use of org.graylog2.indexer.messages.Messages in project graylog2-server by Graylog2.
the class SyslogCodecTest method testCiscoSyslogMessages.
@Test
@SuppressForbidden("Deliberate invocation")
public void testCiscoSyslogMessages() {
final int year = ZonedDateTime.now().getYear();
final Map<String, Map<String, Object>> messages = ImmutableMap.<String, Map<String, Object>>builder().put("<186>1541800: Feb 27 06:08:59.485: %HARDWARE-2-FAN_ERROR: Fan Failure", ImmutableMap.<String, Object>builder().put("timestamp", new DateTime(year, 2, 27, 6, 8, 59, 485, DateTimeZone.UTC).withZone(DateTimeZone.getDefault())).put("source", "127.0.0.1").put("level", 2).put("facility", "local7").put("message", "%HARDWARE-2-FAN_ERROR: Fan Failure").put("sequence_number", 1541800).build()).put("<189>148093: Feb 27 06:07:28.713: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/15, changed state to down", ImmutableMap.<String, Object>builder().put("timestamp", new DateTime(year, 2, 27, 6, 7, 28, 713, DateTimeZone.UTC).withZone(DateTimeZone.getDefault())).put("source", "127.0.0.1").put("level", 5).put("facility", "local7").put("message", "%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/15, changed state to down").build()).put("<190>530470: *Sep 28 17:13:35.098: %SEC-6-IPACCESSLOGP: list MGMT_IN denied udp IP(49964) -> IP(161), 11 packets", ImmutableMap.<String, Object>builder().put("timestamp", new DateTime(year, 9, 28, 17, 13, 35, 98, DateTimeZone.UTC).withZone(DateTimeZone.getDefault())).put("source", "127.0.0.1").put("level", 6).put("facility", "local7").put("message", "%SEC-6-IPACCESSLOGP: list MGMT_IN denied udp IP(49964) -> IP(161), 11 packets").build()).put("<190>: 2017 Mar 06 09:22:34 CET: %AUTHPRIV-6-SYSTEM_MSG: START: rsync pid=4311 from=::ffff:IP - xinetd[6219]", ImmutableMap.<String, Object>builder().put("timestamp", new DateTime(2017, 3, 6, 9, 22, 34, DateTimeZone.forID("CET")).withZone(DateTimeZone.getDefault())).put("source", "127.0.0.1").put("level", 6).put("facility", "local7").put("message", "%AUTHPRIV-6-SYSTEM_MSG: START: rsync pid=4311 from=::ffff:IP - xinetd[6219]").build()).put("<134>: 2017 Mar 6 12:53:10 UTC: %POLICY_ENGINE-6-POLICY_LOOKUP_EVENT: policy=POLICYNAME rule=RULENAME action=Permit direction=egress src.net.ip-address=IP src.net.port=38321 dst.net.ip-address=IP dst.net.port=5666 net.protocol=6 net.ethertype=800 net.service=\"protocol 6 port 5666\"", ImmutableMap.<String, Object>builder().put("timestamp", new DateTime(2017, 3, 6, 12, 53, 10, DateTimeZone.UTC).withZone(DateTimeZone.getDefault())).put("source", "127.0.0.1").put("level", 6).put("facility", "local0").put("message", "%POLICY_ENGINE-6-POLICY_LOOKUP_EVENT: policy=POLICYNAME rule=RULENAME action=Permit direction=egress src.net.ip-address=IP src.net.port=38321 dst.net.ip-address=IP dst.net.port=5666 net.protocol=6 net.ethertype=800 net.service=\"protocol 6 port 5666\"").build()).build();
for (Map.Entry<String, Map<String, Object>> entry : messages.entrySet()) {
final Message message = codec.decode(buildRawMessage(entry.getKey()));
assertThat(message).isNotNull();
assertThat(message.getFields()).containsAllEntriesOf(entry.getValue());
}
}
use of org.graylog2.indexer.messages.Messages in project jmxtrans by jmxtrans.
the class GelfWriter method doWrite.
@Override
public void doWrite(final Server server, final Query query, final Iterable<Result> results) throws Exception {
final GelfMessageBuilder messageBuilder = new GelfMessageBuilder("", server.getHost());
final List<String> messages = new ArrayList<>();
for (final Result result : results) {
log.debug("Query result: [{}]", result);
final String key = KeyUtils.getKeyString(query, result, this.typeNames);
messages.add(String.format("%s=%s", key, result.getValue()));
messageBuilder.additionalField(key, result.getValue());
}
if (additionalFields != null) {
for (final Map.Entry<String, Object> additionalField : additionalFields.entrySet()) {
messageBuilder.additionalField(additionalField.getKey(), additionalField.getValue());
}
}
final String message = StringUtils.join(messages, " ");
messageBuilder.message(message);
messageBuilder.fullMessage(message);
log.debug("Sending GELF message: {}", messageBuilder.build().toString());
this.gelfTransport.send(messageBuilder.build());
}
use of org.graylog2.indexer.messages.Messages in project graylog2-server by Graylog2.
the class DecoratorProcessorImpl method decorate.
@Override
public SearchResponse decorate(SearchResponse searchResponse, Optional<String> streamId) {
try {
final List<SearchResponseDecorator> searchResponseDecorators = streamId.isPresent() ? decoratorResolver.searchResponseDecoratorsForStream(streamId.get()) : decoratorResolver.searchResponseDecoratorsForGlobal();
final Optional<SearchResponseDecorator> metaDecorator = searchResponseDecorators.stream().reduce((f, g) -> (v) -> g.apply(f.apply(v)));
if (metaDecorator.isPresent()) {
final Map<String, ResultMessageSummary> originalMessages = searchResponse.messages().stream().collect(Collectors.toMap(this::getMessageKey, Function.identity()));
final SearchResponse newSearchResponse = metaDecorator.get().apply(searchResponse);
final Set<String> newFields = extractFields(newSearchResponse.messages());
final List<ResultMessageSummary> decoratedMessages = newSearchResponse.messages().stream().map(resultMessage -> {
final ResultMessageSummary originalMessage = originalMessages.get(getMessageKey(resultMessage));
if (originalMessage != null) {
return resultMessage.toBuilder().decorationStats(DecorationStats.create(originalMessage.message(), resultMessage.message())).build();
}
return resultMessage;
}).collect(Collectors.toList());
return newSearchResponse.toBuilder().messages(decoratedMessages).fields(newFields).decorationStats(this.getSearchDecoratorStats(decoratedMessages)).build();
}
} catch (Exception e) {
LOG.error("Error decorating search response", e);
}
return searchResponse;
}
use of org.graylog2.indexer.messages.Messages in project graylog2-server by Graylog2.
the class Indices method getAllMessageFieldsForIndices.
public Map<String, Set<String>> getAllMessageFieldsForIndices(final String[] writeIndexWildcards) {
final Map<String, Set<String>> fields = new HashMap<>();
final ClusterStateRequest csr = new ClusterStateRequest().blocks(true).nodes(true).indices(writeIndexWildcards);
final ClusterState cs = c.admin().cluster().state(csr).actionGet().getState();
for (ObjectObjectCursor<String, IndexMetaData> m : cs.getMetaData().indices()) {
try {
MappingMetaData mmd = m.value.mapping(IndexMapping.TYPE_MESSAGE);
if (mmd == null) {
// There is no mapping if there are no messages in the index.
continue;
}
@SuppressWarnings("unchecked") final Map<String, Object> mapping = (Map<String, Object>) mmd.getSourceAsMap().get("properties");
if (mapping != null) {
fields.put(m.key, mapping.keySet());
}
} catch (Exception e) {
LOG.error("Error while trying to get fields of <" + m.index + ">", e);
}
}
return fields;
}
use of org.graylog2.indexer.messages.Messages in project graylog2-server by Graylog2.
the class RelativeSearchResource method searchRelative.
@GET
@Timed
@ApiOperation(value = "Message search with relative timerange.", notes = "Search for messages in a relative timerange, specified as seconds from now. " + "Example: 300 means search from 5 minutes ago to now.")
@ApiResponses(value = { @ApiResponse(code = 400, message = "Invalid timerange parameters provided.") })
@Produces(MediaType.APPLICATION_JSON)
public SearchResponse searchRelative(@ApiParam(name = "query", value = "Query (Lucene syntax)", required = true) @QueryParam("query") @NotEmpty String query, @ApiParam(name = "range", value = "Relative timeframe to search in. See method description.", required = true) @QueryParam("range") int range, @ApiParam(name = "limit", value = "Maximum number of messages to return.", required = false) @QueryParam("limit") int limit, @ApiParam(name = "offset", value = "Offset", required = false) @QueryParam("offset") int offset, @ApiParam(name = "filter", value = "Filter", required = false) @QueryParam("filter") String filter, @ApiParam(name = "fields", value = "Comma separated list of fields to return", required = false) @QueryParam("fields") String fields, @ApiParam(name = "sort", value = "Sorting (field:asc / field:desc)", required = false) @QueryParam("sort") String sort, @ApiParam(name = "decorate", value = "Run decorators on search result", required = false) @QueryParam("decorate") @DefaultValue("true") boolean decorate) {
checkSearchPermission(filter, RestPermissions.SEARCHES_RELATIVE);
final List<String> fieldList = parseOptionalFields(fields);
final Sorting sorting = buildSorting(sort);
final TimeRange timeRange = buildRelativeTimeRange(range);
final SearchesConfig searchesConfig = SearchesConfig.builder().query(query).filter(filter).fields(fieldList).range(timeRange).limit(limit).offset(offset).sorting(sorting).build();
final Optional<String> streamId = Searches.extractStreamId(filter);
try {
return buildSearchResponse(searches.search(searchesConfig), timeRange, decorate, streamId);
} catch (SearchPhaseExecutionException e) {
throw createRequestExceptionForParseFailure(query, e);
}
}
Aggregations