Example 16 with Messages
use of org.graylog2.plugin.Messages in project graylog2-server by Graylog2.
the class LoggersResource method messages.
@GET
@Timed
@ApiOperation(value = "Get recent internal log messages")
@ApiResponses(value = { @ApiResponse(code = 404, message = "Memory appender is disabled."), @ApiResponse(code = 500, message = "Memory appender is broken.") })
@Path("/messages/recent")
@Produces(MediaType.APPLICATION_JSON)
public LogMessagesSummary messages(@ApiParam(name = "limit", value = "How many log messages should be returned", defaultValue = "500", allowableValues = "range[0, infinity]") @QueryParam("limit") @DefaultValue("500") @Min(0L) int limit, @ApiParam(name = "level", value = "Which log level (or higher) should the messages have", defaultValue = "ALL", allowableValues = "[OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE, ALL]") @QueryParam("level") @DefaultValue("ALL") @NotEmpty String level) {
final Appender appender = getAppender(MEMORY_APPENDER_NAME);
if (appender == null) {
throw new NotFoundException("Memory appender is disabled. Please refer to the example log4j.xml file.");
}
if (!(appender instanceof MemoryAppender)) {
throw new InternalServerErrorException("Memory appender is not an instance of MemoryAppender. Please refer to the example log4j.xml file.");
}
final Level logLevel = Level.toLevel(level, Level.ALL);
final MemoryAppender memoryAppender = (MemoryAppender) appender;
final List<InternalLogMessage> messages = new ArrayList<>(limit);
for (LogEvent event : memoryAppender.getLogMessages(limit)) {
final Level eventLevel = event.getLevel();
if (!eventLevel.isMoreSpecificThan(logLevel)) {
continue;
}
final ThrowableProxy thrownProxy = event.getThrownProxy();
final String throwable;
if (thrownProxy == null) {
throwable = null;
} else {
throwable = thrownProxy.getExtendedStackTraceAsString();
}
final Marker marker = event.getMarker();
messages.add(InternalLogMessage.create(event.getMessage().getFormattedMessage(), event.getLoggerName(), eventLevel.toString(), marker == null ? null : marker.toString(), new DateTime(event.getTimeMillis(), DateTimeZone.UTC), throwable, event.getThreadName(), event.getContextData().toMap()));
}
return LogMessagesSummary.create(messages);
}
Also used :
Appender(org.apache.logging.log4j.core.Appender)
MemoryAppender(org.graylog2.log4j.MemoryAppender)
MemoryAppender(org.graylog2.log4j.MemoryAppender)
LogEvent(org.apache.logging.log4j.core.LogEvent)
ArrayList(java.util.ArrayList)
NotFoundException(javax.ws.rs.NotFoundException)
Marker(org.apache.logging.log4j.Marker)
ThrowableProxy(org.apache.logging.log4j.core.impl.ThrowableProxy)
DateTime(org.joda.time.DateTime)
InternalLogMessage(org.graylog2.rest.models.system.loggers.responses.InternalLogMessage)
InternalServerErrorException(javax.ws.rs.InternalServerErrorException)
Level(org.apache.logging.log4j.Level)
Path(javax.ws.rs.Path)
Produces(javax.ws.rs.Produces)
Timed(com.codahale.metrics.annotation.Timed)
GET(javax.ws.rs.GET)
ApiOperation(io.swagger.annotations.ApiOperation)
ApiResponses(io.swagger.annotations.ApiResponses)
Example 17 with Messages
use of org.graylog2.plugin.Messages in project graylog2-server by Graylog2.
the class CmdLineTool method annotateInjectorExceptions.
protected void annotateInjectorExceptions(Collection<Message> messages) {
for (Message message : messages) {
//noinspection ThrowableResultOfMethodCallIgnored
final Throwable rootCause = ExceptionUtils.getRootCause(message.getCause());
if (rootCause instanceof NodeIdPersistenceException) {
LOG.error(UI.wallString("Unable to read or persist your NodeId file. This means your node id file (" + configuration.getNodeIdFile() + ") is not readable or writable by the current user. The following exception might give more information: " + message));
System.exit(-1);
} else if (rootCause instanceof AccessDeniedException) {
LOG.error(UI.wallString("Unable to access file " + rootCause.getMessage()));
System.exit(-2);
} else {
// other guice error, still print the raw messages
// TODO this could potentially print duplicate messages depending on what a subclass does...
LOG.error("Guice error (more detail on log level debug): {}", message.getMessage());
if (rootCause != null) {
LOG.debug("Stacktrace:", rootCause);
}
}
}
}
Also used :
AccessDeniedException(java.nio.file.AccessDeniedException)
Message(com.google.inject.spi.Message)
NodeIdPersistenceException(org.graylog2.plugin.system.NodeIdPersistenceException)
Example 18 with Messages
use of org.graylog2.plugin.Messages in project graylog2-server by Graylog2.
the class FieldContentValueAlertCondition method runCheck.
@Override
public CheckResult runCheck() {
String filter = "streams:" + stream.getId();
String query = field + ":\"" + value + "\"";
Integer backlogSize = getBacklog();
boolean backlogEnabled = false;
int searchLimit = 1;
if (backlogSize != null && backlogSize > 0) {
backlogEnabled = true;
searchLimit = backlogSize;
}
try {
SearchResult result = searches.search(query, filter, RelativeRange.create(configuration.getAlertCheckInterval()), searchLimit, 0, new Sorting("timestamp", Sorting.Direction.DESC));
final List<MessageSummary> summaries;
if (backlogEnabled) {
summaries = Lists.newArrayListWithCapacity(result.getResults().size());
for (ResultMessage resultMessage : result.getResults()) {
final Message msg = resultMessage.getMessage();
summaries.add(new MessageSummary(resultMessage.getIndex(), msg));
}
} else {
summaries = Collections.emptyList();
}
final long count = result.getTotalResults();
final String resultDescription = "Stream received messages matching <" + query + "> " + "(Current grace time: " + grace + " minutes)";
if (count > 0) {
LOG.debug("Alert check <{}> found [{}] messages.", id, count);
return new CheckResult(true, this, resultDescription, Tools.nowUTC(), summaries);
} else {
LOG.debug("Alert check <{}> returned no results.", id);
return new NegativeCheckResult();
}
} catch (InvalidRangeParametersException e) {
// cannot happen lol
LOG.error("Invalid timerange.", e);
return null;
} catch (InvalidRangeFormatException e) {
// lol same here
LOG.error("Invalid timerange format.", e);
return null;
}
}
Also used :
InvalidRangeFormatException(org.graylog2.indexer.InvalidRangeFormatException)
InvalidRangeParametersException(org.graylog2.plugin.indexer.searches.timeranges.InvalidRangeParametersException)
ResultMessage(org.graylog2.indexer.results.ResultMessage)
Message(org.graylog2.plugin.Message)
SearchResult(org.graylog2.indexer.results.SearchResult)
ResultMessage(org.graylog2.indexer.results.ResultMessage)
Sorting(org.graylog2.indexer.searches.Sorting)
MessageSummary(org.graylog2.plugin.MessageSummary)
Example 19 with Messages
use of org.graylog2.plugin.Messages in project graylog2-server by Graylog2.
the class FieldValueAlertCondition method runCheck.
@Override
public CheckResult runCheck() {
try {
final String filter = "streams:" + stream.getId();
// TODO we don't support cardinality yet
final FieldStatsResult fieldStatsResult = searches.fieldStats(field, "*", filter, RelativeRange.create(time * 60), false, true, false);
if (fieldStatsResult.getCount() == 0) {
LOG.debug("Alert check <{}> did not match any messages. Returning not triggered.", type);
return new NegativeCheckResult();
}
final double result;
switch(type) {
case MEAN:
result = fieldStatsResult.getMean();
break;
case MIN:
result = fieldStatsResult.getMin();
break;
case MAX:
result = fieldStatsResult.getMax();
break;
case SUM:
result = fieldStatsResult.getSum();
break;
case STDDEV:
result = fieldStatsResult.getStdDeviation();
break;
default:
LOG.error("No such field value check type: [{}]. Returning not triggered.", type);
return new NegativeCheckResult();
}
LOG.debug("Alert check <{}> result: [{}]", id, result);
if (Double.isInfinite(result)) {
// This happens when there are no ES results/docs.
LOG.debug("Infinite value. Returning not triggered.");
return new NegativeCheckResult();
}
final boolean triggered;
switch(thresholdType) {
case HIGHER:
triggered = result > threshold.doubleValue();
break;
case LOWER:
triggered = result < threshold.doubleValue();
break;
default:
triggered = false;
}
if (triggered) {
final String resultDescription = "Field " + field + " had a " + type + " of " + decimalFormat.format(result) + " in the last " + time + " minutes with trigger condition " + thresholdType + " than " + decimalFormat.format(threshold) + ". " + "(Current grace time: " + grace + " minutes)";
final List<MessageSummary> summaries;
if (getBacklog() > 0) {
final List<ResultMessage> searchResult = fieldStatsResult.getSearchHits();
summaries = Lists.newArrayListWithCapacity(searchResult.size());
for (ResultMessage resultMessage : searchResult) {
final Message msg = resultMessage.getMessage();
summaries.add(new MessageSummary(resultMessage.getIndex(), msg));
}
} else {
summaries = Collections.emptyList();
}
return new CheckResult(true, this, resultDescription, Tools.nowUTC(), summaries);
} else {
return new NegativeCheckResult();
}
} catch (InvalidRangeParametersException e) {
// cannot happen lol
LOG.error("Invalid timerange.", e);
return null;
} catch (InvalidRangeFormatException e) {
// lol same here
LOG.error("Invalid timerange format.", e);
return null;
} catch (Searches.FieldTypeException e) {
LOG.debug("Field [{}] seems not to have a numerical type or doesn't even exist at all. Returning not triggered.", field, e);
return new NegativeCheckResult();
}
}
Also used :
InvalidRangeFormatException(org.graylog2.indexer.InvalidRangeFormatException)
InvalidRangeParametersException(org.graylog2.plugin.indexer.searches.timeranges.InvalidRangeParametersException)
ResultMessage(org.graylog2.indexer.results.ResultMessage)
Message(org.graylog2.plugin.Message)
Searches(org.graylog2.indexer.searches.Searches)
ResultMessage(org.graylog2.indexer.results.ResultMessage)
FieldStatsResult(org.graylog2.indexer.results.FieldStatsResult)
MessageSummary(org.graylog2.plugin.MessageSummary)
Example 20 with Messages
use of org.graylog2.plugin.Messages in project graylog2-server by Graylog2.
the class MessageCountAlertCondition method runCheck.
@Override
public CheckResult runCheck() {
try {
// Create an absolute range from the relative range to make sure it doesn't change during the two
// search requests. (count and find messages)
// This is needed because the RelativeRange computes the range from NOW on every invocation of getFrom() and
// getTo().
// See: https://github.com/Graylog2/graylog2-server/issues/2382
final RelativeRange relativeRange = RelativeRange.create(time * 60);
final AbsoluteRange range = AbsoluteRange.create(relativeRange.getFrom(), relativeRange.getTo());
final String filter = "streams:" + stream.getId();
final CountResult result = searches.count("*", range, filter);
final long count = result.count();
LOG.debug("Alert check <{}> result: [{}]", id, count);
final boolean triggered;
switch(thresholdType) {
case MORE:
triggered = count > threshold;
break;
case LESS:
triggered = count < threshold;
break;
default:
triggered = false;
}
if (triggered) {
final List<MessageSummary> summaries = Lists.newArrayList();
if (getBacklog() > 0) {
final SearchResult backlogResult = searches.search("*", filter, range, getBacklog(), 0, new Sorting("timestamp", Sorting.Direction.DESC));
for (ResultMessage resultMessage : backlogResult.getResults()) {
final Message msg = resultMessage.getMessage();
summaries.add(new MessageSummary(resultMessage.getIndex(), msg));
}
}
final String resultDescription = "Stream had " + count + " messages in the last " + time + " minutes with trigger condition " + thresholdType.toString().toLowerCase(Locale.ENGLISH) + " than " + threshold + " messages. " + "(Current grace time: " + grace + " minutes)";
return new CheckResult(true, this, resultDescription, Tools.nowUTC(), summaries);
} else {
return new NegativeCheckResult();
}
} catch (InvalidRangeParametersException e) {
// cannot happen lol
LOG.error("Invalid timerange.", e);
return null;
} catch (InvalidRangeFormatException e) {
// lol same here
LOG.error("Invalid timerange format.", e);
return null;
}
}
Also used :
InvalidRangeFormatException(org.graylog2.indexer.InvalidRangeFormatException)
InvalidRangeParametersException(org.graylog2.plugin.indexer.searches.timeranges.InvalidRangeParametersException)
ResultMessage(org.graylog2.indexer.results.ResultMessage)
Message(org.graylog2.plugin.Message)
AbsoluteRange(org.graylog2.plugin.indexer.searches.timeranges.AbsoluteRange)
SearchResult(org.graylog2.indexer.results.SearchResult)
CountResult(org.graylog2.indexer.results.CountResult)
ResultMessage(org.graylog2.indexer.results.ResultMessage)
Sorting(org.graylog2.indexer.searches.Sorting)
RelativeRange(org.graylog2.plugin.indexer.searches.timeranges.RelativeRange)
MessageSummary(org.graylog2.plugin.MessageSummary)
Aggregations
Message (org.graylog2.plugin.Message)15
Timed (com.codahale.metrics.annotation.Timed)11
ApiOperation (io.swagger.annotations.ApiOperation)11
Produces (javax.ws.rs.Produces)10
ApiResponses (io.swagger.annotations.ApiResponses)9
Test (org.junit.Test)9
GET (javax.ws.rs.GET)8
Map (java.util.Map)6
SearchPhaseExecutionException (org.elasticsearch.action.search.SearchPhaseExecutionException)6
TimeRange (org.graylog2.plugin.indexer.searches.timeranges.TimeRange)6
MetricRegistry (com.codahale.metrics.MetricRegistry)5
IndexSet (org.graylog2.indexer.IndexSet)5
ResultMessage (org.graylog2.indexer.results.ResultMessage)5
Sorting (org.graylog2.indexer.searches.Sorting)5
Timer (com.codahale.metrics.Timer)4
ImmutableMap (com.google.common.collect.ImmutableMap)4
Stream (org.graylog2.plugin.streams.Stream)4
AccessDeniedException (java.nio.file.AccessDeniedException)3
ArrayList (java.util.ArrayList)3
List (java.util.List)3
