Examples with BooleanExpression org.graylog.plugins.pipelineprocessor.ast.expressions.BooleanExpression used on opensource projects

Search in sources :

Example 1 with BooleanExpression

use of org.graylog.plugins.pipelineprocessor.ast.expressions.BooleanExpression in project graylog2-server by Graylog2.

the class CEFParserFunctionTest method evaluate_returns_result_for_valid_CEF_string.

@Test
public void evaluate_returns_result_for_valid_CEF_string() throws Exception {
    final Map<String, Expression> arguments = ImmutableMap.of(CEFParserFunction.VALUE, new StringExpression(new CommonToken(0), "CEF:0|vendor|product|1.0|id|name|low|dvc=example.com msg=Foobar"), CEFParserFunction.USE_FULL_NAMES, new BooleanExpression(new CommonToken(0), false));
    final FunctionArgs functionArgs = new FunctionArgs(function, arguments);
    final Message message = new Message("__dummy", "__dummy", DateTime.parse("2010-07-30T16:03:25Z"));
    final EvaluationContext evaluationContext = new EvaluationContext(message);
    final CEFParserResult result = function.evaluate(functionArgs, evaluationContext);
    assertNotNull(result);
    assertEquals(0, result.get("cef_version"));
    assertEquals("vendor", result.get("device_vendor"));
    assertEquals("product", result.get("device_product"));
    assertEquals("1.0", result.get("device_version"));
    assertEquals("id", result.get("device_event_class_id"));
    assertEquals("low", result.get("severity"));
    assertEquals("example.com", result.get("dvc"));
    assertEquals("Foobar", result.get("msg"));
}
Also used : BooleanExpression(org.graylog.plugins.pipelineprocessor.ast.expressions.BooleanExpression) Message(org.graylog2.plugin.Message) BooleanExpression(org.graylog.plugins.pipelineprocessor.ast.expressions.BooleanExpression) StringExpression(org.graylog.plugins.pipelineprocessor.ast.expressions.StringExpression) Expression(org.graylog.plugins.pipelineprocessor.ast.expressions.Expression) StringExpression(org.graylog.plugins.pipelineprocessor.ast.expressions.StringExpression) FunctionArgs(org.graylog.plugins.pipelineprocessor.ast.functions.FunctionArgs) EvaluationContext(org.graylog.plugins.pipelineprocessor.EvaluationContext) CommonToken(org.antlr.v4.runtime.CommonToken) Test(org.junit.Test)

Example 2 with BooleanExpression

use of org.graylog.plugins.pipelineprocessor.ast.expressions.BooleanExpression in project graylog2-server by Graylog2.

the class PrecedenceTest method parenGroup.

@Test
public void parenGroup() {
    final Rule rule = parseRule("rule \"test\" when true == (false == false) then end");
    final LogicalExpression when = rule.when();
    assertThat(when).isInstanceOf(EqualityExpression.class);
    EqualityExpression topEqual = (EqualityExpression) when;
    assertThat(topEqual.left()).isInstanceOf(BooleanExpression.class);
    assertThat(topEqual.right()).isInstanceOf(EqualityExpression.class);
    final BooleanExpression trueExpr = (BooleanExpression) topEqual.left();
    assertThat(trueExpr.evaluateBool(null)).isTrue();
    final EqualityExpression falseFalse = (EqualityExpression) topEqual.right();
    assertThat(falseFalse.evaluateBool(null)).isTrue();
}
Also used : LogicalExpression(org.graylog.plugins.pipelineprocessor.ast.expressions.LogicalExpression) BooleanExpression(org.graylog.plugins.pipelineprocessor.ast.expressions.BooleanExpression) Rule(org.graylog.plugins.pipelineprocessor.ast.Rule) EqualityExpression(org.graylog.plugins.pipelineprocessor.ast.expressions.EqualityExpression) BaseParserTest(org.graylog.plugins.pipelineprocessor.BaseParserTest) Test(org.junit.Test)

Example 3 with BooleanExpression

use of org.graylog.plugins.pipelineprocessor.ast.expressions.BooleanExpression in project graylog2-server by Graylog2.

the class CEFParserFunctionTest method evaluate_returns_null_for_invalid_CEF_string.

