Search in sources :

Example 11 with Pipeline

use of org.graylog.plugins.pipelineprocessor.ast.Pipeline in project graylog2-server by Graylog2.

the class PipelineInterpreter method evaluateStage.

private void evaluateStage(Stage stage, Message message, String msgId, List<Message> result, Set<Pipeline> pipelinesToSkip, InterpreterListener interpreterListener) {
    final Pipeline pipeline = stage.getPipeline();
    if (pipelinesToSkip.contains(pipeline)) {
        log.debug("[{}] previous stage result prevents further processing of pipeline `{}`", msgId, pipeline.name());
        return;
    }
    stage.markExecution();
    interpreterListener.enterStage(stage);
    log.debug("[{}] evaluating rule conditions in stage {}: match {}", msgId, stage.stage(), stage.match());
    // TODO the message should be decorated to allow layering changes and isolate stages
    final EvaluationContext context = new EvaluationContext(message);
    // 3. iterate over all the stages in these pipelines and execute them in order
    final List<Rule> stageRules = stage.getRules();
    final List<Rule> rulesToRun = new ArrayList<>(stageRules.size());
    // If there are no rules, we can simply continue to the next stage
    boolean anyRulesMatched = stageRules.isEmpty();
    boolean allRulesMatched = true;
    for (Rule rule : stageRules) {
        try {
            final boolean ruleCondition = evaluateRuleCondition(rule, message, msgId, pipeline, context, rulesToRun, interpreterListener);
            anyRulesMatched |= ruleCondition;
            allRulesMatched &= ruleCondition;
            if (context.hasEvaluationErrors()) {
                log.warn("Error evaluating condition for rule <{}/{}> with message: {} (Error: {})", rule.name(), rule.id(), message, context.lastEvaluationError());
                break;
            }
        } catch (Exception e) {
            log.warn("Error evaluating condition for rule <{}/{}> with message: {} (Error: {})", rule.name(), rule.id(), message, e.getMessage());
            throw e;
        }
    }
    for (Rule rule : rulesToRun) {
        if (!executeRuleActions(rule, message, msgId, pipeline, context, interpreterListener)) {
            log.warn("Error evaluating action for rule <{}/{}> with message: {} (Error: {})", rule.name(), rule.id(), message, context.lastEvaluationError());
            // if any of the rules raise an error, skip the rest of the rules
            break;
        }
    }
    // stage needed to match all rule conditions to enable the next stage,
    // record that it is ok to proceed with this pipeline
    // OR
    // any rule could match, but at least one had to,
    // record that it is ok to proceed with the pipeline
    final boolean matchAllSuccess = Stage.Match.ALL == stage.match() && allRulesMatched;
    final boolean matchEitherSuccess = Stage.Match.EITHER == stage.match() && anyRulesMatched;
    final boolean matchIsPass = Stage.Match.PASS == stage.match();
    if (matchAllSuccess || matchEitherSuccess || matchIsPass) {
        interpreterListener.continuePipelineExecution(pipeline, stage);
        log.debug("[{}] stage {} for pipeline `{}` required match: {}, ok to proceed with next stage", msgId, stage.stage(), pipeline.name(), stage.match());
    } else {
        // no longer execute stages from this pipeline, the guard prevents it
        interpreterListener.stopPipelineExecution(pipeline, stage);
        log.debug("[{}] stage {} for pipeline `{}` required match: {}, NOT ok to proceed with next stage", msgId, stage.stage(), pipeline.name(), stage.match());
        pipelinesToSkip.add(pipeline);
    }
    // 4. after each complete stage run, merge the processing changes, stages are isolated from each other
    // TODO message changes become visible immediately for now
    // 4a. also add all new messages from the context to the toProcess work list
    Iterables.addAll(result, context.createdMessages());
    context.clearCreatedMessages();
    interpreterListener.exitStage(stage);
}
Also used : ArrayList(java.util.ArrayList) EvaluationContext(org.graylog.plugins.pipelineprocessor.EvaluationContext) Rule(org.graylog.plugins.pipelineprocessor.ast.Rule) ExecutionException(java.util.concurrent.ExecutionException) Pipeline(org.graylog.plugins.pipelineprocessor.ast.Pipeline)

Example 12 with Pipeline

use of org.graylog.plugins.pipelineprocessor.ast.Pipeline in project graylog2-server by Graylog2.

the class PipelineInterpreter method processForResolvedPipelines.

// Public access is required due to use in the Illuminate processor.
public List<Message> processForResolvedPipelines(Message message, String msgId, Set<Pipeline> pipelines, InterpreterListener interpreterListener, State state) {
    final List<Message> result = new ArrayList<>();
    // record execution of pipeline in metrics
    pipelines.forEach(Pipeline::markExecution);
    final StageIterator stages = state.getStageIterator(pipelines);
    final Set<Pipeline> pipelinesToSkip = Sets.newHashSet();
    // pipeline execution ordering is not guaranteed
    while (stages.hasNext()) {
        // remaining stages.
        if (message.getFilterOut()) {
            break;
        }
        final List<Stage> stageSet = stages.next();
        for (final Stage stage : stageSet) {
            evaluateStage(stage, message, msgId, result, pipelinesToSkip, interpreterListener);
        }
    }
    // 7. return the processed messages
    return result;
}
Also used : Message(org.graylog2.plugin.Message) ArrayList(java.util.ArrayList) Stage(org.graylog.plugins.pipelineprocessor.ast.Stage) Pipeline(org.graylog.plugins.pipelineprocessor.ast.Pipeline)

Example 13 with Pipeline

use of org.graylog.plugins.pipelineprocessor.ast.Pipeline in project graylog2-server by Graylog2.

the class PipelineResource method update.

@ApiOperation(value = "Modify a processing pipeline", notes = "It can take up to a second until the change is applied")
@Path("/{id}")
@PUT
@AuditEvent(type = PipelineProcessorAuditEventTypes.PIPELINE_UPDATE)
public PipelineSource update(@ApiParam(name = "id") @PathParam("id") String id, @ApiParam(name = "pipeline", required = true) @NotNull PipelineSource update) throws NotFoundException {
    checkPermission(PipelineRestPermissions.PIPELINE_EDIT, id);
    final PipelineDao dao = pipelineService.load(id);
    final Pipeline pipeline;
    try {
        pipeline = pipelineRuleParser.parsePipeline(update.id(), update.source());
    } catch (ParseException e) {
        throw new BadRequestException(Response.status(Response.Status.BAD_REQUEST).entity(e.getErrors()).build());
    }
    final PipelineDao toSave = dao.toBuilder().title(pipeline.name()).description(update.description()).source(update.source()).modifiedAt(DateTime.now(DateTimeZone.UTC)).build();
    final PipelineDao savedPipeline = pipelineService.save(toSave);
    return PipelineSource.fromDao(pipelineRuleParser, savedPipeline);
}
Also used : PipelineDao(org.graylog.plugins.pipelineprocessor.db.PipelineDao) BadRequestException(javax.ws.rs.BadRequestException) ParseException(org.graylog.plugins.pipelineprocessor.parser.ParseException) Pipeline(org.graylog.plugins.pipelineprocessor.ast.Pipeline) Path(javax.ws.rs.Path) ApiOperation(io.swagger.annotations.ApiOperation) AuditEvent(org.graylog2.audit.jersey.AuditEvent) NoAuditEvent(org.graylog2.audit.jersey.NoAuditEvent) PUT(javax.ws.rs.PUT)

Example 14 with Pipeline

use of org.graylog.plugins.pipelineprocessor.ast.Pipeline in project graylog2-server by Graylog2.

the class PipelineSource method fromDao.

public static PipelineSource fromDao(PipelineRuleParser parser, PipelineDao dao) {
    Set<ParseError> errors = null;
    Pipeline pipeline = null;
    try {
        pipeline = parser.parsePipeline(dao.id(), dao.source());
    } catch (ParseException e) {
        errors = e.getErrors();
    }
    final List<StageSource> stageSources = (pipeline == null) ? Collections.emptyList() : pipeline.stages().stream().map(stage -> StageSource.builder().match(stage.match()).rules(stage.ruleReferences()).stage(stage.stage()).build()).collect(Collectors.toList());
    return builder().id(dao.id()).title(dao.title()).description(dao.description()).source(dao.source()).createdAt(dao.createdAt()).modifiedAt(dao.modifiedAt()).stages(stageSources).errors(errors).build();
}
Also used : ParseError(org.graylog.plugins.pipelineprocessor.parser.errors.ParseError) ParseException(org.graylog.plugins.pipelineprocessor.parser.ParseException) Pipeline(org.graylog.plugins.pipelineprocessor.ast.Pipeline)

Example 15 with Pipeline

use of org.graylog.plugins.pipelineprocessor.ast.Pipeline in project graylog2-server by Graylog2.

the class PipelineRuleParser method parsePipeline.

public Pipeline parsePipeline(String id, String source) {
    final ParseContext parseContext = new ParseContext(false);
    final SyntaxErrorListener errorListener = new SyntaxErrorListener(parseContext);
    final RuleLangLexer lexer = new RuleLangLexer(new ANTLRInputStream(source));
    lexer.removeErrorListeners();
    lexer.addErrorListener(errorListener);
    final RuleLangParser parser = new RuleLangParser(new CommonTokenStream(lexer));
    parser.setErrorHandler(new DefaultErrorStrategy());
    parser.removeErrorListeners();
    parser.addErrorListener(errorListener);
    final RuleLangParser.PipelineContext pipelineContext = parser.pipeline();
    WALKER.walk(new PipelineAstBuilder(parseContext), pipelineContext);
    if (parseContext.getErrors().isEmpty()) {
        final Pipeline pipeline = parseContext.pipelines.get(0);
        return pipeline.withId(id);
    }
    throw new ParseException(parseContext.getErrors());
}
Also used : CommonTokenStream(org.antlr.v4.runtime.CommonTokenStream) DefaultErrorStrategy(org.antlr.v4.runtime.DefaultErrorStrategy) ANTLRInputStream(org.antlr.v4.runtime.ANTLRInputStream) Pipeline(org.graylog.plugins.pipelineprocessor.ast.Pipeline)

Aggregations

Pipeline (org.graylog.plugins.pipelineprocessor.ast.Pipeline)18 Stage (org.graylog.plugins.pipelineprocessor.ast.Stage)8 PipelineDao (org.graylog.plugins.pipelineprocessor.db.PipelineDao)6 Test (org.junit.Test)6 PipelineService (org.graylog.plugins.pipelineprocessor.db.PipelineService)5 RuleDao (org.graylog.plugins.pipelineprocessor.db.RuleDao)5 ParseException (org.graylog.plugins.pipelineprocessor.parser.ParseException)5 EntityDescriptor (org.graylog2.contentpacks.model.entities.EntityDescriptor)5 Collection (java.util.Collection)4 Collectors (java.util.stream.Collectors)4 Inject (javax.inject.Inject)4 PipelineStreamConnectionsService (org.graylog.plugins.pipelineprocessor.db.PipelineStreamConnectionsService)4 PipelineRuleParser (org.graylog.plugins.pipelineprocessor.parser.PipelineRuleParser)4 PipelineConnections (org.graylog.plugins.pipelineprocessor.rest.PipelineConnections)4 DateTime (org.joda.time.DateTime)4 JsonNode (com.fasterxml.jackson.databind.JsonNode)3 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)3 VisibleForTesting (com.google.common.annotations.VisibleForTesting)3 ImmutableSet (com.google.common.collect.ImmutableSet)3 Graph (com.google.common.graph.Graph)3