Examples with EvaluationContext org.graylog.plugins.pipelineprocessor.EvaluationContext used on opensource projects

Search in sources :

Example 11 with EvaluationContext

use of org.graylog.plugins.pipelineprocessor.EvaluationContext in project graylog2-server by Graylog2.

the class CEFParserFunctionTest method evaluate_returns_null_for_empty_CEF_string.

@Test
public void evaluate_returns_null_for_empty_CEF_string() throws Exception {
    final Map<String, Expression> arguments = Collections.singletonMap(CEFParserFunction.VALUE, new StringExpression(new CommonToken(0), ""));
    final FunctionArgs functionArgs = new FunctionArgs(function, arguments);
    final Message message = new Message("__dummy", "__dummy", DateTime.parse("2010-07-30T16:03:25Z"));
    final EvaluationContext evaluationContext = new EvaluationContext(message);
    final CEFParserResult result = function.evaluate(functionArgs, evaluationContext);
    assertNull(result);
}
Also used : Message(org.graylog2.plugin.Message) BooleanExpression(org.graylog.plugins.pipelineprocessor.ast.expressions.BooleanExpression) StringExpression(org.graylog.plugins.pipelineprocessor.ast.expressions.StringExpression) Expression(org.graylog.plugins.pipelineprocessor.ast.expressions.Expression) StringExpression(org.graylog.plugins.pipelineprocessor.ast.expressions.StringExpression) FunctionArgs(org.graylog.plugins.pipelineprocessor.ast.functions.FunctionArgs) EvaluationContext(org.graylog.plugins.pipelineprocessor.EvaluationContext) CommonToken(org.antlr.v4.runtime.CommonToken) Test(org.junit.Test)

Example 12 with EvaluationContext

use of org.graylog.plugins.pipelineprocessor.EvaluationContext in project graylog2-server by Graylog2.

the class CEFParserFunctionTest method evaluate_returns_null_for_missing_CEF_string.

@Test
public void evaluate_returns_null_for_missing_CEF_string() throws Exception {
    final FunctionArgs functionArgs = new FunctionArgs(function, Collections.emptyMap());
    final Message message = new Message("__dummy", "__dummy", DateTime.parse("2010-07-30T16:03:25Z"));
    final EvaluationContext evaluationContext = new EvaluationContext(message);
    final CEFParserResult result = function.evaluate(functionArgs, evaluationContext);
    assertNull(result);
}
Also used : Message(org.graylog2.plugin.Message) FunctionArgs(org.graylog.plugins.pipelineprocessor.ast.functions.FunctionArgs) EvaluationContext(org.graylog.plugins.pipelineprocessor.EvaluationContext) Test(org.junit.Test)

Example 13 with EvaluationContext

use of org.graylog.plugins.pipelineprocessor.EvaluationContext in project graylog2-server by Graylog2.

the class FunctionsSnippetsTest method keyValue.

@Test
public void keyValue() {
    final Rule rule = parser.parseRule(ruleForTest(), true);
    final EvaluationContext context = contextForRuleEval(rule, new Message("", "", Tools.nowUTC()));
    assertThat(context).isNotNull();
    assertThat(context.evaluationErrors()).isEmpty();
    final Message message = context.currentMessage();
    assertThat(message).isNotNull();
    assertThat(message.getField("a")).isEqualTo("1,4");
    assertThat(message.getField("b")).isEqualTo("2");
    assertThat(message.getField("c")).isEqualTo("3");
    assertThat(message.getField("d")).isEqualTo("44");
    assertThat(message.getField("e")).isEqualTo("4");
    assertThat(message.getField("f")).isEqualTo("1");
    assertThat(message.getField("g")).isEqualTo("3");
    assertThat(message.getField("h")).isEqualTo("3=:3");
    assertThat(message.hasField("i")).isFalse();
    assertThat(message.getField("dup_first")).isEqualTo("1");
    assertThat(message.getField("dup_last")).isEqualTo("2");
    assertThat(message.getField("spacequote1")).isEqualTo("\"a space quote\"");
    assertThat(message.getField("spacequote2")).isEqualTo("a space quote");
    assertThat(message.getField("spacequote3")).isEqualTo("'a space quote'");
    assertThat(message.getField("spacequote4")).isEqualTo("a space quote");
    assertThat(message.getField("spacequote5")).isEqualTo("a space 'quote'");
    assertThat(message.getField("spacequote6")).isEqualTo("a space \"quote\"");
    assertThat(message.getField("spacequote7")).isEqualTo("it's a space 'quote'");
    assertThat(message.getField("sq1")).isEqualTo("a");
    assertThat(message.getField("sq2")).isEqualTo("b");
    assertThat(message.getField("sq3")).isEqualTo("c");
    assertThat(message.getField("sq4")).isEqualTo("' d '");
    assertThat(message.getField("sq5")).isEqualTo("\" e\"");
    assertThat(message.getField("sq6")).isEqualTo("it\"s a space");
    assertThat(message.getField("sq7")).isEqualTo("a, b");
    assertThat(message.getField("sq8")).isEqualTo("c|d");
    assertThat(message.getField("sq9")).isEqualTo("e| \"f, g\" | h");
    assertThat(message.getField("sq10")).isEqualTo("' i,j '");
    assertThat(message.getField("sq11")).isEqualTo("\" k|\"");
    assertThat(message.getField("sq12")).isEqualTo("l\"m n, o");
    assertThat(message.getField("dup-spacequote")).isEqualTo("it's a space 'quote'|another");
    assertThat(message.getField("sq@1")).isEqualTo("space quote");
    assertThat(message.getField("sq@2")).isEqualTo("hello");
}
Also used : CreateMessage(org.graylog.plugins.pipelineprocessor.functions.messages.CreateMessage) CloneMessage(org.graylog.plugins.pipelineprocessor.functions.messages.CloneMessage) DropMessage(org.graylog.plugins.pipelineprocessor.functions.messages.DropMessage) Message(org.graylog2.plugin.Message) MockitoRule(org.mockito.junit.MockitoRule) Rule(org.graylog.plugins.pipelineprocessor.ast.Rule) EvaluationContext(org.graylog.plugins.pipelineprocessor.EvaluationContext) BaseParserTest(org.graylog.plugins.pipelineprocessor.BaseParserTest) Test(org.junit.Test)

Example 14 with EvaluationContext

use of org.graylog.plugins.pipelineprocessor.EvaluationContext in project graylog2-server by Graylog2.

the class FunctionsSnippetsTest method clonedMessage.

@Test
public void clonedMessage() {
    final Message message = new Message("test", "test", Tools.nowUTC());
    message.addField("foo", "bar");
    message.addStream(mock(Stream.class));
    final Rule rule = parser.parseRule(ruleForTest(), false);
    final EvaluationContext context = contextForRuleEval(rule, message);
    final Message origMessage = context.currentMessage();
    final Message clonedMessage = Iterables.get(context.createdMessages(), 0);
    final Message otherMessage = Iterables.get(context.createdMessages(), 1);
    assertThat(origMessage).isNotSameAs(clonedMessage);
    assertThat(clonedMessage).isNotNull();
    assertThat(clonedMessage.getMessage()).isEqualTo(origMessage.getMessage());
    assertThat(clonedMessage.getSource()).isEqualTo(origMessage.getSource());
    assertThat(clonedMessage.getTimestamp()).isEqualTo(origMessage.getTimestamp());
    assertThat(clonedMessage.getStreams()).isEqualTo(origMessage.getStreams());
    assertThat(clonedMessage.hasField("removed_again")).isFalse();
    assertThat(clonedMessage.getFieldAs(Boolean.class, "has_source")).isTrue();
    assertThat(clonedMessage.getFieldAs(String.class, "only_in")).isEqualTo("new message");
    assertThat(clonedMessage.getFieldAs(String.class, "multi")).isEqualTo("new message");
    assertThat(clonedMessage.getFieldAs(String.class, "foo")).isEqualTo("bar");
    assertThat(otherMessage).isNotNull();
    assertThat(otherMessage.getMessage()).isEqualTo("foo");
    assertThat(otherMessage.getSource()).isEqualTo("source");
}
Also used : CreateMessage(org.graylog.plugins.pipelineprocessor.functions.messages.CreateMessage) CloneMessage(org.graylog.plugins.pipelineprocessor.functions.messages.CloneMessage) DropMessage(org.graylog.plugins.pipelineprocessor.functions.messages.DropMessage) Message(org.graylog2.plugin.Message) RouteToStream(org.graylog.plugins.pipelineprocessor.functions.messages.RouteToStream) Stream(org.graylog2.plugin.streams.Stream) RemoveFromStream(org.graylog.plugins.pipelineprocessor.functions.messages.RemoveFromStream) MockitoRule(org.mockito.junit.MockitoRule) Rule(org.graylog.plugins.pipelineprocessor.ast.Rule) EvaluationContext(org.graylog.plugins.pipelineprocessor.EvaluationContext) BaseParserTest(org.graylog.plugins.pipelineprocessor.BaseParserTest) Test(org.junit.Test)