@Test
public void evaluate_returns_null_for_invalid_CEF_string() throws Exception {
    final Map<String, Expression> arguments = ImmutableMap.of(CEFParserFunction.VALUE, new StringExpression(new CommonToken(0), "CEF:0|Foobar"), CEFParserFunction.USE_FULL_NAMES, new BooleanExpression(new CommonToken(0), false));
    final FunctionArgs functionArgs = new FunctionArgs(function, arguments);
    final Message message = new Message("__dummy", "__dummy", DateTime.parse("2010-07-30T16:03:25Z"));
    final EvaluationContext evaluationContext = new EvaluationContext(message);
    final CEFParserResult result = function.evaluate(functionArgs, evaluationContext);
    assertNull(result);
}
Also used : BooleanExpression(org.graylog.plugins.pipelineprocessor.ast.expressions.BooleanExpression) Message(org.graylog2.plugin.Message) BooleanExpression(org.graylog.plugins.pipelineprocessor.ast.expressions.BooleanExpression) StringExpression(org.graylog.plugins.pipelineprocessor.ast.expressions.StringExpression) Expression(org.graylog.plugins.pipelineprocessor.ast.expressions.Expression) StringExpression(org.graylog.plugins.pipelineprocessor.ast.expressions.StringExpression) FunctionArgs(org.graylog.plugins.pipelineprocessor.ast.functions.FunctionArgs) EvaluationContext(org.graylog.plugins.pipelineprocessor.EvaluationContext) CommonToken(org.antlr.v4.runtime.CommonToken) Test(org.junit.Test)

Example 4 with BooleanExpression

use of org.graylog.plugins.pipelineprocessor.ast.expressions.BooleanExpression in project graylog2-server by Graylog2.

the class CEFParserFunctionTest method evaluate_returns_result_without_message_field.

@Test
public void evaluate_returns_result_without_message_field() throws Exception {
    final Map<String, Expression> arguments = ImmutableMap.of(CEFParserFunction.VALUE, new StringExpression(new CommonToken(0), "CEF:0|vendor|product|1.0|id|name|low|dvc=example.com"), CEFParserFunction.USE_FULL_NAMES, new BooleanExpression(new CommonToken(0), false));
    final FunctionArgs functionArgs = new FunctionArgs(function, arguments);
    final Message message = new Message("__dummy", "__dummy", DateTime.parse("2010-07-30T16:03:25Z"));
    final EvaluationContext evaluationContext = new EvaluationContext(message);
    final CEFParserResult result = function.evaluate(functionArgs, evaluationContext);
    assertNotNull(result);
    assertEquals(0, result.get("cef_version"));
    assertEquals("vendor", result.get("device_vendor"));
    assertEquals("product", result.get("device_product"));
    assertEquals("1.0", result.get("device_version"));
    assertEquals("id", result.get("device_event_class_id"));
    assertEquals("low", result.get("severity"));
    assertEquals("example.com", result.get("dvc"));
    assertFalse(result.containsKey("message"));
}
Also used : BooleanExpression(org.graylog.plugins.pipelineprocessor.ast.expressions.BooleanExpression) Message(org.graylog2.plugin.Message) BooleanExpression(org.graylog.plugins.pipelineprocessor.ast.expressions.BooleanExpression) StringExpression(org.graylog.plugins.pipelineprocessor.ast.expressions.StringExpression) Expression(org.graylog.plugins.pipelineprocessor.ast.expressions.Expression) StringExpression(org.graylog.plugins.pipelineprocessor.ast.expressions.StringExpression) FunctionArgs(org.graylog.plugins.pipelineprocessor.ast.functions.FunctionArgs) EvaluationContext(org.graylog.plugins.pipelineprocessor.EvaluationContext) CommonToken(org.antlr.v4.runtime.CommonToken) Test(org.junit.Test)

Example 5 with BooleanExpression

use of org.graylog.plugins.pipelineprocessor.ast.expressions.BooleanExpression in project graylog2-server by Graylog2.

the class CEFParserFunctionTest method evaluate_returns_result_for_valid_CEF_string_with_full_names.

