Example 31 with Messages
use of org.graylog2.indexer.messages.Messages in project graylog2-server by Graylog2.
the class AggregationEventProcessorTest method testEventsFromAggregationResultWithEmptyResultUsesEventDefinitionStreamAsSourceStreams.
@Test
public void testEventsFromAggregationResultWithEmptyResultUsesEventDefinitionStreamAsSourceStreams() {
final DateTime now = DateTime.now(DateTimeZone.UTC);
final AbsoluteRange timerange = AbsoluteRange.create(now.minusHours(1), now.plusHours(1));
// We expect to get the end of the aggregation timerange as event time
final TestEvent event1 = new TestEvent(timerange.to());
final TestEvent event2 = new TestEvent(timerange.to());
when(eventFactory.createEvent(any(EventDefinition.class), eq(now), anyString())).thenReturn(// first invocation return value
event1).thenReturn(// second invocation return value
event2);
final EventDefinitionDto eventDefinitionDto = buildEventDefinitionDto(ImmutableSet.of("stream-2"), ImmutableList.of(), null);
final AggregationEventProcessorParameters parameters = AggregationEventProcessorParameters.builder().timerange(timerange).build();
final AggregationEventProcessor eventProcessor = new AggregationEventProcessor(eventDefinitionDto, searchFactory, eventProcessorDependencyCheck, stateService, moreSearch, streamService, messages);
final AggregationResult result = buildAggregationResult(timerange, now, ImmutableList.of("one", "two"));
final ImmutableList<EventWithContext> eventsWithContext = eventProcessor.eventsFromAggregationResult(eventFactory, parameters, result);
assertThat(eventsWithContext).hasSize(1);
assertThat(eventsWithContext.get(0)).satisfies(eventWithContext -> {
final Event event = eventWithContext.event();
assertThat(event.getId()).isEqualTo(event1.getId());
assertThat(event.getMessage()).isEqualTo(event1.getMessage());
assertThat(event.getEventTimestamp()).isEqualTo(timerange.to());
assertThat(event.getTimerangeStart()).isEqualTo(timerange.from());
assertThat(event.getTimerangeEnd()).isEqualTo(timerange.to());
// Must contain the stream from the event definition because there is none in the result
assertThat(event.getSourceStreams()).containsOnly("stream-2");
final Message message = eventWithContext.messageContext().orElse(null);
assertThat(message).isNotNull();
assertThat(message.getField("group_field_one")).isEqualTo("one");
assertThat(message.getField("group_field_two")).isEqualTo("two");
assertThat(message.getField("aggregation_key")).isEqualTo("one|two");
assertThat(message.getField("aggregation_value_count")).isEqualTo(0.0d);
});
}
Also used :
EventDefinitionDto(org.graylog.events.processor.EventDefinitionDto)
Message(org.graylog2.plugin.Message)
TestEvent(org.graylog.events.event.TestEvent)
AbsoluteRange(org.graylog2.plugin.indexer.searches.timeranges.AbsoluteRange)
Event(org.graylog.events.event.Event)
TestEvent(org.graylog.events.event.TestEvent)
EventWithContext(org.graylog.events.event.EventWithContext)
DateTime(org.joda.time.DateTime)
Test(org.junit.Test)
Example 32 with Messages
use of org.graylog2.indexer.messages.Messages in project graylog2-server by Graylog2.
the class AggregationEventProcessorTest method createEventsWithFilter.
@Test
public void createEventsWithFilter() throws Exception {
when(eventProcessorDependencyCheck.hasMessagesIndexedUpTo(any(DateTime.class))).thenReturn(true);
final DateTime now = DateTime.now(DateTimeZone.UTC);
final AbsoluteRange timerange = AbsoluteRange.create(now.minusHours(1), now.plusHours(1));
final AggregationEventProcessorConfig config = AggregationEventProcessorConfig.builder().query("aQueryString").streams(ImmutableSet.of()).groupBy(ImmutableList.of()).series(ImmutableList.of()).conditions(null).searchWithinMs(30000).executeEveryMs(30000).build();
final EventDefinitionDto eventDefinitionDto = buildEventDefinitionDto(ImmutableSet.of(), ImmutableList.of(), null);
final AggregationEventProcessorParameters parameters = AggregationEventProcessorParameters.builder().timerange(timerange).build();
final AggregationEventProcessor eventProcessor = new AggregationEventProcessor(eventDefinitionDto, searchFactory, eventProcessorDependencyCheck, stateService, moreSearch, streamService, messages);
assertThatCode(() -> eventProcessor.createEvents(eventFactory, parameters, (events) -> {
})).doesNotThrowAnyException();
verify(moreSearch, times(1)).scrollQuery(eq(config.query()), eq(config.streams()), eq(config.queryParameters()), eq(parameters.timerange()), eq(parameters.batchSize()), any(MoreSearch.ScrollCallback.class));
verify(searchFactory, never()).create(eq(config), eq(parameters), any(String.class), eq(eventDefinitionDto));
}
Also used :
EventDefinitionDto(org.graylog.events.processor.EventDefinitionDto)
AbsoluteRange(org.graylog2.plugin.indexer.searches.timeranges.AbsoluteRange)
ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString)
DateTime(org.joda.time.DateTime)
Test(org.junit.Test)
Example 33 with Messages
use of org.graylog2.indexer.messages.Messages in project graylog2-server by Graylog2.
the class NetflowV9CodecAggregatorTest method decodeMessagesSuccessfullyDecodesNetFlowV5.
@Test
public void decodeMessagesSuccessfullyDecodesNetFlowV5() throws Exception {
final Collection<Message> messages = decodeResult(aggregateRawPacket("netflow-data/netflow-v5-1.dat"));
assertThat(messages).isNotNull().hasSize(2);
final Message message = Iterables.get(messages, 0);
assertThat(message).isNotNull();
assertThat(message.getMessage()).isEqualTo("NetFlowV5 [10.0.2.2]:54435 <> [10.0.2.15]:22 proto:6 pkts:5 bytes:230");
assertThat(message.getTimestamp()).isEqualTo(DateTime.parse("2015-05-02T18:38:08.280Z"));
assertThat(message.getSource()).isEqualTo(source.getAddress().getHostAddress());
assertThat(message.getFields()).containsEntry("nf_src_address", "10.0.2.2").containsEntry("nf_dst_address", "10.0.2.15").containsEntry("nf_proto_name", "TCP").containsEntry("nf_src_as", 0).containsEntry("nf_dst_as", 0).containsEntry("nf_snmp_input", 0).containsEntry("nf_snmp_output", 0);
}
Also used :
RawMessage(org.graylog2.plugin.journal.RawMessage)
Message(org.graylog2.plugin.Message)
Test(org.junit.Test)
Example 34 with Messages
use of org.graylog2.indexer.messages.Messages in project graylog2-server by Graylog2.
the class StreamCatalogTest method listEntityExcerpts.
@Test
@MongoDBFixtures("StreamCatalogTest.json")
public void listEntityExcerpts() {
final EntityExcerpt expectedEntityExcerpt1 = EntityExcerpt.builder().id(ModelId.of("000000000000000000000001")).type(ModelTypes.STREAM_V1).title("All messages").build();
final EntityExcerpt expectedEntityExcerpt2 = EntityExcerpt.builder().id(ModelId.of("5adf23894b900a0fdb4e517d")).type(ModelTypes.STREAM_V1).title("Test").build();
final Set<EntityExcerpt> entityExcerpts = facade.listEntityExcerpts();
assertThat(entityExcerpts).containsOnly(expectedEntityExcerpt1, expectedEntityExcerpt2);
}
Also used :
EntityExcerpt(org.graylog2.contentpacks.model.entities.EntityExcerpt)
MongoDBFixtures(org.graylog.testing.mongodb.MongoDBFixtures)
Test(org.junit.Test)
Example 35 with Messages
use of org.graylog2.indexer.messages.Messages in project graylog2-server by Graylog2.
the class FormattedEmailAlertSenderTest method defaultBodyTemplateShowsBacklogIfBacklogIsNotEmpty.
@Test
public void defaultBodyTemplateShowsBacklogIfBacklogIsNotEmpty() throws Exception {
FormattedEmailAlertSender emailAlertSender = new FormattedEmailAlertSender(new EmailConfiguration(), mockNotificationService, mockNodeId, templateEngine, emailFactory);
Stream stream = mock(Stream.class);
when(stream.getId()).thenReturn("123456");
when(stream.getTitle()).thenReturn("Stream Title");
AlertCondition alertCondition = mock(AlertCondition.class);
AlertCondition.CheckResult checkResult = mock(AbstractAlertCondition.CheckResult.class);
when(checkResult.getTriggeredAt()).thenReturn(new DateTime(2015, 1, 1, 0, 0, DateTimeZone.UTC));
when(checkResult.getTriggeredCondition()).thenReturn(alertCondition);
Message message = new Message("Test", "source", new DateTime(2015, 1, 1, 0, 0, DateTimeZone.UTC));
String body = emailAlertSender.buildBody(stream, checkResult, Collections.singletonList(message));
assertThat(body).doesNotContain("<No backlog>\n").containsSequence("Last messages accounting for this alert:\n", message.toString());
}
Also used :
Message(org.graylog2.plugin.Message)
EmailConfiguration(org.graylog2.configuration.EmailConfiguration)
AlertCondition(org.graylog2.plugin.alarms.AlertCondition)
Stream(org.graylog2.plugin.streams.Stream)
DateTime(org.joda.time.DateTime)
Test(org.junit.Test)
Aggregations
Message (org.graylog2.plugin.Message)41
Test (org.junit.Test)31
DateTime (org.joda.time.DateTime)17
Map (java.util.Map)15
ApiOperation (io.swagger.annotations.ApiOperation)14
Produces (javax.ws.rs.Produces)14
Timed (com.codahale.metrics.annotation.Timed)13
ApiResponses (io.swagger.annotations.ApiResponses)12
Messages (org.graylog2.plugin.Messages)12
List (java.util.List)11
GET (javax.ws.rs.GET)11
AbsoluteRange (org.graylog2.plugin.indexer.searches.timeranges.AbsoluteRange)11
ResultMessage (org.graylog2.indexer.results.ResultMessage)10
TimeRange (org.graylog2.plugin.indexer.searches.timeranges.TimeRange)10
ArrayList (java.util.ArrayList)9
Collectors (java.util.stream.Collectors)9
ResultMessageSummary (org.graylog2.rest.models.messages.responses.ResultMessageSummary)9
ImmutableMap (com.google.common.collect.ImmutableMap)8
IOException (java.io.IOException)8
Inject (javax.inject.Inject)8
