Example 76 with Message
use of org.graylog2.plugin.Message in project graylog2-server by Graylog2.
the class BeatsCodec method parseTopbeat.
/**
* @see <a href="https://www.elastic.co/guide/en/beats/topbeat/1.2/exported-fields.html">Topbeat Exported Fields</a>
*/
private Message parseTopbeat(Map<String, Object> event) {
final Message gelfMessage = createMessage("-", event);
gelfMessage.addField("facility", "topbeat");
final Map<String, Object> flattened = MapUtils.flatten(event, "topbeat", MAP_KEY_SEPARATOR);
// Fix field names containing dots, like "cpu.name"
final Map<String, Object> withoutDots = MapUtils.replaceKeyCharacter(flattened, '.', MAP_KEY_SEPARATOR.charAt(0));
gelfMessage.addFields(withoutDots);
return gelfMessage;
}
Also used :
RawMessage(org.graylog2.plugin.journal.RawMessage)
Message(org.graylog2.plugin.Message)
Example 77 with Message
use of org.graylog2.plugin.Message in project graylog2-server by Graylog2.
the class BeatsCodec method parsePacketbeat.
/**
* @see <a href="https://www.elastic.co/guide/en/beats/packetbeat/1.2/exported-fields.html">Packetbeat Exported Fields</a>
*/
private Message parsePacketbeat(Map<String, Object> event) {
final Message gelfMessage = createMessage("-", event);
gelfMessage.addField("facility", "packetbeat");
final Map<String, Object> flattened = MapUtils.flatten(event, "packetbeat", MAP_KEY_SEPARATOR);
// Fix field names containing dots, like "icmp.version"
final Map<String, Object> withoutDots = MapUtils.replaceKeyCharacter(flattened, '.', MAP_KEY_SEPARATOR.charAt(0));
gelfMessage.addFields(withoutDots);
return gelfMessage;
}
Also used :
RawMessage(org.graylog2.plugin.journal.RawMessage)
Message(org.graylog2.plugin.Message)
Example 78 with Message
use of org.graylog2.plugin.Message in project graylog2-server by Graylog2.
the class HasField method evaluate.
@Override
public Boolean evaluate(FunctionArgs args, EvaluationContext context) {
final String field = fieldParam.required(args, context);
final Message message = messageParam.optional(args, context).orElse(context.currentMessage());
return message.hasField(field);
}
Also used :
Message(org.graylog2.plugin.Message)
Example 79 with Message
use of org.graylog2.plugin.Message in project graylog2-server by Graylog2.
the class RemoveFromStream method evaluate.
@Override
public Void evaluate(FunctionArgs args, EvaluationContext context) {
Optional<String> id = idParam.optional(args, context);
Collection<Stream> streams;
if (!id.isPresent()) {
final Optional<Collection<Stream>> foundStreams = nameParam.optional(args, context).map(streamCacheService::getByName);
if (!foundStreams.isPresent()) {
// TODO signal error somehow
return null;
} else {
streams = foundStreams.get();
}
} else {
final Stream stream = streamCacheService.getById(id.get());
if (stream == null) {
return null;
}
streams = Collections.singleton(stream);
}
final Message message = messageParam.optional(args, context).orElse(context.currentMessage());
streams.forEach(stream -> {
if (!stream.isPaused()) {
message.removeStream(stream);
}
});
// always leave a message at least on the default stream if we removed the last stream it was on
if (message.getStreams().isEmpty()) {
message.addStream(defaultStreamProvider.get());
}
return null;
}
Also used :
Message(org.graylog2.plugin.Message)
Collection(java.util.Collection)
DefaultStream(org.graylog2.plugin.streams.DefaultStream)
Stream(org.graylog2.plugin.streams.Stream)
Example 80 with Message
use of org.graylog2.plugin.Message in project graylog2-server by Graylog2.
the class RouteToStream method evaluate.
@Override
public Void evaluate(FunctionArgs args, EvaluationContext context) {
String id = idParam.optional(args, context).orElse("");
final Collection<Stream> streams;
if ("".equals(id)) {
final String name = nameParam.optional(args, context).orElse("");
if ("".equals(name)) {
return null;
}
streams = streamCacheService.getByName(name);
if (streams.isEmpty()) {
// TODO signal error somehow
return null;
}
} else {
final Stream stream = streamCacheService.getById(id);
if (stream == null) {
return null;
}
streams = Collections.singleton(stream);
}
final Message message = messageParam.optional(args, context).orElse(context.currentMessage());
streams.forEach(stream -> {
if (!stream.isPaused()) {
message.addStream(stream);
}
});
if (removeFromDefault.optional(args, context).orElse(Boolean.FALSE)) {
message.removeStream(defaultStreamProvider.get());
}
return null;
}
Also used :
Message(org.graylog2.plugin.Message)
DefaultStream(org.graylog2.plugin.streams.DefaultStream)
Stream(org.graylog2.plugin.streams.Stream)
Aggregations
Message (org.graylog2.plugin.Message)420
Test (org.junit.Test)391
ApiOperation (io.swagger.annotations.ApiOperation)120
ApiResponses (io.swagger.annotations.ApiResponses)107
Timed (com.codahale.metrics.annotation.Timed)105
RawMessage (org.graylog2.plugin.journal.RawMessage)103
DateTime (org.joda.time.DateTime)102
Path (javax.ws.rs.Path)87
StreamRule (org.graylog2.plugin.streams.StreamRule)77
AuditEvent (org.graylog2.audit.jersey.AuditEvent)69
Produces (javax.ws.rs.Produces)57
Stream (org.graylog2.plugin.streams.Stream)55
CreateMessage (org.graylog.plugins.pipelineprocessor.functions.messages.CreateMessage)46
DropMessage (org.graylog.plugins.pipelineprocessor.functions.messages.DropMessage)46
BaseParserTest (org.graylog.plugins.pipelineprocessor.BaseParserTest)45
Rule (org.graylog.plugins.pipelineprocessor.ast.Rule)45
POST (javax.ws.rs.POST)41
GET (javax.ws.rs.GET)40
CloneMessage (org.graylog.plugins.pipelineprocessor.functions.messages.CloneMessage)36
MockitoRule (org.mockito.junit.MockitoRule)35