@Test
public void evaluate_returns_result_for_valid_CEF_string_with_full_names() throws Exception {
    final CEFParserFunction function = new CEFParserFunction(new MetricRegistry());
    final Map<String, Expression> arguments = ImmutableMap.of(CEFParserFunction.VALUE, new StringExpression(new CommonToken(0), "CEF:0|vendor|product|1.0|id|name|low|dvc=example.com msg=Foobar"), CEFParserFunction.USE_FULL_NAMES, new BooleanExpression(new CommonToken(0), true));
    final FunctionArgs functionArgs = new FunctionArgs(function, arguments);
    final Message message = new Message("__dummy", "__dummy", DateTime.parse("2010-07-30T16:03:25Z"));
    final EvaluationContext evaluationContext = new EvaluationContext(message);
    final CEFParserResult result = function.evaluate(functionArgs, evaluationContext);
    assertNotNull(result);
    assertEquals(0, result.get("cef_version"));
    assertEquals("vendor", result.get("device_vendor"));
    assertEquals("product", result.get("device_product"));
    assertEquals("1.0", result.get("device_version"));
    assertEquals("id", result.get("device_event_class_id"));
    assertEquals("low", result.get("severity"));
    assertEquals("example.com", result.get("deviceAddress"));
    assertEquals("Foobar", result.get("message"));
}
Also used : BooleanExpression(org.graylog.plugins.pipelineprocessor.ast.expressions.BooleanExpression) Message(org.graylog2.plugin.Message) BooleanExpression(org.graylog.plugins.pipelineprocessor.ast.expressions.BooleanExpression) StringExpression(org.graylog.plugins.pipelineprocessor.ast.expressions.StringExpression) Expression(org.graylog.plugins.pipelineprocessor.ast.expressions.Expression) MetricRegistry(com.codahale.metrics.MetricRegistry) StringExpression(org.graylog.plugins.pipelineprocessor.ast.expressions.StringExpression) FunctionArgs(org.graylog.plugins.pipelineprocessor.ast.functions.FunctionArgs) EvaluationContext(org.graylog.plugins.pipelineprocessor.EvaluationContext) CommonToken(org.antlr.v4.runtime.CommonToken) Test(org.junit.Test)

Aggregations

BooleanExpression (org.graylog.plugins.pipelineprocessor.ast.expressions.BooleanExpression)5 Test (org.junit.Test)5 CommonToken (org.antlr.v4.runtime.CommonToken)4 EvaluationContext (org.graylog.plugins.pipelineprocessor.EvaluationContext)4 Expression (org.graylog.plugins.pipelineprocessor.ast.expressions.Expression)4 StringExpression (org.graylog.plugins.pipelineprocessor.ast.expressions.StringExpression)4 FunctionArgs (org.graylog.plugins.pipelineprocessor.ast.functions.FunctionArgs)4 Message (org.graylog2.plugin.Message)4 MetricRegistry (com.codahale.metrics.MetricRegistry)1 BaseParserTest (org.graylog.plugins.pipelineprocessor.BaseParserTest)1 Rule (org.graylog.plugins.pipelineprocessor.ast.Rule)1 EqualityExpression (org.graylog.plugins.pipelineprocessor.ast.expressions.EqualityExpression)1 LogicalExpression (org.graylog.plugins.pipelineprocessor.ast.expressions.LogicalExpression)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial