Examples with Message org.graylog2.plugin.Message used on opensource projects

Search in sources :

Example 61 with Message

use of org.graylog2.plugin.Message in project graylog2-server by Graylog2.

the class PipelineInterpreterTest method testMatchPassContinuesIfNoRuleMatched.

@Test
public void testMatchPassContinuesIfNoRuleMatched() {
    final RuleService ruleService = mock(MongoDbRuleService.class);
    when(ruleService.loadAll()).thenReturn(ImmutableList.of(RULE_TRUE, RULE_FALSE, RULE_ADD_FOOBAR));
    final PipelineService pipelineService = mock(MongoDbPipelineService.class);
    when(pipelineService.loadAll()).thenReturn(Collections.singleton(PipelineDao.create("p1", "title", "description", "pipeline \"pipeline\"\n" + "stage 0 match pass\n" + "    rule \"false\";\n" + "stage 1 match pass\n" + "    rule \"add_foobar\";\n" + "end\n", Tools.nowUTC(), null)));
    final Map<String, Function<?>> functions = ImmutableMap.of(SetField.NAME, new SetField());
    final PipelineInterpreter interpreter = createPipelineInterpreter(ruleService, pipelineService, functions);
    final Messages processed = interpreter.process(messageInDefaultStream("message", "test"));
    final List<Message> messages = ImmutableList.copyOf(processed);
    assertThat(messages).hasSize(1);
    final Message actualMessage = messages.get(0);
    assertThat(actualMessage.getFieldAs(String.class, "foobar")).isEqualTo("covfefe");
}
Also used : Function(org.graylog.plugins.pipelineprocessor.ast.functions.Function) Messages(org.graylog2.plugin.Messages) PipelineService(org.graylog.plugins.pipelineprocessor.db.PipelineService) MongoDbPipelineService(org.graylog.plugins.pipelineprocessor.db.mongodb.MongoDbPipelineService) InMemoryPipelineService(org.graylog.plugins.pipelineprocessor.db.memory.InMemoryPipelineService) CreateMessage(org.graylog.plugins.pipelineprocessor.functions.messages.CreateMessage) DropMessage(org.graylog.plugins.pipelineprocessor.functions.messages.DropMessage) Message(org.graylog2.plugin.Message) RuleService(org.graylog.plugins.pipelineprocessor.db.RuleService) MongoDbRuleService(org.graylog.plugins.pipelineprocessor.db.mongodb.MongoDbRuleService) InMemoryRuleService(org.graylog.plugins.pipelineprocessor.db.memory.InMemoryRuleService) SetField(org.graylog.plugins.pipelineprocessor.functions.messages.SetField) Test(org.junit.Test)

Example 62 with Message

use of org.graylog2.plugin.Message in project graylog2-server by Graylog2.

the class PipelineInterpreterTest method testCreateMessage.

@Test
public void testCreateMessage() {
    final RuleService ruleService = mock(MongoDbRuleService.class);
    when(ruleService.loadAll()).thenReturn(Collections.singleton(RuleDao.create("abc", "title", "description", "rule \"creates message\"\n" + "when to_string($message.message) == \"original message\"\n" + "then\n" + "  create_message(\"derived message\");\n" + "end", Tools.nowUTC(), null)));
    final PipelineService pipelineService = mock(MongoDbPipelineService.class);
    when(pipelineService.loadAll()).thenReturn(Collections.singleton(PipelineDao.create("p1", "title", "description", "pipeline \"pipeline\"\n" + "stage 0 match all\n" + "    rule \"creates message\";\n" + "end\n", Tools.nowUTC(), null)));
    final Map<String, Function<?>> functions = ImmutableMap.of(CreateMessage.NAME, new CreateMessage(), StringConversion.NAME, new StringConversion());
    final PipelineInterpreter interpreter = createPipelineInterpreter(ruleService, pipelineService, functions);
    Message msg = messageInDefaultStream("original message", "test");
    final Messages processed = interpreter.process(msg);
    final Message[] messages = Iterables.toArray(processed, Message.class);
    assertEquals(2, messages.length);
}
Also used : Function(org.graylog.plugins.pipelineprocessor.ast.functions.Function) Messages(org.graylog2.plugin.Messages) PipelineService(org.graylog.plugins.pipelineprocessor.db.PipelineService) MongoDbPipelineService(org.graylog.plugins.pipelineprocessor.db.mongodb.MongoDbPipelineService) InMemoryPipelineService(org.graylog.plugins.pipelineprocessor.db.memory.InMemoryPipelineService) CreateMessage(org.graylog.plugins.pipelineprocessor.functions.messages.CreateMessage) DropMessage(org.graylog.plugins.pipelineprocessor.functions.messages.DropMessage) Message(org.graylog2.plugin.Message) RuleService(org.graylog.plugins.pipelineprocessor.db.RuleService) MongoDbRuleService(org.graylog.plugins.pipelineprocessor.db.mongodb.MongoDbRuleService) InMemoryRuleService(org.graylog.plugins.pipelineprocessor.db.memory.InMemoryRuleService) CreateMessage(org.graylog.plugins.pipelineprocessor.functions.messages.CreateMessage) StringConversion(org.graylog.plugins.pipelineprocessor.functions.conversion.StringConversion) Test(org.junit.Test)

Example 63 with Message

use of org.graylog2.plugin.Message in project graylog2-server by Graylog2.

the class PrecedenceTest method quotedLiteralInFieldRef.

@Test
public void quotedLiteralInFieldRef() {
    final Rule rule = parseRule("rule \"test\" when to_string($message.`true`) == \"true\" then end");
    final Message message = new Message("hallo", "test", Tools.nowUTC());
    message.addField("true", "true");
    final Message result = evaluateRule(rule, message);
    assertThat(result).isNotNull();
}
Also used : Message(org.graylog2.plugin.Message) Rule(org.graylog.plugins.pipelineprocessor.ast.Rule) BaseParserTest(org.graylog.plugins.pipelineprocessor.BaseParserTest) Test(org.junit.Test)

Example 64 with Message

use of org.graylog2.plugin.Message in project graylog2-server by Graylog2.

the class GeoIpResolverEngineTest method testGetIpAddressFieldsEnforceGraylogSchema.

@Test
public void testGetIpAddressFieldsEnforceGraylogSchema() {
    GeoIpResolverConfig conf = config.toBuilder().enforceGraylogSchema(true).build();
    final GeoIpResolverEngine engine = new GeoIpResolverEngine(geoIpVendorResolverService, conf, metricRegistry);
    Map<String, Object> fields = new HashMap<>();
    fields.put("_id", java.util.UUID.randomUUID().toString());
    fields.put("source_ip", "127.0.0.1");
    fields.put("src_ip", "127.0.0.1");
    fields.put("destination_ip", "127.0.0.1");
    fields.put("dest_ip", "127.0.0.1");
    fields.put("gl2_test", "127.0.0.1");
    Message message = new Message(fields);
    List<String> ipFields = engine.getIpAddressFields(message);
    // with the Graylog Schema enforced, only the source_ip and destination_ip should be returned
    Assertions.assertEquals(2, ipFields.size());
    Assertions.assertTrue(ipFields.contains("source_ip"));
    Assertions.assertTrue(ipFields.contains("destination_ip"));
}
Also used : Message(org.graylog2.plugin.Message) HashMap(java.util.HashMap) GeoIpResolverConfig(org.graylog.plugins.map.config.GeoIpResolverConfig) Test(org.junit.Test)

Example 65 with Message

use of org.graylog2.plugin.Message in project graylog2-server by Graylog2.

the class GeoIpResolverEngineTest method testFilterWithReservedIpAddress.

@Test
public void testFilterWithReservedIpAddress() {
    final GeoIpResolverEngine engine = new GeoIpResolverEngine(geoIpVendorResolverService, config, metricRegistry);
    Map<String, Object> fields = new HashMap<>();
    fields.put("_id", java.util.UUID.randomUUID().toString());
    fields.put("source_ip", "127.0.0.1");
    Message message = new Message(fields);
    engine.filter(message);
    Assertions.assertTrue(message.hasField("source_reserved_ip"));
}
Also used : Message(org.graylog2.plugin.Message) HashMap(java.util.HashMap) Test(org.junit.Test)

Aggregations

Message (org.graylog2.plugin.Message)420 Test (org.junit.Test)391 ApiOperation (io.swagger.annotations.ApiOperation)120 ApiResponses (io.swagger.annotations.ApiResponses)107 Timed (com.codahale.metrics.annotation.Timed)105 RawMessage (org.graylog2.plugin.journal.RawMessage)103 DateTime (org.joda.time.DateTime)102 Path (javax.ws.rs.Path)87 StreamRule (org.graylog2.plugin.streams.StreamRule)77 AuditEvent (org.graylog2.audit.jersey.AuditEvent)69 Produces (javax.ws.rs.Produces)57 Stream (org.graylog2.plugin.streams.Stream)55 CreateMessage (org.graylog.plugins.pipelineprocessor.functions.messages.CreateMessage)46 DropMessage (org.graylog.plugins.pipelineprocessor.functions.messages.DropMessage)46 BaseParserTest (org.graylog.plugins.pipelineprocessor.BaseParserTest)45 Rule (org.graylog.plugins.pipelineprocessor.ast.Rule)45 POST (javax.ws.rs.POST)41 GET (javax.ws.rs.GET)40 CloneMessage (org.graylog.plugins.pipelineprocessor.functions.messages.CloneMessage)36 MockitoRule (org.mockito.junit.MockitoRule)35
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial