Example 6 with LookupTable
use of org.graylog2.lookup.LookupTable in project graylog2-server by Graylog2.
the class LookupTableTesterResource method doTestLookupTable.
private LookupTableTesterResponse doTestLookupTable(String string, String lookupTableName) {
if (!lookupTableService.hasTable(lookupTableName)) {
return LookupTableTesterResponse.error("Lookup table <" + lookupTableName + "> doesn't exist");
}
final LookupTableService.Function table = lookupTableService.newBuilder().lookupTable(lookupTableName).build();
final LookupResult result = table.lookup(string.trim());
if (result == null) {
return LookupTableTesterResponse.emptyResult(string);
}
return LookupTableTesterResponse.result(string, result);
}
Also used :
LookupResult(org.graylog2.plugin.lookup.LookupResult)
LookupTableService(org.graylog2.lookup.LookupTableService)
Example 7 with LookupTable
use of org.graylog2.lookup.LookupTable in project graylog2-server by Graylog2.
the class InputFacadeTest method resolveForInstallationLookupTable.
@Test
@MongoDBFixtures("InputFacadeTest.json")
public void resolveForInstallationLookupTable() throws NotFoundException {
when(lookupuptableBuilder.lookupTable("whois")).thenReturn(lookupuptableBuilder);
when(lookupuptableBuilder.lookupTable("tor-exit-node-list")).thenReturn(lookupuptableBuilder);
when(lookupuptableBuilder.build()).thenReturn(lookupTable);
when(lookupTableService.newBuilder()).thenReturn(lookupuptableBuilder);
when(lookupTableService.hasTable("whois")).thenReturn(true);
when(lookupTableService.hasTable("tor-exit-node-list")).thenReturn(true);
final Input input = inputService.find("5ae2eb0a3d27464477f0fd8b");
final Map<String, Object> lookupTableConfig = new HashedMap(1);
lookupTableConfig.put("lookup_table_name", "tor-exit-node-list");
final ConverterEntity converterEntity = ConverterEntity.create(ValueReference.of(Converter.Type.LOOKUP_TABLE.name()), ReferenceMapUtils.toReferenceMap(lookupTableConfig));
final List<ConverterEntity> converterEntities = new ArrayList<>(1);
converterEntities.add(converterEntity);
final InputWithExtractors inputWithExtractors = InputWithExtractors.create(input, inputService.getExtractors(input));
final LookupTableExtractor extractor = (LookupTableExtractor) inputWithExtractors.extractors().iterator().next();
final ExtractorEntity extractorEntity = ExtractorEntity.create(ValueReference.of(extractor.getTitle()), ValueReference.of(extractor.getType()), ValueReference.of(extractor.getCursorStrategy()), ValueReference.of(extractor.getTargetField()), ValueReference.of(extractor.getSourceField()), ReferenceMapUtils.toReferenceMap(extractor.getExtractorConfig()), converterEntities, ValueReference.of(extractor.getConditionType()), ValueReference.of(extractor.getConditionValue()), ValueReference.of(extractor.getOrder()));
List<ExtractorEntity> extractors = new ArrayList<>();
extractors.add(extractorEntity);
InputEntity inputEntity = InputEntity.create(ValueReference.of(input.getTitle()), ReferenceMapUtils.toReferenceMap(input.getConfiguration()), Collections.emptyMap(), ValueReference.of(input.getType()), ValueReference.of(input.isGlobal()), extractors);
final Entity entity = EntityV1.builder().id(ModelId.of(input.getId())).type(ModelTypes.INPUT_V1).data(objectMapper.convertValue(inputEntity, JsonNode.class)).build();
final LookupTableEntity whoIsEntity = LookupTableEntity.create(ValueReference.of("whois"), ValueReference.of("title"), ValueReference.of("description"), ValueReference.of("cache_name"), ValueReference.of("dataadapter_name"), ValueReference.of("default_single_value"), ValueReference.of("BOOLEAN"), ValueReference.of("default_multi_value"), ValueReference.of("BOOLEAN"));
final LookupTableEntity torNodeEntity = LookupTableEntity.create(ValueReference.of("tor-exit-node-list"), ValueReference.of("title"), ValueReference.of("description"), ValueReference.of("cache_name"), ValueReference.of("dataadapter_name"), ValueReference.of("default_single_value"), ValueReference.of("BOOLEAN"), ValueReference.of("default_multi_value"), ValueReference.of("BOOLEAN"));
final Entity expectedWhoIsEntity = EntityV1.builder().id(ModelId.of("dead-beef")).data(objectMapper.convertValue(whoIsEntity, JsonNode.class)).type(ModelTypes.LOOKUP_TABLE_V1).build();
final Entity expectedTorEntity = EntityV1.builder().id(ModelId.of("dead-feed")).data(objectMapper.convertValue(torNodeEntity, JsonNode.class)).type(ModelTypes.LOOKUP_TABLE_V1).build();
final EntityDescriptor whoisDescriptor = expectedWhoIsEntity.toEntityDescriptor();
final EntityDescriptor torDescriptor = expectedTorEntity.toEntityDescriptor();
final Map<EntityDescriptor, Entity> entityDescriptorEntityMap = new HashMap<>(2);
entityDescriptorEntityMap.put(whoisDescriptor, expectedWhoIsEntity);
entityDescriptorEntityMap.put(torDescriptor, expectedTorEntity);
Graph<Entity> graph = facade.resolveForInstallation(entity, Collections.emptyMap(), entityDescriptorEntityMap);
assertThat(graph.nodes()).contains(expectedWhoIsEntity);
assertThat(graph.nodes()).contains(expectedTorEntity);
}
Also used :
NativeEntity(org.graylog2.contentpacks.model.entities.NativeEntity)
ConverterEntity(org.graylog2.contentpacks.model.entities.ConverterEntity)
InputEntity(org.graylog2.contentpacks.model.entities.InputEntity)
Entity(org.graylog2.contentpacks.model.entities.Entity)
ExtractorEntity(org.graylog2.contentpacks.model.entities.ExtractorEntity)
LookupTableEntity(org.graylog2.contentpacks.model.entities.LookupTableEntity)
GrokPatternEntity(org.graylog2.contentpacks.model.entities.GrokPatternEntity)
HashMap(java.util.HashMap)
LookupTableExtractor(org.graylog2.inputs.extractors.LookupTableExtractor)
ArrayList(java.util.ArrayList)
JsonNode(com.fasterxml.jackson.databind.JsonNode)
EntityDescriptor(org.graylog2.contentpacks.model.entities.EntityDescriptor)
RawUDPInput(org.graylog2.inputs.raw.udp.RawUDPInput)
Input(org.graylog2.inputs.Input)
FakeHttpMessageInput(org.graylog2.inputs.random.FakeHttpMessageInput)
MessageInput(org.graylog2.plugin.inputs.MessageInput)
LookupTableEntity(org.graylog2.contentpacks.model.entities.LookupTableEntity)
ConverterEntity(org.graylog2.contentpacks.model.entities.ConverterEntity)
ExtractorEntity(org.graylog2.contentpacks.model.entities.ExtractorEntity)
InputEntity(org.graylog2.contentpacks.model.entities.InputEntity)
HashedMap(org.apache.commons.collections.map.HashedMap)
MongoDBFixtures(org.graylog.testing.mongodb.MongoDBFixtures)
Test(org.junit.Test)
Example 8 with LookupTable
use of org.graylog2.lookup.LookupTable in project graylog2-server by Graylog2.
the class InputFacadeTest method resolveNativeEntityLookupTable.
@Test
@MongoDBFixtures("InputFacadeTest.json")
public void resolveNativeEntityLookupTable() throws NotFoundException {
when(lookupuptableBuilder.lookupTable("whois")).thenReturn(lookupuptableBuilder);
when(lookupuptableBuilder.lookupTable("tor-exit-node-list")).thenReturn(lookupuptableBuilder);
when(lookupuptableBuilder.build()).thenReturn(lookupTable);
when(lookupTableService.newBuilder()).thenReturn(lookupuptableBuilder);
when(lookupTableService.hasTable("whois")).thenReturn(true);
when(lookupTableService.hasTable("tor-exit-node-list")).thenReturn(true);
when(lookupTableWhois.id()).thenReturn("dead-beef");
when(dbLookupTableService.get("whois")).thenReturn(Optional.of(lookupTableWhois));
when(lookupTableTor.id()).thenReturn("dead-feed");
when(dbLookupTableService.get("tor-exit-node-list")).thenReturn(Optional.of(lookupTableTor));
final Input input = inputService.find("5ae2eb0a3d27464477f0fd8b");
EntityDescriptor entityDescriptor = EntityDescriptor.create(ModelId.of(input.getId()), ModelTypes.INPUT_V1);
EntityDescriptor expectedEntitiyDescriptorWhois = EntityDescriptor.create(ModelId.of("dead-beef"), ModelTypes.LOOKUP_TABLE_V1);
EntityDescriptor expectedEntitiyDescriptorTor = EntityDescriptor.create(ModelId.of("dead-feed"), ModelTypes.LOOKUP_TABLE_V1);
Graph<EntityDescriptor> graph = facade.resolveNativeEntity(entityDescriptor);
assertThat(graph.nodes()).contains(expectedEntitiyDescriptorWhois);
assertThat(graph.nodes()).contains(expectedEntitiyDescriptorTor);
}
Also used :
EntityDescriptor(org.graylog2.contentpacks.model.entities.EntityDescriptor)
RawUDPInput(org.graylog2.inputs.raw.udp.RawUDPInput)
Input(org.graylog2.inputs.Input)
FakeHttpMessageInput(org.graylog2.inputs.random.FakeHttpMessageInput)
MessageInput(org.graylog2.plugin.inputs.MessageInput)
MongoDBFixtures(org.graylog.testing.mongodb.MongoDBFixtures)
Test(org.junit.Test)
Example 9 with LookupTable
use of org.graylog2.lookup.LookupTable in project graylog2-server by Graylog2.
the class LookupTableService method createLookupTable.
private LookupTable createLookupTable(LookupTableDto dto) {
final LookupCache cache = idToCache.get(dto.cacheId());
if (cache == null) {
LOG.warn("Lookup table {} is referencing a missing cache {}, check if it started properly.", dto.name(), dto.cacheId());
return null;
}
final LookupDataAdapter adapter = idToAdapter.get(dto.dataAdapterId());
if (adapter == null) {
LOG.warn("Lookup table {} is referencing a missing data adapter {}, check if it started properly.", dto.name(), dto.dataAdapterId());
return null;
}
final LookupDefaultSingleValue defaultSingleValue;
try {
defaultSingleValue = LookupDefaultSingleValue.create(dto.defaultSingleValue(), dto.defaultSingleValueType());
} catch (Exception e) {
LOG.error("Could not create default single value object for lookup table {}/{}: {}", dto.name(), dto.id(), e.getMessage());
return null;
}
final LookupDefaultMultiValue defaultMultiValue;
try {
defaultMultiValue = LookupDefaultMultiValue.create(dto.defaultMultiValue(), dto.defaultMultiValueType());
} catch (Exception e) {
LOG.error("Could not create default multi value object for lookup table {}/{}: {}", dto.name(), dto.id(), e.getMessage());
return null;
}
final LookupTable table = LookupTable.builder().id(dto.id()).name(dto.name()).description(dto.description()).title(dto.title()).cache(cache).dataAdapter(adapter).defaultSingleValue(defaultSingleValue).defaultMultiValue(defaultMultiValue).build();
final LookupCache newCache = table.cache();
final LookupDataAdapter newAdapter = table.dataAdapter();
LOG.info("Starting lookup table {}/{} [@{}] using cache {}/{} [@{}], data adapter {}/{} [@{}]", table.name(), table.id(), objectId(table), newCache.name(), newCache.id(), objectId(newCache), newAdapter.name(), newAdapter.id(), objectId(newAdapter));
final LookupTable previous = liveTables.put(dto.name(), table);
if (previous != null) {
LOG.info("Replaced previous lookup table {} [@{}]", previous.name(), objectId(previous));
}
return table;
}
Also used :
LookupDataAdapter(org.graylog2.plugin.lookup.LookupDataAdapter)
LookupCache(org.graylog2.plugin.lookup.LookupCache)
Example 10 with LookupTable
use of org.graylog2.lookup.LookupTable in project graylog2-server by Graylog2.
the class FunctionsSnippetsTest method lookupSetValue.
@Test
public void lookupSetValue() {
doReturn(LookupResult.single(123)).when(lookupTable).setValue(any(), any());
final Rule rule = parser.parseRule(ruleForTest(), true);
final Message message = evaluateRule(rule);
verify(lookupTable).setValue("key", 123L);
verifyNoMoreInteractions(lookupTable);
assertThat(message.getField("new_value")).isEqualTo(123);
}
Also used :
CreateMessage(org.graylog.plugins.pipelineprocessor.functions.messages.CreateMessage)
CloneMessage(org.graylog.plugins.pipelineprocessor.functions.messages.CloneMessage)
DropMessage(org.graylog.plugins.pipelineprocessor.functions.messages.DropMessage)
Message(org.graylog2.plugin.Message)
MockitoRule(org.mockito.junit.MockitoRule)
Rule(org.graylog.plugins.pipelineprocessor.ast.Rule)
BaseParserTest(org.graylog.plugins.pipelineprocessor.BaseParserTest)
Test(org.junit.Test)
Aggregations
Test (org.junit.Test)6
CloneMessage (org.graylog.plugins.pipelineprocessor.functions.messages.CloneMessage)5
CreateMessage (org.graylog.plugins.pipelineprocessor.functions.messages.CreateMessage)5
DropMessage (org.graylog.plugins.pipelineprocessor.functions.messages.DropMessage)5
Message (org.graylog2.plugin.Message)5
BaseParserTest (org.graylog.plugins.pipelineprocessor.BaseParserTest)4
Rule (org.graylog.plugins.pipelineprocessor.ast.Rule)4
IsString (org.graylog.plugins.pipelineprocessor.functions.conversion.IsString)4
ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)4
MockitoRule (org.mockito.junit.MockitoRule)4
LookupTableEntity (org.graylog2.contentpacks.model.entities.LookupTableEntity)3
JsonNode (com.fasterxml.jackson.databind.JsonNode)2
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)2
MongoDBFixtures (org.graylog.testing.mongodb.MongoDBFixtures)2
EntityDescriptor (org.graylog2.contentpacks.model.entities.EntityDescriptor)2
GrokPatternService (org.graylog2.grok.GrokPatternService)2
Input (org.graylog2.inputs.Input)2
FakeHttpMessageInput (org.graylog2.inputs.random.FakeHttpMessageInput)2
RawUDPInput (org.graylog2.inputs.raw.udp.RawUDPInput)2
LookupTableService (org.graylog2.lookup.LookupTableService)2