Example 15 with EvaluationContext

use of org.graylog.plugins.pipelineprocessor.EvaluationContext in project graylog2-server by Graylog2.

the class FunctionsSnippetsTest method evalErrorSuppressed.

@Test
public void evalErrorSuppressed() {
    final Rule rule = parser.parseRule(ruleForTest(), false);
    final Message message = new Message("test", "test", Tools.nowUTC());
    message.addField("this_field_was_set", true);
    final EvaluationContext context = contextForRuleEval(rule, message);
    assertThat(context).isNotNull();
    assertThat(context.hasEvaluationErrors()).isFalse();
    assertThat(actionsTriggered.get()).isTrue();
}
Also used : CreateMessage(org.graylog.plugins.pipelineprocessor.functions.messages.CreateMessage) CloneMessage(org.graylog.plugins.pipelineprocessor.functions.messages.CloneMessage) DropMessage(org.graylog.plugins.pipelineprocessor.functions.messages.DropMessage) Message(org.graylog2.plugin.Message) MockitoRule(org.mockito.junit.MockitoRule) Rule(org.graylog.plugins.pipelineprocessor.ast.Rule) EvaluationContext(org.graylog.plugins.pipelineprocessor.EvaluationContext) BaseParserTest(org.graylog.plugins.pipelineprocessor.BaseParserTest) Test(org.junit.Test)

Aggregations

EvaluationContext (org.graylog.plugins.pipelineprocessor.EvaluationContext)17 Message (org.graylog2.plugin.Message)15 Test (org.junit.Test)15 Rule (org.graylog.plugins.pipelineprocessor.ast.Rule)9 BaseParserTest (org.graylog.plugins.pipelineprocessor.BaseParserTest)8 FunctionArgs (org.graylog.plugins.pipelineprocessor.ast.functions.FunctionArgs)8 CloneMessage (org.graylog.plugins.pipelineprocessor.functions.messages.CloneMessage)8 CreateMessage (org.graylog.plugins.pipelineprocessor.functions.messages.CreateMessage)8 DropMessage (org.graylog.plugins.pipelineprocessor.functions.messages.DropMessage)8 MockitoRule (org.mockito.junit.MockitoRule)8 CommonToken (org.antlr.v4.runtime.CommonToken)6 BooleanExpression (org.graylog.plugins.pipelineprocessor.ast.expressions.BooleanExpression)6 Expression (org.graylog.plugins.pipelineprocessor.ast.expressions.Expression)6 StringExpression (org.graylog.plugins.pipelineprocessor.ast.expressions.StringExpression)6 RemoveFromStream (org.graylog.plugins.pipelineprocessor.functions.messages.RemoveFromStream)2 RouteToStream (org.graylog.plugins.pipelineprocessor.functions.messages.RouteToStream)2 Stream (org.graylog2.plugin.streams.Stream)2 MetricRegistry (com.codahale.metrics.MetricRegistry)1 ImmutableList (com.google.common.collect.ImmutableList)1 Ints (com.google.common.primitives.Ints)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial