntityV1 entity, Map<String, ValueReference> parameters, Map<EntityDescriptor, Object> nativeEntities, User user) {
final EventDefinitionEntity eventDefinitionEntity = objectMapper.convertValue(entity.data(), EventDefinitionEntity.class);
final EventDefinitionDto eventDefinition = eventDefinitionEntity.toNativeEntity(parameters, nativeEntities);
final EventDefinitionDto savedDto;
if (eventDefinitionEntity.isScheduled().asBoolean(parameters)) {
savedDto = eventDefinitionHandler.create(eventDefinition, Optional.ofNullable(user));
} else {
savedDto = eventDefinitionHandler.createWithoutSchedule(eventDefinition, Optional.ofNullable(user));
}
return NativeEntity.create(entity.id(), savedDto.id(), ModelTypes.EVENT_DEFINITION_V1, savedDto.title(), savedDto);
}
Also used :
EventDefinitionDto(org.graylog.events.processor.EventDefinitionDto)
EventDefinitionEntity(org.graylog.events.contentpack.entities.EventDefinitionEntity)
Example 25 with EventDefinitionDto
use of org.graylog.events.processor.EventDefinitionDto in project graylog2-server by Graylog2.
the class EventDefinitionsResource method create.
@POST
@Produces(MediaType.APPLICATION_JSON)
@ApiOperation("Create new event definition")
@AuditEvent(type = EventsAuditEventTypes.EVENT_DEFINITION_CREATE)
@RequiresPermissions(RestPermissions.EVENT_DEFINITIONS_CREATE)
public Response create(@ApiParam("schedule") @QueryParam("schedule") @DefaultValue("true") boolean schedule, @ApiParam(name = "JSON Body") EventDefinitionDto dto, @Context UserContext userContext) {
checkEventDefinitionPermissions(dto, "create");
final ValidationResult result = dto.validate();
if (result.failed()) {
return Response.status(Response.Status.BAD_REQUEST).entity(result).build();
}
final EventDefinitionDto entity = schedule ? eventDefinitionHandler.create(dto, Optional.of(userContext.getUser())) : eventDefinitionHandler.createWithoutSchedule(dto, Optional.of(userContext.getUser()));
return Response.ok().entity(entity).build();
}
Also used :
EventDefinitionDto(org.graylog.events.processor.EventDefinitionDto)
ValidationResult(org.graylog2.plugin.rest.ValidationResult)
RequiresPermissions(org.apache.shiro.authz.annotation.RequiresPermissions)
POST(javax.ws.rs.POST)
Produces(javax.ws.rs.Produces)
ApiOperation(io.swagger.annotations.ApiOperation)
NoAuditEvent(org.graylog2.audit.jersey.NoAuditEvent)
AuditEvent(org.graylog2.audit.jersey.AuditEvent)
Aggregations
EventDefinitionDto (org.graylog.events.processor.EventDefinitionDto)25
Test (org.junit.Test)10
AbsoluteRange (org.graylog2.plugin.indexer.searches.timeranges.AbsoluteRange)7
DateTime (org.joda.time.DateTime)7
TestEvent (org.graylog.events.event.TestEvent)5
Event (org.graylog.events.event.Event)4
EventWithContext (org.graylog.events.event.EventWithContext)4
EventProcessorConfig (org.graylog.events.processor.EventProcessorConfig)4
Message (org.graylog2.plugin.Message)4
AggregationEventProcessorConfig (org.graylog.events.processor.aggregation.AggregationEventProcessorConfig)3
AggregationSeries (org.graylog.events.processor.aggregation.AggregationSeries)3
JobDefinitionDto (org.graylog.scheduler.JobDefinitionDto)3
JobTriggerDto (org.graylog.scheduler.JobTriggerDto)3
MongoDBFixtures (org.graylog.testing.mongodb.MongoDBFixtures)3
NativeEntityDescriptor (org.graylog2.contentpacks.model.entities.NativeEntityDescriptor)3
ApiOperation (io.swagger.annotations.ApiOperation)2
EventDto (org.graylog.events.event.EventDto)2
ModelId (org.graylog2.contentpacks.model.ModelId)2
EntityDescriptor (org.graylog2.contentpacks.model.entities.EntityDescriptor)2
ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)2
