Examples with Messages org.graylog2.indexer.messages.Messages used on opensource projects

Example 41 with Messages

use of org.graylog2.indexer.messages.Messages in project graylog2-server by Graylog2.

the class SyslogCodecTest method testCiscoSyslogMessages.

@Test
@SuppressForbidden("Deliberate invocation")
public void testCiscoSyslogMessages() {
    final int year = ZonedDateTime.now().getYear();
    final Map<String, Map<String, Object>> messages = ImmutableMap.<String, Map<String, Object>>builder().put("<186>1541800: Feb 27 06:08:59.485: %HARDWARE-2-FAN_ERROR: Fan Failure", ImmutableMap.<String, Object>builder().put("timestamp", new DateTime(year, 2, 27, 6, 8, 59, 485, DateTimeZone.UTC).withZone(DateTimeZone.getDefault())).put("source", "127.0.0.1").put("level", 2).put("facility", "local7").put("message", "%HARDWARE-2-FAN_ERROR: Fan Failure").put("sequence_number", 1541800).build()).put("<189>148093: Feb 27 06:07:28.713: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/15, changed state to down", ImmutableMap.<String, Object>builder().put("timestamp", new DateTime(year, 2, 27, 6, 7, 28, 713, DateTimeZone.UTC).withZone(DateTimeZone.getDefault())).put("source", "127.0.0.1").put("level", 5).put("facility", "local7").put("message", "%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/15, changed state to down").build()).put("<190>530470: *Sep 28 17:13:35.098: %SEC-6-IPACCESSLOGP: list MGMT_IN denied udp IP(49964) -> IP(161), 11 packets", ImmutableMap.<String, Object>builder().put("timestamp", new DateTime(year, 9, 28, 17, 13, 35, 98, DateTimeZone.UTC).withZone(DateTimeZone.getDefault())).put("source", "127.0.0.1").put("level", 6).put("facility", "local7").put("message", "%SEC-6-IPACCESSLOGP: list MGMT_IN denied udp IP(49964) -> IP(161), 11 packets").build()).put("<190>: 2017 Mar 06 09:22:34 CET: %AUTHPRIV-6-SYSTEM_MSG: START: rsync pid=4311 from=::ffff:IP - xinetd[6219]", ImmutableMap.<String, Object>builder().put("timestamp", new DateTime(2017, 3, 6, 9, 22, 34, DateTimeZone.forID("CET")).withZone(DateTimeZone.getDefault())).put("source", "127.0.0.1").put("level", 6).put("facility", "local7").put("message", "%AUTHPRIV-6-SYSTEM_MSG: START: rsync pid=4311 from=::ffff:IP - xinetd[6219]").build()).put("<134>: 2017 Mar  6 12:53:10 UTC: %POLICY_ENGINE-6-POLICY_LOOKUP_EVENT: policy=POLICYNAME rule=RULENAME action=Permit direction=egress src.net.ip-address=IP src.net.port=38321 dst.net.ip-address=IP dst.net.port=5666 net.protocol=6 net.ethertype=800 net.service=\"protocol 6 port 5666\"", ImmutableMap.<String, Object>builder().put("timestamp", new DateTime(2017, 3, 6, 12, 53, 10, DateTimeZone.UTC).withZone(DateTimeZone.getDefault())).put("source", "127.0.0.1").put("level", 6).put("facility", "local0").put("message", "%POLICY_ENGINE-6-POLICY_LOOKUP_EVENT: policy=POLICYNAME rule=RULENAME action=Permit direction=egress src.net.ip-address=IP src.net.port=38321 dst.net.ip-address=IP dst.net.port=5666 net.protocol=6 net.ethertype=800 net.service=\"protocol 6 port 5666\"").build()).build();
    for (Map.Entry<String, Map<String, Object>> entry : messages.entrySet()) {
        final Message message = codec.decode(buildRawMessage(entry.getKey()));
        assertThat(message).isNotNull();
        assertThat(message.getFields()).containsAllEntriesOf(entry.getValue());
    }
}

Example 42 with Messages

use of org.graylog2.indexer.messages.Messages in project jmxtrans by jmxtrans.

the class GelfWriter method doWrite.

@Override
public void doWrite(final Server server, final Query query, final Iterable<Result> results) throws Exception {
    final GelfMessageBuilder messageBuilder = new GelfMessageBuilder("", server.getHost());
    final List<String> messages = new ArrayList<>();
    for (final Result result : results) {
        log.debug("Query result: [{}]", result);
        final String key = KeyUtils.getKeyString(query, result, this.typeNames);
        messages.add(String.format("%s=%s", key, result.getValue()));
        messageBuilder.additionalField(key, result.getValue());
    }
    if (additionalFields != null) {
        for (final Map.Entry<String, Object> additionalField : additionalFields.entrySet()) {
            messageBuilder.additionalField(additionalField.getKey(), additionalField.getValue());
        }
    }
    final String message = StringUtils.join(messages, " ");
    messageBuilder.message(message);
    messageBuilder.fullMessage(message);
    log.debug("Sending GELF message: {}", messageBuilder.build().toString());
    this.gelfTransport.send(messageBuilder.build());
}

Example 43 with Messages

use of org.graylog2.indexer.messages.Messages in project graylog2-server by Graylog2.

the class DecoratorProcessorImpl method decorate.

@Override
public SearchResponse decorate(SearchResponse searchResponse, Optional<String> streamId) {
    try {
        final List<SearchResponseDecorator> searchResponseDecorators = streamId.isPresent() ? decoratorResolver.searchResponseDecoratorsForStream(streamId.get()) : decoratorResolver.searchResponseDecoratorsForGlobal();
        final Optional<SearchResponseDecorator> metaDecorator = searchResponseDecorators.stream().reduce((f, g) -> (v) -> g.apply(f.apply(v)));
        if (metaDecorator.isPresent()) {
            final Map<String, ResultMessageSummary> originalMessages = searchResponse.messages().stream().collect(Collectors.toMap(this::getMessageKey, Function.identity()));
            final SearchResponse newSearchResponse = metaDecorator.get().apply(searchResponse);
            final Set<String> newFields = extractFields(newSearchResponse.messages());
            final List<ResultMessageSummary> decoratedMessages = newSearchResponse.messages().stream().map(resultMessage -> {
                final ResultMessageSummary originalMessage = originalMessages.get(getMessageKey(resultMessage));
                if (originalMessage != null) {
                    return resultMessage.toBuilder().decorationStats(DecorationStats.create(originalMessage.message(), resultMessage.message())).build();
                }
                return resultMessage;
            }).collect(Collectors.toList());
            return newSearchResponse.toBuilder().messages(decoratedMessages).fields(newFields).decorationStats(this.getSearchDecoratorStats(decoratedMessages)).build();
        }
    } catch (Exception e) {
        LOG.error("Error decorating search response", e);
    }
    return searchResponse;
}

Example 44 with Messages

use of org.graylog2.indexer.messages.Messages in project graylog2-server by Graylog2.

the class Indices method getAllMessageFieldsForIndices.

public Map<String, Set<String>> getAllMessageFieldsForIndices(final String[] writeIndexWildcards) {
    final Map<String, Set<String>> fields = new HashMap<>();
    final ClusterStateRequest csr = new ClusterStateRequest().blocks(true).nodes(true).indices(writeIndexWildcards);
    final ClusterState cs = c.admin().cluster().state(csr).actionGet().getState();
    for (ObjectObjectCursor<String, IndexMetaData> m : cs.getMetaData().indices()) {
        try {
            MappingMetaData mmd = m.value.mapping(IndexMapping.TYPE_MESSAGE);
            if (mmd == null) {
                // There is no mapping if there are no messages in the index.
                continue;
            }
            @SuppressWarnings("unchecked") final Map<String, Object> mapping = (Map<String, Object>) mmd.getSourceAsMap().get("properties");
            if (mapping != null) {
                fields.put(m.key, mapping.keySet());
            }
        } catch (Exception e) {
            LOG.error("Error while trying to get fields of <" + m.index + ">", e);
        }
    }
    return fields;
}

Example 45 with Messages

use of org.graylog2.indexer.messages.Messages in project graylog2-server by Graylog2.

the class RelativeSearchResource method searchRelative.

@GET
@Timed
@ApiOperation(value = "Message search with relative timerange.", notes = "Search for messages in a relative timerange, specified as seconds from now. " + "Example: 300 means search from 5 minutes ago to now.")
@ApiResponses(value = { @ApiResponse(code = 400, message = "Invalid timerange parameters provided.") })
@Produces(MediaType.APPLICATION_JSON)
public SearchResponse searchRelative(@ApiParam(name = "query", value = "Query (Lucene syntax)", required = true) @QueryParam("query") @NotEmpty String query, @ApiParam(name = "range", value = "Relative timeframe to search in. See method description.", required = true) @QueryParam("range") int range, @ApiParam(name = "limit", value = "Maximum number of messages to return.", required = false) @QueryParam("limit") int limit, @ApiParam(name = "offset", value = "Offset", required = false) @QueryParam("offset") int offset, @ApiParam(name = "filter", value = "Filter", required = false) @QueryParam("filter") String filter, @ApiParam(name = "fields", value = "Comma separated list of fields to return", required = false) @QueryParam("fields") String fields, @ApiParam(name = "sort", value = "Sorting (field:asc / field:desc)", required = false) @QueryParam("sort") String sort, @ApiParam(name = "decorate", value = "Run decorators on search result", required = false) @QueryParam("decorate") @DefaultValue("true") boolean decorate) {
    checkSearchPermission(filter, RestPermissions.SEARCHES_RELATIVE);
    final List<String> fieldList = parseOptionalFields(fields);
    final Sorting sorting = buildSorting(sort);
    final TimeRange timeRange = buildRelativeTimeRange(range);
    final SearchesConfig searchesConfig = SearchesConfig.builder().query(query).filter(filter).fields(fieldList).range(timeRange).limit(limit).offset(offset).sorting(sorting).build();
    final Optional<String> streamId = Searches.extractStreamId(filter);
    try {
        return buildSearchResponse(searches.search(searchesConfig), timeRange, decorate, streamId);
    } catch (SearchPhaseExecutionException e) {
        throw createRequestExceptionForParseFailure(query, e);
    }
}