Examples with EventProcessorConfig org.graylog.events.processor.EventProcessorConfig used on opensource projects

Search in sources :

Example 1 with EventProcessorConfig

use of org.graylog.events.processor.EventProcessorConfig in project graylog2-server by Graylog2.

the class NotificationTestData method getDummyContext.

public static EventNotificationContext getDummyContext(NotificationDto notificationDto, String userName) {
    final EventDto eventDto = EventDto.builder().alert(true).eventDefinitionId("EventDefinitionTestId").eventDefinitionType("notification-test-v1").eventTimestamp(Tools.nowUTC()).processingTimestamp(Tools.nowUTC()).id("TEST_NOTIFICATION_ID").streams(ImmutableSet.of(Stream.DEFAULT_EVENTS_STREAM_ID)).message("Notification test message triggered from user <" + userName + ">").source(Stream.DEFAULT_STREAM_ID).keyTuple(ImmutableList.of("testkey")).key("testkey").originContext(EventOriginContext.elasticsearchMessage("testIndex_42", "b5e53442-12bb-4374-90ed-0deadbeefbaz")).priority(2).fields(ImmutableMap.of("field1", "value1", "field2", "value2")).build();
    final EventDefinitionDto eventDefinitionDto = EventDefinitionDto.builder().alert(true).id(TEST_NOTIFICATION_ID).title("Event Definition Test Title").description("Event Definition Test Description").config(new EventProcessorConfig() {

        @Override
        public String type() {
            return "test-dummy-v1";
        }

        @Override
        public ValidationResult validate() {
            return null;
        }

        @Override
        public EventProcessorConfigEntity toContentPackEntity(EntityDescriptorIds entityDescriptorIds) {
            return null;
        }
    }).fieldSpec(ImmutableMap.of()).priority(2).keySpec(ImmutableList.of()).notificationSettings(new EventNotificationSettings() {

        @Override
        public long gracePeriodMs() {
            return 0;
        }

        @Override
        public // disable to avoid errors in getBacklogForEvent()
        long backlogSize() {
            return 0;
        }

        @Override
        public Builder toBuilder() {
            return null;
        }
    }).build();
    return EventNotificationContext.builder().notificationId(TEST_NOTIFICATION_ID).notificationConfig(notificationDto.config()).event(eventDto).eventDefinition(eventDefinitionDto).build();
}
Also used : EventDefinitionDto(org.graylog.events.processor.EventDefinitionDto) EntityDescriptorIds(org.graylog2.contentpacks.EntityDescriptorIds) EventDto(org.graylog.events.event.EventDto) EventProcessorConfig(org.graylog.events.processor.EventProcessorConfig)

Example 2 with EventProcessorConfig

use of org.graylog.events.processor.EventProcessorConfig in project graylog2-server by Graylog2.

the class LegacyAlertConditionMigrator method migrateFieldValue.

/**
 * Example field value alert condition data structure on streams:
 * <pre>{@code
 *         {
 *           "id" : "00000000-0000-0000-0000-000000000001",
 *           "type" : "field_value",
 *           "title" : "Field Value - HIGHER - MEAN",
 *           "parameters" : {
 *             "backlog" : 15,
 *             "repeat_notifications" : false,
 *             "field" : "test_field_1",
 *             "query" : "*",
 *             "grace" : 1,
 *             "threshold_type" : "HIGHER",
 *             "threshold" : 23,
 *             "time" : 5,
 *             "type" : "MEAN"
 *           },
 *           "creator_user_id" : "admin",
 *           "created_at": "2019-01-01T00:00:00.000Z"
 *         }
 * }</pre>
 */
private void migrateFieldValue(Helper helper) {
    final String type = helper.parameters().getString("type");
    final String field = helper.parameters().getString("field");
    final String seriesId = helper.newSeriesId();
    final AggregationSeries.Builder aggregationSeriesBuilder = AggregationSeries.builder().id(seriesId).field(field);
    switch(type.toUpperCase(Locale.US)) {
        case "MEAN":
            aggregationSeriesBuilder.function(AggregationFunction.AVG);
            break;
        case "MIN":
            aggregationSeriesBuilder.function(AggregationFunction.MIN);
            break;
        case "MAX":
            aggregationSeriesBuilder.function(AggregationFunction.MAX);
            break;
        case "SUM":
            aggregationSeriesBuilder.function(AggregationFunction.SUM);
            break;
        case "STDDEV":
            aggregationSeriesBuilder.function(AggregationFunction.STDDEV);
            break;
        default:
            LOG.warn("Couldn't migrate field value alert condition with unknown type: {}", type);
            return;
    }
    final AggregationSeries aggregationSeries = aggregationSeriesBuilder.build();
    final Expression<Boolean> expression = helper.createExpression(seriesId, "HIGHER");
    final EventProcessorConfig config = helper.createAggregationProcessorConfig(aggregationSeries, expression, executeEveryMs);
    final EventDefinitionDto definitionDto = helper.createEventDefinition(config);
    LOG.info("Migrate legacy field value alert condition <{}>", definitionDto.title());
    eventDefinitionHandler.create(definitionDto, userService.getRootUser());
}
Also used : EventDefinitionDto(org.graylog.events.processor.EventDefinitionDto) AggregationSeries(org.graylog.events.processor.aggregation.AggregationSeries) EventProcessorConfig(org.graylog.events.processor.EventProcessorConfig) AggregationEventProcessorConfig(org.graylog.events.processor.aggregation.AggregationEventProcessorConfig)

Example 3 with EventProcessorConfig

use of org.graylog.events.processor.EventProcessorConfig in project graylog2-server by Graylog2.

the class LegacyAlertConditionMigrator method migrateFieldContentValue.

/**
 * Example field content value alert condition data structure on streams:
 * <pre>{@code
 *         {
 *           "id" : "00000000-0000-0000-0000-000000000001",
 *           "type" : "field_content_value",
 *           "title" : "Field Content - WITHOUT QUERY",
 *           "parameters" : {
 *             "backlog" : 100,
 *             "repeat_notifications" : false,
 *             "field" : "test_field_2",
 *             "query" : "",
 *             "grace" : 2,
 *             "value" : "hello"
 *           },
 *           "creator_user_id" : "admin",
 *           "created_at": "2019-01-01T00:00:00.000Z"
 *         }
 * }</pre>
 */
private void migrateFieldContentValue(Helper helper) {
    final String field = helper.parameters().getString("field");
    final String value = helper.parameters().getString("value");
    // The configured condition query can be empty
    String query = field + ":\"" + value + "\"";
    if (!isNullOrEmpty(helper.query) && !"*".equals(helper.query.trim())) {
        query = query + " AND " + helper.query;
    }
    final String seriesId = helper.newSeriesId();
    final AggregationSeries messageCountSeries = AggregationSeries.builder().id(seriesId).function(AggregationFunction.COUNT).field(null).build();
    final Expr.NumberReference left = Expr.NumberReference.create(seriesId);
    final Expr.NumberValue right = Expr.NumberValue.create(0);
    final Expression<Boolean> expression = Expr.Greater.create(left, right);
    final EventProcessorConfig config = AggregationEventProcessorConfig.builder().streams(ImmutableSet.of(helper.streamId)).query(query).series(ImmutableList.of(messageCountSeries)).groupBy(ImmutableList.of()).conditions(AggregationConditions.builder().expression(expression).build()).searchWithinMs(// The FieldContentValueAlertCondition was just using the alert scanner interval
    executeEveryMs).executeEveryMs(executeEveryMs).build();
    final EventDefinitionDto definitionDto = helper.createEventDefinition(config);
    LOG.info("Migrate legacy field content value alert condition <{}>", definitionDto.title());
    eventDefinitionHandler.create(definitionDto, userService.getRootUser());
}
Also used : Expr(org.graylog.events.conditions.Expr) EventDefinitionDto(org.graylog.events.processor.EventDefinitionDto) AggregationSeries(org.graylog.events.processor.aggregation.AggregationSeries) EventProcessorConfig(org.graylog.events.processor.EventProcessorConfig) AggregationEventProcessorConfig(org.graylog.events.processor.aggregation.AggregationEventProcessorConfig)

Example 4 with EventProcessorConfig

use of org.graylog.events.processor.EventProcessorConfig in project graylog2-server by Graylog2.

the class LegacyAlertConditionMigrator method migrateMessageCount.

/**
 * Example message count alert condition data structure on streams:
 * <pre>{@code
 *         {
 *           "id" : "00000000-0000-0000-0000-000000000001",
 *           "type" : "message_count",
 *           "title" : "Message Count - MORE",
 *           "parameters" : {
 *             "backlog" : 10,
 *             "repeat_notifications" : false,
 *             "query" : "hello:world",
 *             "grace" : 2,
 *             "threshold_type" : "MORE",
 *             "threshold" : 1,
 *             "time" : 10
 *           },
 *           "creator_user_id" : "admin",
 *           "created_at": "2019-01-01T00:00:00.000Z"
 *         }
 * }</pre>
 */
private void migrateMessageCount(Helper helper) {
    final String seriesId = helper.newSeriesId();
    final AggregationSeries messageCountSeries = AggregationSeries.builder().id(seriesId).function(AggregationFunction.COUNT).field(null).build();
    final Expression<Boolean> expression = helper.createExpression(seriesId, "MORE");
    final EventProcessorConfig config = helper.createAggregationProcessorConfig(messageCountSeries, expression, executeEveryMs);
    final EventDefinitionDto definitionDto = helper.createEventDefinition(config);
    LOG.info("Migrate legacy message count alert condition <{}>", definitionDto.title());
    eventDefinitionHandler.create(definitionDto, userService.getRootUser());
}
Also used : EventDefinitionDto(org.graylog.events.processor.EventDefinitionDto) AggregationSeries(org.graylog.events.processor.aggregation.AggregationSeries) EventProcessorConfig(org.graylog.events.processor.EventProcessorConfig) AggregationEventProcessorConfig(org.graylog.events.processor.aggregation.AggregationEventProcessorConfig)

Aggregations

EventDefinitionDto (org.graylog.events.processor.EventDefinitionDto)4 EventProcessorConfig (org.graylog.events.processor.EventProcessorConfig)4 AggregationEventProcessorConfig (org.graylog.events.processor.aggregation.AggregationEventProcessorConfig)3 AggregationSeries (org.graylog.events.processor.aggregation.AggregationSeries)3 Expr (org.graylog.events.conditions.Expr)1 EventDto (org.graylog.events.event.EventDto)1 EntityDescriptorIds (org.graylog2.contentpacks.EntityDescriptorIds)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial