Examples with Message - org.graylog2.plugin.Message

Example 66 with Message

use of org.graylog2.plugin.Message in project graylog2-server by Graylog2.

the class GeoIpResolverEngineTest method testGetIpAddressFieldsEnforceGraylogSchemaFalse.

@Test
public void testGetIpAddressFieldsEnforceGraylogSchemaFalse() {
    GeoIpResolverConfig conf = config.toBuilder().enforceGraylogSchema(false).build();
    final GeoIpResolverEngine engine = new GeoIpResolverEngine(geoIpVendorResolverService, conf, metricRegistry);
    Map<String, Object> fields = new HashMap<>();
    fields.put("_id", java.util.UUID.randomUUID().toString());
    fields.put("source_ip", "127.0.0.1");
    fields.put("src_ip", "127.0.0.1");
    fields.put("destination_ip", "127.0.0.1");
    fields.put("dest_ip", "127.0.0.1");
    fields.put("gl2_test", "127.0.0.1");
    Message message = new Message(fields);
    List<String> ipFields = engine.getIpAddressFields(message);
    // without enforcing the Graylog Schema, all but the gl2_* fields should be returned.
    Assertions.assertEquals(5, ipFields.size());
}

Also used : Message(org.graylog2.plugin.Message) HashMap(java.util.HashMap) GeoIpResolverConfig(org.graylog.plugins.map.config.GeoIpResolverConfig) Test(org.junit.Test)

Example 67 with Message

use of org.graylog2.plugin.Message in project graylog2-server by Graylog2.

the class MessagesAdapterES6Test method bulkIndexingParsesIndexMappingErrors.

@Test
public void bulkIndexingParsesIndexMappingErrors() throws Exception {
    final String messageId = "BOOMID";
    final BulkResult jestResult = mock(BulkResult.class);
    final BulkResult.BulkResultItem bulkResultItem = new MockedBulkResult().createResultItem("index", "someindex", "message", messageId, 400, "{\"type\":\"mapper_parsing_exception\",\"reason\":\"failed to parse [http_response_code]\",\"caused_by\":{\"type\":\"number_format_exception\",\"reason\":\"For input string: \\\"FOOBAR\\\"\"}}", null, "mapper_parsing_exception", "failed to parse [http_response_code]");
    when(jestResult.isSucceeded()).thenReturn(false);
    when(jestResult.getFailedItems()).thenReturn(ImmutableList.of(bulkResultItem));
    when(jestClient.execute(any())).thenReturn(jestResult).thenThrow(new IllegalStateException("JestResult#execute should not be called twice."));
    final List<IndexingRequest> messageList = messageListWith(messageWithId(messageId));
    final List<Messages.IndexingError> result = messagesAdapter.bulkIndex(messageList);
    assertThat(result).hasSize(1).extracting(indexingError -> indexingError.message().getId(), Messages.IndexingError::errorType, Messages.IndexingError::errorMessage).containsExactly(tuple(messageId, Messages.IndexingError.ErrorType.MappingError, "failed to parse [http_response_code]"));
}

Also used : ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) BeforeEach(org.junit.jupiter.api.BeforeEach) DateTimeZone(org.joda.time.DateTimeZone) Arrays(java.util.Arrays) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) INDEX_BLOCK_ERROR(org.graylog.storage.elasticsearch6.MessagesAdapterES6.INDEX_BLOCK_ERROR) JestClient(io.searchbox.client.JestClient) ImmutableList(com.google.common.collect.ImmutableList) Assertions.assertThatThrownBy(org.assertj.core.api.Assertions.assertThatThrownBy) Messages(org.graylog2.indexer.messages.Messages) IndexSet(org.graylog2.indexer.IndexSet) MetricRegistry(com.codahale.metrics.MetricRegistry) IndexingRequest(org.graylog2.indexer.messages.IndexingRequest) Assertions.tuple(org.assertj.core.api.Assertions.tuple) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) DateTime(org.joda.time.DateTime) ObjectMapperProvider(org.graylog2.shared.bindings.providers.ObjectMapperProvider) IOException(java.io.IOException) Mockito.times(org.mockito.Mockito.times) Mockito.when(org.mockito.Mockito.when) Collectors(java.util.stream.Collectors) INDEX_BLOCK_REASON(org.graylog.storage.elasticsearch6.MessagesAdapterES6.INDEX_BLOCK_REASON) Mockito.verify(org.mockito.Mockito.verify) BulkResult(io.searchbox.core.BulkResult) Test(org.junit.jupiter.api.Test) List(java.util.List) Mockito.never(org.mockito.Mockito.never) ChunkedBulkIndexer(org.graylog2.indexer.messages.ChunkedBulkIndexer) Message(org.graylog2.plugin.Message) Collections(java.util.Collections) Mockito.mock(org.mockito.Mockito.mock) IndexingRequest(org.graylog2.indexer.messages.IndexingRequest) Messages(org.graylog2.indexer.messages.Messages) BulkResult(io.searchbox.core.BulkResult) Test(org.junit.jupiter.api.Test)

Example 68 with Message

use of org.graylog2.plugin.Message in project graylog2-server by Graylog2.

the class MessagesES6IT method getResultDoesNotContainJestMetadataFields.

@Test
public void getResultDoesNotContainJestMetadataFields() throws Exception {
    final String index = client().createRandomIndex("random");
    final Map<String, Object> source = new HashMap<>();
    source.put("message", "message");
    source.put("source", "source");
    source.put("timestamp", "2017-04-13 15:29:00.000");
    assertThat(indexMessage(index, source, "1")).isTrue();
    final ResultMessage resultMessage = messages.get("1", index);
    final Message message = resultMessage.getMessage();
    assertThat(message).isNotNull();
    assertThat(message.hasField(JestResult.ES_METADATA_ID)).isFalse();
    assertThat(message.hasField(JestResult.ES_METADATA_VERSION)).isFalse();
}

Also used : ResultMessage(org.graylog2.indexer.results.ResultMessage) Message(org.graylog2.plugin.Message) HashMap(java.util.HashMap) ResultMessage(org.graylog2.indexer.results.ResultMessage) Test(org.junit.Test)

Example 69 with Message

use of org.graylog2.plugin.Message in project graylog2-server by Graylog2.

the class ScrollResultES6IT method nextChunkDoesNotContainJestMetadata.

@Test
public void nextChunkDoesNotContainJestMetadata() throws IOException {
    importFixture("ScrollResultIT.json");
    final String query = SearchSourceBuilder.searchSource().query(matchAllQuery()).toString();
    final Search request = new Search.Builder(query).addIndex(INDEX_NAME).addType(IndexMapping.TYPE_MESSAGE).setParameter(Parameters.SCROLL, "1m").setParameter(Parameters.SIZE, 5).build();
    final SearchResult searchResult = JestUtils.execute(jestClient(elasticsearch), request, () -> "Exception");
    assertThat(jestClient(elasticsearch)).isNotNull();
    final ScrollResult scrollResult = new ScrollResultES6(jestClient(elasticsearch), objectMapper, searchResult, "*", Collections.singletonList("message"), -1);
    scrollResult.nextChunk().getMessages().forEach(message -> assertThat(message.getMessage().getFields()).doesNotContainKeys("es_metadata_id", "es_metadata_version"));
    scrollResult.nextChunk().getMessages().forEach(message -> assertThat(message.getMessage().getFields()).doesNotContainKeys("es_metadata_id", "es_metadata_version"));
    assertThat(scrollResult.nextChunk()).isNull();
}

Also used : ScrollResult(org.graylog2.indexer.results.ScrollResult) Search(io.searchbox.core.Search) SearchResult(io.searchbox.core.SearchResult) Test(org.junit.Test) ElasticsearchBaseTest(org.graylog.testing.elasticsearch.ElasticsearchBaseTest)

Example 70 with Message

use of org.graylog2.plugin.Message in project graylog2-server by Graylog2.

the class JestUtilsTest method executeFailsWithCustomMessage.

@Test
public void executeFailsWithCustomMessage() throws Exception {
    final Ping request = new Ping.Builder().build();
    final JestResult resultMock = mock(JestResult.class);
    when(resultMock.isSucceeded()).thenReturn(false);
    final ObjectNode responseStub = objectMapper.createObjectNode();
    final ObjectNode errorStub = objectMapper.createObjectNode();
    responseStub.set("Message", new TextNode("Authorization header requires 'Credential' parameter."));
    errorStub.set("error", responseStub);
    when(resultMock.getJsonObject()).thenReturn(errorStub);
    when(clientMock.execute(request)).thenReturn(resultMock);
    try {
        JestUtils.execute(clientMock, request, () -> "BOOM");
        fail("Expected ElasticsearchException to be thrown");
    } catch (ElasticsearchException e) {
        assertThat(e).hasMessageStartingWith("BOOM").hasMessageEndingWith("{\"Message\":\"Authorization header requires 'Credential' parameter.\"}").hasNoSuppressedExceptions();
        assertThat(e.getErrorDetails()).containsExactly("{\"Message\":\"Authorization header requires 'Credential' parameter.\"}");
    }
}

Also used : ObjectNode(com.fasterxml.jackson.databind.node.ObjectNode) Ping(io.searchbox.core.Ping) TextNode(com.fasterxml.jackson.databind.node.TextNode) ElasticsearchException(org.graylog2.indexer.ElasticsearchException) JestResult(io.searchbox.client.JestResult) Test(org.junit.Test)

Aggregations

Message (org.graylog2.plugin.Message)420 Test (org.junit.Test)391 ApiOperation (io.swagger.annotations.ApiOperation)120 ApiResponses (io.swagger.annotations.ApiResponses)107 Timed (com.codahale.metrics.annotation.Timed)105 RawMessage (org.graylog2.plugin.journal.RawMessage)103 DateTime (org.joda.time.DateTime)102 Path (javax.ws.rs.Path)87 StreamRule (org.graylog2.plugin.streams.StreamRule)77 AuditEvent (org.graylog2.audit.jersey.AuditEvent)69 Produces (javax.ws.rs.Produces)57 Stream (org.graylog2.plugin.streams.Stream)55 CreateMessage (org.graylog.plugins.pipelineprocessor.functions.messages.CreateMessage)46 DropMessage (org.graylog.plugins.pipelineprocessor.functions.messages.DropMessage)46 BaseParserTest (org.graylog.plugins.pipelineprocessor.BaseParserTest)45 Rule (org.graylog.plugins.pipelineprocessor.ast.Rule)45 POST (javax.ws.rs.POST)41 GET (javax.ws.rs.GET)40 CloneMessage (org.graylog.plugins.pipelineprocessor.functions.messages.CloneMessage)36 MockitoRule (org.mockito.junit.MockitoRule)35