Examples with ResultMessage org.graylog2.indexer.results.ResultMessage used on opensource projects

Search in sources :

Example 6 with ResultMessage

use of org.graylog2.indexer.results.ResultMessage in project graylog2-server by Graylog2.

the class MessageCountAlertCondition method runCheck.

@Override
public CheckResult runCheck() {
    try {
        // Create an absolute range from the relative range to make sure it doesn't change during the two
        // search requests. (count and find messages)
        // This is needed because the RelativeRange computes the range from NOW on every invocation of getFrom() and
        // getTo().
        // See: https://github.com/Graylog2/graylog2-server/issues/2382
        final RelativeRange relativeRange = RelativeRange.create(time * 60);
        final AbsoluteRange range = AbsoluteRange.create(relativeRange.getFrom(), relativeRange.getTo());
        final String filter = "streams:" + stream.getId();
        final CountResult result = searches.count("*", range, filter);
        final long count = result.count();
        LOG.debug("Alert check <{}> result: [{}]", id, count);
        final boolean triggered;
        switch(thresholdType) {
            case MORE:
                triggered = count > threshold;
                break;
            case LESS:
                triggered = count < threshold;
                break;
            default:
                triggered = false;
        }
        if (triggered) {
            final List<MessageSummary> summaries = Lists.newArrayList();
            if (getBacklog() > 0) {
                final SearchResult backlogResult = searches.search("*", filter, range, getBacklog(), 0, new Sorting("timestamp", Sorting.Direction.DESC));
                for (ResultMessage resultMessage : backlogResult.getResults()) {
                    final Message msg = resultMessage.getMessage();
                    summaries.add(new MessageSummary(resultMessage.getIndex(), msg));
                }
            }
            final String resultDescription = "Stream had " + count + " messages in the last " + time + " minutes with trigger condition " + thresholdType.toString().toLowerCase(Locale.ENGLISH) + " than " + threshold + " messages. " + "(Current grace time: " + grace + " minutes)";
            return new CheckResult(true, this, resultDescription, Tools.nowUTC(), summaries);
        } else {
            return new NegativeCheckResult();
        }
    } catch (InvalidRangeParametersException e) {
        // cannot happen lol
        LOG.error("Invalid timerange.", e);
        return null;
    } catch (InvalidRangeFormatException e) {
        // lol same here
        LOG.error("Invalid timerange format.", e);
        return null;
    }
}
Also used : InvalidRangeFormatException(org.graylog2.indexer.InvalidRangeFormatException) InvalidRangeParametersException(org.graylog2.plugin.indexer.searches.timeranges.InvalidRangeParametersException) ResultMessage(org.graylog2.indexer.results.ResultMessage) Message(org.graylog2.plugin.Message) AbsoluteRange(org.graylog2.plugin.indexer.searches.timeranges.AbsoluteRange) SearchResult(org.graylog2.indexer.results.SearchResult) CountResult(org.graylog2.indexer.results.CountResult) ResultMessage(org.graylog2.indexer.results.ResultMessage) Sorting(org.graylog2.indexer.searches.Sorting) RelativeRange(org.graylog2.plugin.indexer.searches.timeranges.RelativeRange) MessageSummary(org.graylog2.plugin.MessageSummary)

Example 7 with ResultMessage

use of org.graylog2.indexer.results.ResultMessage in project graylog2-server by Graylog2.

the class DecoratorProcessorImpl method decorate.

@Override
public SearchResponse decorate(SearchResponse searchResponse, Optional<String> streamId) {
    try {
        final List<SearchResponseDecorator> searchResponseDecorators = streamId.isPresent() ? decoratorResolver.searchResponseDecoratorsForStream(streamId.get()) : decoratorResolver.searchResponseDecoratorsForGlobal();
        final Optional<SearchResponseDecorator> metaDecorator = searchResponseDecorators.stream().reduce((f, g) -> (v) -> g.apply(f.apply(v)));
        if (metaDecorator.isPresent()) {
            final Map<String, ResultMessageSummary> originalMessages = searchResponse.messages().stream().collect(Collectors.toMap(this::getMessageKey, Function.identity()));
            final SearchResponse newSearchResponse = metaDecorator.get().apply(searchResponse);
            final Set<String> newFields = extractFields(newSearchResponse.messages());
            final List<ResultMessageSummary> decoratedMessages = newSearchResponse.messages().stream().map(resultMessage -> {
                final ResultMessageSummary originalMessage = originalMessages.get(getMessageKey(resultMessage));
                if (originalMessage != null) {
                    return resultMessage.toBuilder().decorationStats(DecorationStats.create(originalMessage.message(), resultMessage.message())).build();
                }
                return resultMessage;
            }).collect(Collectors.toList());
            return newSearchResponse.toBuilder().messages(decoratedMessages).fields(newFields).decorationStats(this.getSearchDecoratorStats(decoratedMessages)).build();
        }
    } catch (Exception e) {
        LOG.error("Error decorating search response", e);
    }
    return searchResponse;
}
Also used : Logger(org.slf4j.Logger) LoggerFactory(org.slf4j.LoggerFactory) SearchResponse(org.graylog2.rest.resources.search.responses.SearchResponse) Set(java.util.Set) SearchResponseDecorator(org.graylog2.plugin.decorators.SearchResponseDecorator) SearchDecorationStats(org.graylog2.rest.resources.search.responses.SearchDecorationStats) DecorationStats(org.graylog2.rest.models.messages.responses.DecorationStats) Function(java.util.function.Function) Collectors(java.util.stream.Collectors) ResultMessageSummary(org.graylog2.rest.models.messages.responses.ResultMessageSummary) Inject(javax.inject.Inject) HashSet(java.util.HashSet) List(java.util.List) Map(java.util.Map) Optional(java.util.Optional) Message(org.graylog2.plugin.Message) SearchResponseDecorator(org.graylog2.plugin.decorators.SearchResponseDecorator) ResultMessageSummary(org.graylog2.rest.models.messages.responses.ResultMessageSummary) SearchResponse(org.graylog2.rest.resources.search.responses.SearchResponse)

Example 8 with ResultMessage

use of org.graylog2.indexer.results.ResultMessage in project graylog2-server by Graylog2.

the class MessageResource method parse.

@POST
@Path("/parse")
@Timed
@Consumes(MediaType.APPLICATION_JSON)
@ApiOperation(value = "Parse a raw message")
@ApiResponses(value = { @ApiResponse(code = 404, message = "Specified codec does not exist."), @ApiResponse(code = 400, message = "Could not decode message.") })
@NoAuditEvent("only used to parse a test message")
public ResultMessage parse(@ApiParam(name = "JSON body", required = true) MessageParseRequest request) {
    Codec codec;
    try {
        final Configuration configuration = new Configuration(request.configuration());
        codec = codecFactory.create(request.codec(), configuration);
    } catch (IllegalArgumentException e) {
        throw new NotFoundException(e);
    }
    final ResolvableInetSocketAddress remoteAddress = ResolvableInetSocketAddress.wrap(new InetSocketAddress(request.remoteAddress(), 1234));
    final RawMessage rawMessage = new RawMessage(0, new UUID(), Tools.nowUTC(), remoteAddress, request.message().getBytes(StandardCharsets.UTF_8));
    final Message message = decodeMessage(codec, remoteAddress, rawMessage);
    return ResultMessage.createFromMessage(message);
}
Also used : Codec(org.graylog2.plugin.inputs.codecs.Codec) ResolvableInetSocketAddress(org.graylog2.plugin.ResolvableInetSocketAddress) Configuration(org.graylog2.plugin.configuration.Configuration) ResultMessage(org.graylog2.indexer.results.ResultMessage) RawMessage(org.graylog2.plugin.journal.RawMessage) Message(org.graylog2.plugin.Message) ResolvableInetSocketAddress(org.graylog2.plugin.ResolvableInetSocketAddress) InetSocketAddress(java.net.InetSocketAddress) IndexNotFoundException(org.elasticsearch.index.IndexNotFoundException) NotFoundException(javax.ws.rs.NotFoundException) DocumentNotFoundException(org.graylog2.indexer.messages.DocumentNotFoundException) RawMessage(org.graylog2.plugin.journal.RawMessage) UUID(com.eaio.uuid.UUID) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST) Consumes(javax.ws.rs.Consumes) Timed(com.codahale.metrics.annotation.Timed) ApiOperation(io.swagger.annotations.ApiOperation) ApiResponses(io.swagger.annotations.ApiResponses) NoAuditEvent(org.graylog2.audit.jersey.NoAuditEvent)

Example 9 with ResultMessage

use of org.graylog2.indexer.results.ResultMessage in project graylog2-server by Graylog2.

the class MessageResource method decodeMessage.

private Message decodeMessage(Codec codec, ResolvableInetSocketAddress remoteAddress, RawMessage rawMessage) {
    Message message;
    try {
        message = codec.decode(rawMessage);
    } catch (Exception e) {
        throw new BadRequestException("Could not decode message");
    }
    if (message == null) {
        throw new BadRequestException("Could not decode message");
    }
    // Ensure the decoded Message has a source, otherwise creating a ResultMessage will fail
    if (isNullOrEmpty(message.getSource())) {
        final String address = InetAddresses.toAddrString(remoteAddress.getAddress());
        message.setSource(address);
    }
    // Override source
    final Configuration configuration = codec.getConfiguration();
    if (configuration.stringIsSet(Codec.Config.CK_OVERRIDE_SOURCE)) {
        message.setSource(configuration.getString(Codec.Config.CK_OVERRIDE_SOURCE));
    }
    return message;
}
Also used : ResultMessage(org.graylog2.indexer.results.ResultMessage) RawMessage(org.graylog2.plugin.journal.RawMessage) Message(org.graylog2.plugin.Message) Configuration(org.graylog2.plugin.configuration.Configuration) BadRequestException(javax.ws.rs.BadRequestException) IndexNotFoundException(org.elasticsearch.index.IndexNotFoundException) BadRequestException(javax.ws.rs.BadRequestException) ForbiddenException(javax.ws.rs.ForbiddenException) NotFoundException(javax.ws.rs.NotFoundException) DocumentNotFoundException(org.graylog2.indexer.messages.DocumentNotFoundException)

Aggregations

Message (org.graylog2.plugin.Message)8 ResultMessage (org.graylog2.indexer.results.ResultMessage)7 NotFoundException (javax.ws.rs.NotFoundException)3 IndexNotFoundException (org.elasticsearch.index.IndexNotFoundException)3 InvalidRangeFormatException (org.graylog2.indexer.InvalidRangeFormatException)3 DocumentNotFoundException (org.graylog2.indexer.messages.DocumentNotFoundException)3 MessageSummary (org.graylog2.plugin.MessageSummary)3 InvalidRangeParametersException (org.graylog2.plugin.indexer.searches.timeranges.InvalidRangeParametersException)3 RawMessage (org.graylog2.plugin.journal.RawMessage)3 Timed (com.codahale.metrics.annotation.Timed)2 ApiOperation (io.swagger.annotations.ApiOperation)2 ApiResponses (io.swagger.annotations.ApiResponses)2 Path (javax.ws.rs.Path)2 SearchResult (org.graylog2.indexer.results.SearchResult)2 Sorting (org.graylog2.indexer.searches.Sorting)2 Configuration (org.graylog2.plugin.configuration.Configuration)2 CSVWriter (au.com.bytecode.opencsv.CSVWriter)1 UUID (com.eaio.uuid.UUID)1 OutputStreamWriter (java.io.OutputStreamWriter)1 InetSocketAddress (java.net.InetSocketAddress)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial