use of org.graylog2.plugin.Messages in project graylog2-server by Graylog2.
the class AggregationEventProcessorTest method testEventsFromAggregationResultWithEmptyResultAndNoConfiguredStreamsUsesAllStreamsAsSourceStreams.
@Test
public void testEventsFromAggregationResultWithEmptyResultAndNoConfiguredStreamsUsesAllStreamsAsSourceStreams() {
final DateTime now = DateTime.now(DateTimeZone.UTC);
final AbsoluteRange timerange = AbsoluteRange.create(now.minusHours(1), now.plusHours(1));
// We expect to get the end of the aggregation timerange as event time
final TestEvent event1 = new TestEvent(timerange.to());
final TestEvent event2 = new TestEvent(timerange.to());
when(eventFactory.createEvent(any(EventDefinition.class), eq(now), anyString())).thenReturn(// first invocation return value
event1).thenReturn(// second invocation return value
event2);
when(streamService.loadAll()).thenReturn(ImmutableList.of(new StreamMock(Collections.singletonMap("_id", "stream-1"), Collections.emptyList()), new StreamMock(Collections.singletonMap("_id", "stream-2"), Collections.emptyList()), new StreamMock(Collections.singletonMap("_id", "stream-3"), Collections.emptyList()), new StreamMock(Collections.singletonMap("_id", StreamImpl.DEFAULT_STREAM_ID), Collections.emptyList()), new StreamMock(Collections.singletonMap("_id", StreamImpl.DEFAULT_EVENTS_STREAM_ID), Collections.emptyList()), new StreamMock(Collections.singletonMap("_id", StreamImpl.DEFAULT_SYSTEM_EVENTS_STREAM_ID), Collections.emptyList())));
final EventDefinitionDto eventDefinitionDto = buildEventDefinitionDto(ImmutableSet.of(), ImmutableList.of(), null);
final AggregationEventProcessorParameters parameters = AggregationEventProcessorParameters.builder().timerange(timerange).build();
final AggregationEventProcessor eventProcessor = new AggregationEventProcessor(eventDefinitionDto, searchFactory, eventProcessorDependencyCheck, stateService, moreSearch, streamService, messages);
final AggregationResult result = buildAggregationResult(timerange, now, ImmutableList.of("one", "two"));
final ImmutableList<EventWithContext> eventsWithContext = eventProcessor.eventsFromAggregationResult(eventFactory, parameters, result);
assertThat(eventsWithContext).hasSize(1);
assertThat(eventsWithContext.get(0)).satisfies(eventWithContext -> {
final Event event = eventWithContext.event();
assertThat(event.getId()).isEqualTo(event1.getId());
assertThat(event.getMessage()).isEqualTo(event1.getMessage());
assertThat(event.getEventTimestamp()).isEqualTo(timerange.to());
assertThat(event.getTimerangeStart()).isEqualTo(timerange.from());
assertThat(event.getTimerangeEnd()).isEqualTo(timerange.to());
// Must contain all existing streams but the default event streams!
assertThat(event.getSourceStreams()).containsOnly("stream-1", "stream-2", "stream-3", StreamImpl.DEFAULT_STREAM_ID);
final Message message = eventWithContext.messageContext().orElse(null);
assertThat(message).isNotNull();
assertThat(message.getField("group_field_one")).isEqualTo("one");
assertThat(message.getField("group_field_two")).isEqualTo("two");
assertThat(message.getField("aggregation_key")).isEqualTo("one|two");
assertThat(message.getField("aggregation_value_count")).isEqualTo(0.0d);
});
}
use of org.graylog2.plugin.Messages in project graylog2-server by Graylog2.
the class AggregationEventProcessorTest method testEventsFromAggregationResult.
@Test
public void testEventsFromAggregationResult() {
final DateTime now = DateTime.now(DateTimeZone.UTC);
final AbsoluteRange timerange = AbsoluteRange.create(now.minusHours(1), now.plusHours(1));
// We expect to get the end of the aggregation timerange as event time
final TestEvent event1 = new TestEvent(timerange.to());
final TestEvent event2 = new TestEvent(timerange.to());
when(eventFactory.createEvent(any(EventDefinition.class), eq(now), anyString())).thenReturn(// first invocation return value
event1).thenReturn(// second invocation return value
event2);
final EventDefinitionDto eventDefinitionDto = buildEventDefinitionDto(ImmutableSet.of("stream-2"), ImmutableList.of(), null);
final AggregationEventProcessorParameters parameters = AggregationEventProcessorParameters.builder().timerange(timerange).build();
final AggregationEventProcessor eventProcessor = new AggregationEventProcessor(eventDefinitionDto, searchFactory, eventProcessorDependencyCheck, stateService, moreSearch, streamService, messages);
final AggregationResult result = AggregationResult.builder().effectiveTimerange(timerange).totalAggregatedMessages(1).sourceStreams(ImmutableSet.of("stream-1", "stream-2")).keyResults(ImmutableList.of(AggregationKeyResult.builder().key(ImmutableList.of("one", "two")).timestamp(now).seriesValues(ImmutableList.of(AggregationSeriesValue.builder().key(ImmutableList.of("a")).value(42.0d).series(AggregationSeries.builder().id("abc123").function(AggregationFunction.COUNT).field("source").build()).build(), AggregationSeriesValue.builder().key(ImmutableList.of("a")).value(23.0d).series(AggregationSeries.builder().id("abc123-no-field").function(AggregationFunction.COUNT).build()).build(), AggregationSeriesValue.builder().key(ImmutableList.of("a")).value(1.0d).series(AggregationSeries.builder().id("xyz789").function(AggregationFunction.CARD).field("source").build()).build())).build())).build();
final ImmutableList<EventWithContext> eventsWithContext = eventProcessor.eventsFromAggregationResult(eventFactory, parameters, result);
assertThat(eventsWithContext).hasSize(1);
assertThat(eventsWithContext.get(0)).satisfies(eventWithContext -> {
final Event event = eventWithContext.event();
assertThat(event.getId()).isEqualTo(event1.getId());
assertThat(event.getMessage()).isEqualTo(event1.getMessage());
assertThat(event.getEventTimestamp()).isEqualTo(timerange.to());
assertThat(event.getTimerangeStart()).isEqualTo(timerange.from());
assertThat(event.getTimerangeEnd()).isEqualTo(timerange.to());
// Should only contain the streams that have been configured in event definition
assertThat(event.getSourceStreams()).containsOnly("stream-2");
final Message message = eventWithContext.messageContext().orElse(null);
assertThat(message).isNotNull();
assertThat(message.getField("group_field_one")).isEqualTo("one");
assertThat(message.getField("group_field_two")).isEqualTo("two");
assertThat(message.getField("aggregation_key")).isEqualTo("one|two");
assertThat(message.getField("aggregation_value_count_source")).isEqualTo(42.0d);
// Make sure that the count with a "null" field doesn't include the field in the name
assertThat(message.getField("aggregation_value_count")).isEqualTo(23.0d);
assertThat(message.getField("aggregation_value_card_source")).isEqualTo(1.0d);
assertThat(event.getGroupByFields().get("group_field_one")).isEqualTo("one");
assertThat(event.getGroupByFields().get("group_field_two")).isEqualTo("two");
});
}
use of org.graylog2.plugin.Messages in project graylog2-server by Graylog2.
the class PipelineInterpreterTest method testMatchAllDoesNotContinueIfNotAllRulesMatched.
@Test
public void testMatchAllDoesNotContinueIfNotAllRulesMatched() {
final RuleService ruleService = mock(MongoDbRuleService.class);
when(ruleService.loadAll()).thenReturn(ImmutableList.of(RULE_TRUE, RULE_FALSE, RULE_ADD_FOOBAR));
final PipelineService pipelineService = mock(MongoDbPipelineService.class);
when(pipelineService.loadAll()).thenReturn(Collections.singleton(PipelineDao.create("p1", "title", "description", "pipeline \"pipeline\"\n" + "stage 0 match all\n" + " rule \"true\";\n" + " rule \"false\";\n" + "stage 1 match either\n" + " rule \"add_foobar\";\n" + "end\n", Tools.nowUTC(), null)));
final Map<String, Function<?>> functions = ImmutableMap.of(SetField.NAME, new SetField());
final PipelineInterpreter interpreter = createPipelineInterpreter(ruleService, pipelineService, functions);
final Messages processed = interpreter.process(messageInDefaultStream("message", "test"));
final List<Message> messages = ImmutableList.copyOf(processed);
assertThat(messages).hasSize(1);
final Message actualMessage = messages.get(0);
assertThat(actualMessage.hasField("foobar")).isFalse();
}
use of org.graylog2.plugin.Messages in project graylog2-server by Graylog2.
the class PipelineInterpreterTest method testMatchAllContinuesIfAllRulesMatched.
@Test
public void testMatchAllContinuesIfAllRulesMatched() {
final RuleService ruleService = mock(MongoDbRuleService.class);
when(ruleService.loadAll()).thenReturn(ImmutableList.of(RULE_TRUE, RULE_FALSE, RULE_ADD_FOOBAR));
final PipelineService pipelineService = mock(MongoDbPipelineService.class);
when(pipelineService.loadAll()).thenReturn(Collections.singleton(PipelineDao.create("p1", "title", "description", "pipeline \"pipeline\"\n" + "stage 0 match all\n" + " rule \"true\";\n" + "stage 1 match either\n" + " rule \"add_foobar\";\n" + "end\n", Tools.nowUTC(), null)));
final Map<String, Function<?>> functions = ImmutableMap.of(SetField.NAME, new SetField());
final PipelineInterpreter interpreter = createPipelineInterpreter(ruleService, pipelineService, functions);
final Messages processed = interpreter.process(messageInDefaultStream("message", "test"));
final List<Message> messages = ImmutableList.copyOf(processed);
assertThat(messages).hasSize(1);
final Message actualMessage = messages.get(0);
assertThat(actualMessage.getFieldAs(String.class, "foobar")).isEqualTo("covfefe");
}
use of org.graylog2.plugin.Messages in project graylog2-server by Graylog2.
the class PipelineInterpreterTest method testMatchEitherContinuesIfOneRuleMatched.
@Test
public void testMatchEitherContinuesIfOneRuleMatched() {
final RuleService ruleService = mock(MongoDbRuleService.class);
when(ruleService.loadAll()).thenReturn(ImmutableList.of(RULE_TRUE, RULE_FALSE, RULE_ADD_FOOBAR));
final PipelineService pipelineService = mock(MongoDbPipelineService.class);
when(pipelineService.loadAll()).thenReturn(Collections.singleton(PipelineDao.create("p1", "title", "description", "pipeline \"pipeline\"\n" + "stage 0 match either\n" + " rule \"true\";\n" + " rule \"false\";\n" + "stage 1 match either\n" + " rule \"add_foobar\";\n" + "end\n", Tools.nowUTC(), null)));
final Map<String, Function<?>> functions = ImmutableMap.of(SetField.NAME, new SetField());
final PipelineInterpreter interpreter = createPipelineInterpreter(ruleService, pipelineService, functions);
final Messages processed = interpreter.process(messageInDefaultStream("message", "test"));
final List<Message> messages = ImmutableList.copyOf(processed);
assertThat(messages).hasSize(1);
final Message actualMessage = messages.get(0);
assertThat(actualMessage.getFieldAs(String.class, "foobar")).isEqualTo("covfefe");
}
Aggregations