Search in sources :

Example 1 with LookupTable

use of org.graylog2.lookup.LookupTable in project graylog2-server by Graylog2.

the class InputFacade method resolveNativeEntityLookupTable.

private void resolveNativeEntityLookupTable(EntityDescriptor entityDescriptor, InputWithExtractors inputWithExtractors, MutableGraph<EntityDescriptor> mutableGraph) {
    final Stream<String> extractorLookupNames = inputWithExtractors.extractors().stream().filter(e -> e.getType().equals(Extractor.Type.LOOKUP_TABLE)).map(e -> (String) e.getExtractorConfig().get(LookupTableExtractor.CONFIG_LUT_NAME));
    final Stream<String> converterLookupNames = inputWithExtractors.extractors().stream().flatMap(e -> e.getConverters().stream()).filter(c -> c.getType().equals(Converter.Type.LOOKUP_TABLE)).map(c -> (String) c.getConfig().get("lookup_table_name"));
    Stream.concat(extractorLookupNames, converterLookupNames).map(lookupTableService::get).filter(Optional::isPresent).map(Optional::get).forEach(lookupTableDto -> {
        EntityDescriptor lookupTable = EntityDescriptor.create(ModelId.of(lookupTableDto.id()), ModelTypes.LOOKUP_TABLE_V1);
        mutableGraph.putEdge(entityDescriptor, lookupTable);
    });
}
Also used : Extractor(org.graylog2.plugin.inputs.Extractor) Constraint(org.graylog2.contentpacks.model.constraints.Constraint) ImmutableGraph(com.google.common.graph.ImmutableGraph) NativeEntity(org.graylog2.contentpacks.model.entities.NativeEntity) Tools(org.graylog2.plugin.Tools) InputService(org.graylog2.inputs.InputService) NoSuchInputTypeException(org.graylog2.shared.inputs.NoSuchInputTypeException) LoggerFactory(org.slf4j.LoggerFactory) ModelType(org.graylog2.contentpacks.model.ModelType) ConverterEntity(org.graylog2.contentpacks.model.entities.ConverterEntity) ValueReference(org.graylog2.contentpacks.model.entities.references.ValueReference) InputRegistry(org.graylog2.shared.inputs.InputRegistry) MessageInputFactory(org.graylog2.shared.inputs.MessageInputFactory) Map(java.util.Map) JsonNode(com.fasterxml.jackson.databind.JsonNode) ConverterFactory(org.graylog2.inputs.converters.ConverterFactory) ImmutableSet(com.google.common.collect.ImmutableSet) ModelId(org.graylog2.contentpacks.model.ModelId) GrokPatternService(org.graylog2.grok.GrokPatternService) ImmutableMap(com.google.common.collect.ImmutableMap) MutableGraph(com.google.common.graph.MutableGraph) EntityDescriptor(org.graylog2.contentpacks.model.entities.EntityDescriptor) Collection(java.util.Collection) Set(java.util.Set) InputEntity(org.graylog2.contentpacks.model.entities.InputEntity) ServerStatus(org.graylog2.plugin.ServerStatus) ReferenceMapUtils.toReferenceMap(org.graylog2.contentpacks.model.entities.references.ReferenceMapUtils.toReferenceMap) UUID(java.util.UUID) Collectors(java.util.stream.Collectors) GraphBuilder(com.google.common.graph.GraphBuilder) List(java.util.List) Stream(java.util.stream.Stream) GrokExtractor(org.graylog2.inputs.extractors.GrokExtractor) PluginMetaData(org.graylog2.plugin.PluginMetaData) Optional(java.util.Optional) ModelTypes(org.graylog2.contentpacks.model.ModelTypes) Configuration(org.graylog2.plugin.configuration.Configuration) EntityDescriptorIds(org.graylog2.contentpacks.EntityDescriptorIds) Converter(org.graylog2.plugin.inputs.Converter) Entity(org.graylog2.contentpacks.model.entities.Entity) Strings.isNullOrEmpty(com.google.common.base.Strings.isNullOrEmpty) ContentPackException(org.graylog2.contentpacks.exceptions.ContentPackException) ExtractorEntity(org.graylog2.contentpacks.model.entities.ExtractorEntity) DBLookupTableService(org.graylog2.lookup.db.DBLookupTableService) Inject(javax.inject.Inject) ImmutableList(com.google.common.collect.ImmutableList) EntityExcerpt(org.graylog2.contentpacks.model.entities.EntityExcerpt) ConfigurationException(org.graylog2.plugin.configuration.ConfigurationException) Input(org.graylog2.inputs.Input) ExtractorFactory(org.graylog2.inputs.extractors.ExtractorFactory) NotFoundException(org.graylog2.database.NotFoundException) ReferenceMap(org.graylog2.contentpacks.model.entities.references.ReferenceMap) PluginVersionConstraint(org.graylog2.contentpacks.model.constraints.PluginVersionConstraint) Logger(org.slf4j.Logger) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) DateTime(org.joda.time.DateTime) LookupTableEntity(org.graylog2.contentpacks.model.entities.LookupTableEntity) Ints(com.google.common.primitives.Ints) LookupTableExtractor(org.graylog2.inputs.extractors.LookupTableExtractor) EntityV1(org.graylog2.contentpacks.model.entities.EntityV1) MessageInput(org.graylog2.plugin.inputs.MessageInput) ValidationException(org.graylog2.plugin.database.ValidationException) VisibleForTesting(com.google.common.annotations.VisibleForTesting) GrokPatternEntity(org.graylog2.contentpacks.model.entities.GrokPatternEntity) NativeEntityDescriptor(org.graylog2.contentpacks.model.entities.NativeEntityDescriptor) Message(org.graylog2.plugin.Message) ReferenceMapUtils.toValueMap(org.graylog2.contentpacks.model.entities.references.ReferenceMapUtils.toValueMap) Graph(com.google.common.graph.Graph) EntityDescriptor(org.graylog2.contentpacks.model.entities.EntityDescriptor) NativeEntityDescriptor(org.graylog2.contentpacks.model.entities.NativeEntityDescriptor) Optional(java.util.Optional)

Example 2 with LookupTable

use of org.graylog2.lookup.LookupTable in project graylog2-server by Graylog2.

the class LookupTableFacade method findExisting.

private Optional<NativeEntity<LookupTableDto>> findExisting(EntityV1 entity, Map<String, ValueReference> parameters) {
    final LookupTableEntity lookupTableEntity = objectMapper.convertValue(entity.data(), LookupTableEntity.class);
    final String name = lookupTableEntity.name().asString(parameters);
    final String title = lookupTableEntity.title().asString(parameters);
    final Optional<LookupTableDto> lookupTable = lookupTableService.get(name);
    lookupTable.ifPresent(existingLookupTable -> compareLookupTable(name, title, existingLookupTable));
    return lookupTable.map(lt -> NativeEntity.create(entity.id(), lt.id(), TYPE_V1, lt.title(), lt));
}
Also used : LookupTableEntity(org.graylog2.contentpacks.model.entities.LookupTableEntity) LookupTableDto(org.graylog2.lookup.dto.LookupTableDto)

Example 3 with LookupTable

use of org.graylog2.lookup.LookupTable in project graylog2-server by Graylog2.

the class FunctionsSnippetsTest method registerFunctions.

@BeforeClass
@SuppressForbidden("Allow using default thread factory")
public static void registerFunctions() {
    final Map<String, Function<?>> functions = commonFunctions();
    functions.put(BooleanConversion.NAME, new BooleanConversion());
    functions.put(DoubleConversion.NAME, new DoubleConversion());
    functions.put(LongConversion.NAME, new LongConversion());
    functions.put(StringConversion.NAME, new StringConversion());
    functions.put(MapConversion.NAME, new MapConversion());
    // message related functions
    functions.put(HasField.NAME, new HasField());
    functions.put(SetField.NAME, new SetField());
    functions.put(SetFields.NAME, new SetFields());
    functions.put(RenameField.NAME, new RenameField());
    functions.put(RemoveField.NAME, new RemoveField());
    functions.put(DropMessage.NAME, new DropMessage());
    functions.put(CreateMessage.NAME, new CreateMessage());
    functions.put(CloneMessage.NAME, new CloneMessage());
    functions.put(TrafficAccountingSize.NAME, new TrafficAccountingSize());
    // route to stream mocks
    final StreamService streamService = mock(StreamService.class);
    otherStream = mock(Stream.class, "some stream id2");
    when(otherStream.isPaused()).thenReturn(false);
    when(otherStream.getTitle()).thenReturn("some name");
    when(otherStream.getId()).thenReturn("id2");
    when(streamService.loadAll()).thenReturn(Lists.newArrayList(defaultStream, otherStream));
    when(streamService.loadAllEnabled()).thenReturn(Lists.newArrayList(defaultStream, otherStream));
    streamCacheService = new StreamCacheService(eventBus, streamService, null);
    streamCacheService.startAsync().awaitRunning();
    final Provider<Stream> defaultStreamProvider = () -> defaultStream;
    functions.put(RouteToStream.NAME, new RouteToStream(streamCacheService, defaultStreamProvider));
    functions.put(RemoveFromStream.NAME, new RemoveFromStream(streamCacheService, defaultStreamProvider));
    lookupTableService = mock(LookupTableService.class, RETURNS_DEEP_STUBS);
    lookupTable = spy(LookupTable.class);
    when(lookupTableService.getTable(anyString())).thenReturn(lookupTable);
    lookupServiceFunction = new LookupTableService.Function(lookupTableService, "table");
    when(lookupTableService.newBuilder().lookupTable(anyString()).build()).thenReturn(lookupServiceFunction);
    // input related functions
    // TODO needs mock
    // functions.put(FromInput.NAME, new FromInput());
    // generic functions
    functions.put(RegexMatch.NAME, new RegexMatch());
    functions.put(RegexReplace.NAME, new RegexReplace());
    // string functions
    functions.put(Abbreviate.NAME, new Abbreviate());
    functions.put(Capitalize.NAME, new Capitalize());
    functions.put(Concat.NAME, new Concat());
    functions.put(Contains.NAME, new Contains());
    functions.put(EndsWith.NAME, new EndsWith());
    functions.put(Lowercase.NAME, new Lowercase());
    functions.put(Substring.NAME, new Substring());
    functions.put(Swapcase.NAME, new Swapcase());
    functions.put(Uncapitalize.NAME, new Uncapitalize());
    functions.put(Uppercase.NAME, new Uppercase());
    functions.put(KeyValue.NAME, new KeyValue());
    functions.put(Join.NAME, new Join());
    functions.put(Split.NAME, new Split());
    functions.put(StartsWith.NAME, new StartsWith());
    functions.put(Replace.NAME, new Replace());
    functions.put(Length.NAME, new Length());
    functions.put(FirstNonNull.NAME, new FirstNonNull());
    final ObjectMapper objectMapper = new ObjectMapperProvider().get();
    functions.put(JsonParse.NAME, new JsonParse(objectMapper));
    functions.put(SelectJsonPath.NAME, new SelectJsonPath(objectMapper));
    functions.put(DateConversion.NAME, new DateConversion());
    functions.put(Now.NAME, new Now());
    functions.put(FlexParseDate.NAME, new FlexParseDate());
    functions.put(ParseDate.NAME, new ParseDate());
    functions.put(ParseUnixMilliseconds.NAME, new ParseUnixMilliseconds());
    functions.put(FormatDate.NAME, new FormatDate());
    functions.put(Years.NAME, new Years());
    functions.put(Months.NAME, new Months());
    functions.put(Weeks.NAME, new Weeks());
    functions.put(Days.NAME, new Days());
    functions.put(Hours.NAME, new Hours());
    functions.put(Minutes.NAME, new Minutes());
    functions.put(Seconds.NAME, new Seconds());
    functions.put(Millis.NAME, new Millis());
    functions.put(PeriodParseFunction.NAME, new PeriodParseFunction());
    functions.put(CRC32.NAME, new CRC32());
    functions.put(CRC32C.NAME, new CRC32C());
    functions.put(MD5.NAME, new MD5());
    functions.put(Murmur3_32.NAME, new Murmur3_32());
    functions.put(Murmur3_128.NAME, new Murmur3_128());
    functions.put(SHA1.NAME, new SHA1());
    functions.put(SHA256.NAME, new SHA256());
    functions.put(SHA512.NAME, new SHA512());
    functions.put(Base16Encode.NAME, new Base16Encode());
    functions.put(Base16Decode.NAME, new Base16Decode());
    functions.put(Base32Encode.NAME, new Base32Encode());
    functions.put(Base32Decode.NAME, new Base32Decode());
    functions.put(Base32HumanEncode.NAME, new Base32HumanEncode());
    functions.put(Base32HumanDecode.NAME, new Base32HumanDecode());
    functions.put(Base64Encode.NAME, new Base64Encode());
    functions.put(Base64Decode.NAME, new Base64Decode());
    functions.put(Base64UrlEncode.NAME, new Base64UrlEncode());
    functions.put(Base64UrlDecode.NAME, new Base64UrlDecode());
    functions.put(IpAddressConversion.NAME, new IpAddressConversion());
    functions.put(CidrMatch.NAME, new CidrMatch());
    functions.put(IsNull.NAME, new IsNull());
    functions.put(IsNotNull.NAME, new IsNotNull());
    functions.put(SyslogPriorityConversion.NAME, new SyslogPriorityConversion());
    functions.put(SyslogPriorityToStringConversion.NAME, new SyslogPriorityToStringConversion());
    functions.put(SyslogFacilityConversion.NAME, new SyslogFacilityConversion());
    functions.put(SyslogLevelConversion.NAME, new SyslogLevelConversion());
    functions.put(UrlConversion.NAME, new UrlConversion());
    functions.put(UrlDecode.NAME, new UrlDecode());
    functions.put(UrlEncode.NAME, new UrlEncode());
    functions.put(IsBoolean.NAME, new IsBoolean());
    functions.put(IsNumber.NAME, new IsNumber());
    functions.put(IsDouble.NAME, new IsDouble());
    functions.put(IsLong.NAME, new IsLong());
    functions.put(IsString.NAME, new IsString());
    functions.put(IsCollection.NAME, new IsCollection());
    functions.put(IsList.NAME, new IsList());
    functions.put(IsMap.NAME, new IsMap());
    functions.put(IsDate.NAME, new IsDate());
    functions.put(IsPeriod.NAME, new IsPeriod());
    functions.put(IsIp.NAME, new IsIp());
    functions.put(IsJson.NAME, new IsJson());
    functions.put(IsUrl.NAME, new IsUrl());
    final GrokPatternService grokPatternService = mock(GrokPatternService.class);
    final GrokPattern greedyPattern = GrokPattern.create("GREEDY", ".*");
    Set<GrokPattern> patterns = Sets.newHashSet(greedyPattern, GrokPattern.create("GREEDY", ".*"), GrokPattern.create("BASE10NUM", "(?<![0-9.+-])(?>[+-]?(?:(?:[0-9]+(?:\\.[0-9]+)?)|(?:\\.[0-9]+)))"), GrokPattern.create("NUMBER", "(?:%{BASE10NUM:UNWANTED})"), GrokPattern.create("UNDERSCORE", "(?<test_field>test)"), GrokPattern.create("NUM", "%{BASE10NUM}"));
    when(grokPatternService.loadAll()).thenReturn(patterns);
    when(grokPatternService.loadByName("GREEDY")).thenReturn(Optional.of(greedyPattern));
    final EventBus clusterBus = new EventBus();
    final GrokPatternRegistry grokPatternRegistry = new GrokPatternRegistry(clusterBus, grokPatternService, Executors.newScheduledThreadPool(1));
    functions.put(GrokMatch.NAME, new GrokMatch(grokPatternRegistry));
    functions.put(GrokExists.NAME, new GrokExists(grokPatternRegistry));
    functions.put(MetricCounterIncrement.NAME, new MetricCounterIncrement(metricRegistry));
    functions.put(LookupSetValue.NAME, new LookupSetValue(lookupTableService));
    functions.put(LookupClearKey.NAME, new LookupClearKey(lookupTableService));
    functions.put(LookupSetStringList.NAME, new LookupSetStringList(lookupTableService));
    functions.put(LookupAddStringList.NAME, new LookupAddStringList(lookupTableService));
    functions.put(LookupRemoveStringList.NAME, new LookupRemoveStringList(lookupTableService));
    functionRegistry = new FunctionRegistry(functions);
}
Also used : IsList(org.graylog.plugins.pipelineprocessor.functions.conversion.IsList) SHA1(org.graylog.plugins.pipelineprocessor.functions.hashing.SHA1) PeriodParseFunction(org.graylog.plugins.pipelineprocessor.functions.dates.periods.PeriodParseFunction) Base32Encode(org.graylog.plugins.pipelineprocessor.functions.encoding.Base32Encode) IsString(org.graylog.plugins.pipelineprocessor.functions.conversion.IsString) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) StringConversion(org.graylog.plugins.pipelineprocessor.functions.conversion.StringConversion) SyslogPriorityToStringConversion(org.graylog.plugins.pipelineprocessor.functions.syslog.SyslogPriorityToStringConversion) SetField(org.graylog.plugins.pipelineprocessor.functions.messages.SetField) Minutes(org.graylog.plugins.pipelineprocessor.functions.dates.periods.Minutes) Base32Decode(org.graylog.plugins.pipelineprocessor.functions.encoding.Base32Decode) Base64UrlDecode(org.graylog.plugins.pipelineprocessor.functions.encoding.Base64UrlDecode) MapConversion(org.graylog.plugins.pipelineprocessor.functions.conversion.MapConversion) LookupTableService(org.graylog2.lookup.LookupTableService) IsDate(org.graylog.plugins.pipelineprocessor.functions.dates.IsDate) Substring(org.graylog.plugins.pipelineprocessor.functions.strings.Substring) Weeks(org.graylog.plugins.pipelineprocessor.functions.dates.periods.Weeks) IsString(org.graylog.plugins.pipelineprocessor.functions.conversion.IsString) FunctionRegistry(org.graylog.plugins.pipelineprocessor.parser.FunctionRegistry) RemoveField(org.graylog.plugins.pipelineprocessor.functions.messages.RemoveField) IsIp(org.graylog.plugins.pipelineprocessor.functions.ips.IsIp) LookupClearKey(org.graylog.plugins.pipelineprocessor.functions.lookup.LookupClearKey) Contains(org.graylog.plugins.pipelineprocessor.functions.strings.Contains) CloneMessage(org.graylog.plugins.pipelineprocessor.functions.messages.CloneMessage) SelectJsonPath(org.graylog.plugins.pipelineprocessor.functions.json.SelectJsonPath) Millis(org.graylog.plugins.pipelineprocessor.functions.dates.periods.Millis) CreateMessage(org.graylog.plugins.pipelineprocessor.functions.messages.CreateMessage) Murmur3_128(org.graylog.plugins.pipelineprocessor.functions.hashing.Murmur3_128) Split(org.graylog.plugins.pipelineprocessor.functions.strings.Split) RegexReplace(org.graylog.plugins.pipelineprocessor.functions.strings.RegexReplace) EndsWith(org.graylog.plugins.pipelineprocessor.functions.strings.EndsWith) DropMessage(org.graylog.plugins.pipelineprocessor.functions.messages.DropMessage) Base64Decode(org.graylog.plugins.pipelineprocessor.functions.encoding.Base64Decode) IsPeriod(org.graylog.plugins.pipelineprocessor.functions.dates.periods.IsPeriod) KeyValue(org.graylog.plugins.pipelineprocessor.functions.strings.KeyValue) IsDouble(org.graylog.plugins.pipelineprocessor.functions.conversion.IsDouble) LongConversion(org.graylog.plugins.pipelineprocessor.functions.conversion.LongConversion) IsNumber(org.graylog.plugins.pipelineprocessor.functions.conversion.IsNumber) Lowercase(org.graylog.plugins.pipelineprocessor.functions.strings.Lowercase) Days(org.graylog.plugins.pipelineprocessor.functions.dates.periods.Days) SetFields(org.graylog.plugins.pipelineprocessor.functions.messages.SetFields) IsJson(org.graylog.plugins.pipelineprocessor.functions.json.IsJson) RenameField(org.graylog.plugins.pipelineprocessor.functions.messages.RenameField) Base32HumanEncode(org.graylog.plugins.pipelineprocessor.functions.encoding.Base32HumanEncode) UrlEncode(org.graylog.plugins.pipelineprocessor.functions.urls.UrlEncode) Base64UrlEncode(org.graylog.plugins.pipelineprocessor.functions.encoding.Base64UrlEncode) Uncapitalize(org.graylog.plugins.pipelineprocessor.functions.strings.Uncapitalize) Base64UrlEncode(org.graylog.plugins.pipelineprocessor.functions.encoding.Base64UrlEncode) DateConversion(org.graylog.plugins.pipelineprocessor.functions.dates.DateConversion) CRC32C(org.graylog.plugins.pipelineprocessor.functions.hashing.CRC32C) Join(org.graylog.plugins.pipelineprocessor.functions.strings.Join) TrafficAccountingSize(org.graylog.plugins.pipelineprocessor.functions.messages.TrafficAccountingSize) ObjectMapperProvider(org.graylog2.shared.bindings.providers.ObjectMapperProvider) FormatDate(org.graylog.plugins.pipelineprocessor.functions.dates.FormatDate) Length(org.graylog.plugins.pipelineprocessor.functions.strings.Length) Uppercase(org.graylog.plugins.pipelineprocessor.functions.strings.Uppercase) UrlConversion(org.graylog.plugins.pipelineprocessor.functions.urls.UrlConversion) IpAddressConversion(org.graylog.plugins.pipelineprocessor.functions.ips.IpAddressConversion) HasField(org.graylog.plugins.pipelineprocessor.functions.messages.HasField) Murmur3_32(org.graylog.plugins.pipelineprocessor.functions.hashing.Murmur3_32) FlexParseDate(org.graylog.plugins.pipelineprocessor.functions.dates.FlexParseDate) MD5(org.graylog.plugins.pipelineprocessor.functions.hashing.MD5) SyslogFacilityConversion(org.graylog.plugins.pipelineprocessor.functions.syslog.SyslogFacilityConversion) Swapcase(org.graylog.plugins.pipelineprocessor.functions.strings.Swapcase) JsonParse(org.graylog.plugins.pipelineprocessor.functions.json.JsonParse) Base16Decode(org.graylog.plugins.pipelineprocessor.functions.encoding.Base16Decode) IsMap(org.graylog.plugins.pipelineprocessor.functions.conversion.IsMap) MetricCounterIncrement(org.graylog.plugins.pipelineprocessor.functions.debug.MetricCounterIncrement) Concat(org.graylog.plugins.pipelineprocessor.functions.strings.Concat) LookupSetValue(org.graylog.plugins.pipelineprocessor.functions.lookup.LookupSetValue) GrokPattern(org.graylog2.grok.GrokPattern) RouteToStream(org.graylog.plugins.pipelineprocessor.functions.messages.RouteToStream) Capitalize(org.graylog.plugins.pipelineprocessor.functions.strings.Capitalize) LookupAddStringList(org.graylog.plugins.pipelineprocessor.functions.lookup.LookupAddStringList) RemoveFromStream(org.graylog.plugins.pipelineprocessor.functions.messages.RemoveFromStream) RouteToStream(org.graylog.plugins.pipelineprocessor.functions.messages.RouteToStream) Stream(org.graylog2.plugin.streams.Stream) RemoveFromStream(org.graylog.plugins.pipelineprocessor.functions.messages.RemoveFromStream) GrokPatternRegistry(org.graylog2.grok.GrokPatternRegistry) Base16Encode(org.graylog.plugins.pipelineprocessor.functions.encoding.Base16Encode) SyslogPriorityConversion(org.graylog.plugins.pipelineprocessor.functions.syslog.SyslogPriorityConversion) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) BooleanConversion(org.graylog.plugins.pipelineprocessor.functions.conversion.BooleanConversion) Years(org.graylog.plugins.pipelineprocessor.functions.dates.periods.Years) Months(org.graylog.plugins.pipelineprocessor.functions.dates.periods.Months) SyslogPriorityToStringConversion(org.graylog.plugins.pipelineprocessor.functions.syslog.SyslogPriorityToStringConversion) Base32HumanDecode(org.graylog.plugins.pipelineprocessor.functions.encoding.Base32HumanDecode) Now(org.graylog.plugins.pipelineprocessor.functions.dates.Now) CidrMatch(org.graylog.plugins.pipelineprocessor.functions.ips.CidrMatch) LookupRemoveStringList(org.graylog.plugins.pipelineprocessor.functions.lookup.LookupRemoveStringList) SHA512(org.graylog.plugins.pipelineprocessor.functions.hashing.SHA512) IsBoolean(org.graylog.plugins.pipelineprocessor.functions.conversion.IsBoolean) Hours(org.graylog.plugins.pipelineprocessor.functions.dates.periods.Hours) CRC32(org.graylog.plugins.pipelineprocessor.functions.hashing.CRC32) DoubleConversion(org.graylog.plugins.pipelineprocessor.functions.conversion.DoubleConversion) ParseDate(org.graylog.plugins.pipelineprocessor.functions.dates.ParseDate) FlexParseDate(org.graylog.plugins.pipelineprocessor.functions.dates.FlexParseDate) EventBus(com.google.common.eventbus.EventBus) GrokMatch(org.graylog.plugins.pipelineprocessor.functions.strings.GrokMatch) StartsWith(org.graylog.plugins.pipelineprocessor.functions.strings.StartsWith) Abbreviate(org.graylog.plugins.pipelineprocessor.functions.strings.Abbreviate) PeriodParseFunction(org.graylog.plugins.pipelineprocessor.functions.dates.periods.PeriodParseFunction) Function(org.graylog.plugins.pipelineprocessor.ast.functions.Function) Base64Encode(org.graylog.plugins.pipelineprocessor.functions.encoding.Base64Encode) LookupSetStringList(org.graylog.plugins.pipelineprocessor.functions.lookup.LookupSetStringList) GrokPatternService(org.graylog2.grok.GrokPatternService) StreamCacheService(org.graylog.plugins.pipelineprocessor.functions.messages.StreamCacheService) FirstNonNull(org.graylog.plugins.pipelineprocessor.functions.strings.FirstNonNull) StreamService(org.graylog2.streams.StreamService) RegexReplace(org.graylog.plugins.pipelineprocessor.functions.strings.RegexReplace) Replace(org.graylog.plugins.pipelineprocessor.functions.strings.Replace) IsCollection(org.graylog.plugins.pipelineprocessor.functions.conversion.IsCollection) ParseUnixMilliseconds(org.graylog.plugins.pipelineprocessor.functions.dates.ParseUnixMilliseconds) IsLong(org.graylog.plugins.pipelineprocessor.functions.conversion.IsLong) SHA256(org.graylog.plugins.pipelineprocessor.functions.hashing.SHA256) LookupTable(org.graylog2.lookup.LookupTable) RegexMatch(org.graylog.plugins.pipelineprocessor.functions.strings.RegexMatch) Seconds(org.graylog.plugins.pipelineprocessor.functions.dates.periods.Seconds) UrlDecode(org.graylog.plugins.pipelineprocessor.functions.urls.UrlDecode) Base64UrlDecode(org.graylog.plugins.pipelineprocessor.functions.encoding.Base64UrlDecode) SyslogLevelConversion(org.graylog.plugins.pipelineprocessor.functions.syslog.SyslogLevelConversion) IsUrl(org.graylog.plugins.pipelineprocessor.functions.urls.IsUrl) BeforeClass(org.junit.BeforeClass) SuppressForbidden(org.graylog2.shared.SuppressForbidden)

Example 4 with LookupTable

use of org.graylog2.lookup.LookupTable in project graylog2-server by Graylog2.

the class FunctionsSnippetsTest method lookupSetStringList.

@Test
public void lookupSetStringList() {
    final ImmutableList<String> testList = ImmutableList.of("foo", "bar");
    doReturn(LookupResult.withoutTTL().stringListValue(testList).build()).when(lookupTable).setStringList(any(), any());
    final Rule rule = parser.parseRule(ruleForTest(), true);
    final Message message = evaluateRule(rule);
    verify(lookupTable).setStringList("key", testList);
    verifyNoMoreInteractions(lookupTable);
    assertThat(message.getField("new_value")).isEqualTo(testList);
}
Also used : CreateMessage(org.graylog.plugins.pipelineprocessor.functions.messages.CreateMessage) CloneMessage(org.graylog.plugins.pipelineprocessor.functions.messages.CloneMessage) DropMessage(org.graylog.plugins.pipelineprocessor.functions.messages.DropMessage) Message(org.graylog2.plugin.Message) IsString(org.graylog.plugins.pipelineprocessor.functions.conversion.IsString) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) MockitoRule(org.mockito.junit.MockitoRule) Rule(org.graylog.plugins.pipelineprocessor.ast.Rule) BaseParserTest(org.graylog.plugins.pipelineprocessor.BaseParserTest) Test(org.junit.Test)

Example 5 with LookupTable

use of org.graylog2.lookup.LookupTable in project graylog2-server by Graylog2.

the class FunctionsSnippetsTest method lookupAddStringList.

@Test
public void lookupAddStringList() {
    final ImmutableList<String> testList = ImmutableList.of("foo", "bar");
    doReturn(LookupResult.withoutTTL().stringListValue(testList).build()).when(lookupTable).addStringList(any(), any(), anyBoolean());
    final Rule rule = parser.parseRule(ruleForTest(), true);
    final Message message = evaluateRule(rule);
    verify(lookupTable).addStringList("key", testList, false);
    verifyNoMoreInteractions(lookupTable);
    assertThat(message.getField("new_value")).isEqualTo(testList);
}
Also used : CreateMessage(org.graylog.plugins.pipelineprocessor.functions.messages.CreateMessage) CloneMessage(org.graylog.plugins.pipelineprocessor.functions.messages.CloneMessage) DropMessage(org.graylog.plugins.pipelineprocessor.functions.messages.DropMessage) Message(org.graylog2.plugin.Message) IsString(org.graylog.plugins.pipelineprocessor.functions.conversion.IsString) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) MockitoRule(org.mockito.junit.MockitoRule) Rule(org.graylog.plugins.pipelineprocessor.ast.Rule) BaseParserTest(org.graylog.plugins.pipelineprocessor.BaseParserTest) Test(org.junit.Test)

Aggregations

Test (org.junit.Test)6 CloneMessage (org.graylog.plugins.pipelineprocessor.functions.messages.CloneMessage)5 CreateMessage (org.graylog.plugins.pipelineprocessor.functions.messages.CreateMessage)5 DropMessage (org.graylog.plugins.pipelineprocessor.functions.messages.DropMessage)5 Message (org.graylog2.plugin.Message)5 BaseParserTest (org.graylog.plugins.pipelineprocessor.BaseParserTest)4 Rule (org.graylog.plugins.pipelineprocessor.ast.Rule)4 IsString (org.graylog.plugins.pipelineprocessor.functions.conversion.IsString)4 ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)4 MockitoRule (org.mockito.junit.MockitoRule)4 LookupTableEntity (org.graylog2.contentpacks.model.entities.LookupTableEntity)3 JsonNode (com.fasterxml.jackson.databind.JsonNode)2 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)2 MongoDBFixtures (org.graylog.testing.mongodb.MongoDBFixtures)2 EntityDescriptor (org.graylog2.contentpacks.model.entities.EntityDescriptor)2 GrokPatternService (org.graylog2.grok.GrokPatternService)2 Input (org.graylog2.inputs.Input)2 FakeHttpMessageInput (org.graylog2.inputs.random.FakeHttpMessageInput)2 RawUDPInput (org.graylog2.inputs.raw.udp.RawUDPInput)2 LookupTableService (org.graylog2.lookup.LookupTableService)2