Examples with Expression org.graylog.plugins.pipelineprocessor.ast.expressions.Expression used on opensource projects

Search in sources :

Example 1 with Expression

use of org.graylog.plugins.pipelineprocessor.ast.expressions.Expression in project graylog2-server by Graylog2.

the class Function method preprocessArgs.

default void preprocessArgs(FunctionArgs args) {
    for (Map.Entry<String, Expression> e : args.getConstantArgs().entrySet()) {
        final String name = e.getKey();
        try {
            final Object value = preComputeConstantArgument(args, name, e.getValue());
            if (value != null) {
                // noinspection unchecked
                final ParameterDescriptor<Object, Object> param = (ParameterDescriptor<Object, Object>) args.param(name);
                if (param == null) {
                    throw new IllegalStateException("Unknown parameter " + name + "! Cannot continue.");
                }
                args.setPreComputedValue(name, param.transform().apply(value));
            }
        } catch (Exception exception) {
            log.debug("Unable to precompute argument value for " + name, exception);
            throw new PrecomputeFailure(name, exception);
        }
    }
}
Also used : Expression(org.graylog.plugins.pipelineprocessor.ast.expressions.Expression) PrecomputeFailure(org.graylog.plugins.pipelineprocessor.ast.exceptions.PrecomputeFailure) Map(java.util.Map)

Example 2 with Expression

use of org.graylog.plugins.pipelineprocessor.ast.expressions.Expression in project graylog2-server by Graylog2.

the class CEFParserFunctionTest method evaluate_returns_result_for_valid_CEF_string.

@Test
public void evaluate_returns_result_for_valid_CEF_string() throws Exception {
    final Map<String, Expression> arguments = ImmutableMap.of(CEFParserFunction.VALUE, new StringExpression(new CommonToken(0), "CEF:0|vendor|product|1.0|id|name|low|dvc=example.com msg=Foobar"), CEFParserFunction.USE_FULL_NAMES, new BooleanExpression(new CommonToken(0), false));
    final FunctionArgs functionArgs = new FunctionArgs(function, arguments);
    final Message message = new Message("__dummy", "__dummy", DateTime.parse("2010-07-30T16:03:25Z"));
    final EvaluationContext evaluationContext = new EvaluationContext(message);
    final CEFParserResult result = function.evaluate(functionArgs, evaluationContext);
    assertNotNull(result);
    assertEquals(0, result.get("cef_version"));
    assertEquals("vendor", result.get("device_vendor"));
    assertEquals("product", result.get("device_product"));
    assertEquals("1.0", result.get("device_version"));
    assertEquals("id", result.get("device_event_class_id"));
    assertEquals("low", result.get("severity"));
    assertEquals("example.com", result.get("dvc"));
    assertEquals("Foobar", result.get("msg"));
}
Also used : BooleanExpression(org.graylog.plugins.pipelineprocessor.ast.expressions.BooleanExpression) Message(org.graylog2.plugin.Message) BooleanExpression(org.graylog.plugins.pipelineprocessor.ast.expressions.BooleanExpression) StringExpression(org.graylog.plugins.pipelineprocessor.ast.expressions.StringExpression) Expression(org.graylog.plugins.pipelineprocessor.ast.expressions.Expression) StringExpression(org.graylog.plugins.pipelineprocessor.ast.expressions.StringExpression) FunctionArgs(org.graylog.plugins.pipelineprocessor.ast.functions.FunctionArgs) EvaluationContext(org.graylog.plugins.pipelineprocessor.EvaluationContext) CommonToken(org.antlr.v4.runtime.CommonToken) Test(org.junit.Test)

Example 3 with Expression

use of org.graylog.plugins.pipelineprocessor.ast.expressions.Expression in project graylog2-server by Graylog2.

the class CEFParserFunctionTest method evaluate_returns_result_for_valid_CEF_string_with_short_names_if_useFullNames_parameter_is_missing.

@Test
public void evaluate_returns_result_for_valid_CEF_string_with_short_names_if_useFullNames_parameter_is_missing() throws Exception {
    final Map<String, Expression> arguments = Collections.singletonMap(CEFParserFunction.VALUE, new StringExpression(new CommonToken(0), "CEF:0|vendor|product|1.0|id|name|low|dvc=example.com msg=Foobar"));
    final FunctionArgs functionArgs = new FunctionArgs(function, arguments);
    final Message message = new Message("__dummy", "__dummy", DateTime.parse("2010-07-30T16:03:25Z"));
    final EvaluationContext evaluationContext = new EvaluationContext(message);
    final CEFParserResult result = function.evaluate(functionArgs, evaluationContext);
    assertNotNull(result);
    assertEquals(0, result.get("cef_version"));
    assertEquals("vendor", result.get("device_vendor"));
    assertEquals("product", result.get("device_product"));
    assertEquals("1.0", result.get("device_version"));
    assertEquals("id", result.get("device_event_class_id"));
    assertEquals("low", result.get("severity"));
    assertEquals("example.com", result.get("dvc"));
    assertEquals("Foobar", result.get("msg"));
}
Also used : Message(org.graylog2.plugin.Message) BooleanExpression(org.graylog.plugins.pipelineprocessor.ast.expressions.BooleanExpression) StringExpression(org.graylog.plugins.pipelineprocessor.ast.expressions.StringExpression) Expression(org.graylog.plugins.pipelineprocessor.ast.expressions.Expression) StringExpression(org.graylog.plugins.pipelineprocessor.ast.expressions.StringExpression) FunctionArgs(org.graylog.plugins.pipelineprocessor.ast.functions.FunctionArgs) EvaluationContext(org.graylog.plugins.pipelineprocessor.EvaluationContext) CommonToken(org.antlr.v4.runtime.CommonToken) Test(org.junit.Test)

Example 4 with Expression

use of org.graylog.plugins.pipelineprocessor.ast.expressions.Expression in project graylog2-server by Graylog2.

the class ParameterDescriptor method required.

@Nullable
public R required(FunctionArgs args, EvaluationContext context) {
    final Object precomputedValue = args.getPreComputedValue(name());
    if (precomputedValue != null) {
        return transformedType().cast(precomputedValue);
    }
    final Expression valueExpr = args.expression(name());
    if (valueExpr == null) {
        return null;
    }
    final Object value = valueExpr.evaluateUnsafe(context);
    return transformedType().cast(transform().apply(type().cast(value)));
}
Also used : Expression(org.graylog.plugins.pipelineprocessor.ast.expressions.Expression) Nullable(javax.annotation.Nullable)

Example 5 with Expression

use of org.graylog.plugins.pipelineprocessor.ast.expressions.Expression in project graylog2-server by Graylog2.

the class CEFParserFunctionTest method evaluate_returns_null_for_invalid_CEF_string.

@Test
public void evaluate_returns_null_for_invalid_CEF_string() throws Exception {
    final Map<String, Expression> arguments = ImmutableMap.of(CEFParserFunction.VALUE, new StringExpression(new CommonToken(0), "CEF:0|Foobar"), CEFParserFunction.USE_FULL_NAMES, new BooleanExpression(new CommonToken(0), false));
    final FunctionArgs functionArgs = new FunctionArgs(function, arguments);
    final Message message = new Message("__dummy", "__dummy", DateTime.parse("2010-07-30T16:03:25Z"));
    final EvaluationContext evaluationContext = new EvaluationContext(message);
    final CEFParserResult result = function.evaluate(functionArgs, evaluationContext);
    assertNull(result);
}
Also used : BooleanExpression(org.graylog.plugins.pipelineprocessor.ast.expressions.BooleanExpression) Message(org.graylog2.plugin.Message) BooleanExpression(org.graylog.plugins.pipelineprocessor.ast.expressions.BooleanExpression) StringExpression(org.graylog.plugins.pipelineprocessor.ast.expressions.StringExpression) Expression(org.graylog.plugins.pipelineprocessor.ast.expressions.Expression) StringExpression(org.graylog.plugins.pipelineprocessor.ast.expressions.StringExpression) FunctionArgs(org.graylog.plugins.pipelineprocessor.ast.functions.FunctionArgs) EvaluationContext(org.graylog.plugins.pipelineprocessor.EvaluationContext) CommonToken(org.antlr.v4.runtime.CommonToken) Test(org.junit.Test)

Aggregations

Expression (org.graylog.plugins.pipelineprocessor.ast.expressions.Expression)8 CommonToken (org.antlr.v4.runtime.CommonToken)6 EvaluationContext (org.graylog.plugins.pipelineprocessor.EvaluationContext)6 BooleanExpression (org.graylog.plugins.pipelineprocessor.ast.expressions.BooleanExpression)6 StringExpression (org.graylog.plugins.pipelineprocessor.ast.expressions.StringExpression)6 FunctionArgs (org.graylog.plugins.pipelineprocessor.ast.functions.FunctionArgs)6 Message (org.graylog2.plugin.Message)6 Test (org.junit.Test)6 MetricRegistry (com.codahale.metrics.MetricRegistry)1 Map (java.util.Map)1 Nullable (javax.annotation.Nullable)1 PrecomputeFailure (org.graylog.plugins.pipelineprocessor.ast.exceptions.PrecomputeFailure)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial