Search in sources :

Example 6 with InvalidRangeParametersException

use of org.graylog2.plugin.indexer.searches.timeranges.InvalidRangeParametersException in project graylog2-server by Graylog2.

the class FieldContentValueAlertCondition method runCheck.

@Override
public CheckResult runCheck() {
    String filter = buildQueryFilter(stream.getId(), query);
    String query = field + ":\"" + value + "\"";
    Integer backlogSize = getBacklog();
    boolean backlogEnabled = false;
    int searchLimit = 1;
    if (backlogSize != null && backlogSize > 0) {
        backlogEnabled = true;
        searchLimit = backlogSize;
    }
    try {
        SearchResult result = searches.search(query, filter, RelativeRange.create(configuration.getAlertCheckInterval()), searchLimit, 0, new Sorting(Message.FIELD_TIMESTAMP, Sorting.Direction.DESC));
        final List<MessageSummary> summaries;
        if (backlogEnabled) {
            summaries = Lists.newArrayListWithCapacity(result.getResults().size());
            for (ResultMessage resultMessage : result.getResults()) {
                final Message msg = resultMessage.getMessage();
                summaries.add(new MessageSummary(resultMessage.getIndex(), msg));
            }
        } else {
            summaries = Collections.emptyList();
        }
        final long count = result.getTotalResults();
        final String resultDescription = "Stream received messages matching <" + query + "> " + "(Current grace time: " + grace + " minutes)";
        if (count > 0) {
            LOG.debug("Alert check <{}> found [{}] messages.", id, count);
            return new CheckResult(true, this, resultDescription, Tools.nowUTC(), summaries);
        } else {
            LOG.debug("Alert check <{}> returned no results.", id);
            return new NegativeCheckResult();
        }
    } catch (InvalidRangeParametersException e) {
        // cannot happen lol
        LOG.error("Invalid timerange.", e);
        return null;
    }
}
Also used : InvalidRangeParametersException(org.graylog2.plugin.indexer.searches.timeranges.InvalidRangeParametersException) ResultMessage(org.graylog2.indexer.results.ResultMessage) Message(org.graylog2.plugin.Message) SearchResult(org.graylog2.indexer.results.SearchResult) ResultMessage(org.graylog2.indexer.results.ResultMessage) Sorting(org.graylog2.indexer.searches.Sorting) MessageSummary(org.graylog2.plugin.MessageSummary)

Example 7 with InvalidRangeParametersException

use of org.graylog2.plugin.indexer.searches.timeranges.InvalidRangeParametersException in project graylog2-server by Graylog2.

the class MessageCountAlertCondition method runCheck.

@Override
public CheckResult runCheck() {
    try {
        // Create an absolute range from the relative range to make sure it doesn't change during the two
        // search requests. (count and find messages)
        // This is needed because the RelativeRange computes the range from NOW on every invocation of getFrom() and
        // getTo().
        // See: https://github.com/Graylog2/graylog2-server/issues/2382
        final RelativeRange relativeRange = RelativeRange.create(time * 60);
        final AbsoluteRange range = AbsoluteRange.create(relativeRange.getFrom(), relativeRange.getTo());
        final String filter = buildQueryFilter(stream.getId(), query);
        final CountResult result = searches.count("*", range, filter);
        final long count = result.count();
        LOG.debug("Alert check <{}> result: [{}]", id, count);
        final boolean triggered;
        switch(thresholdType) {
            case MORE:
                triggered = count > threshold;
                break;
            case LESS:
                triggered = count < threshold;
                break;
            default:
                triggered = false;
        }
        if (triggered) {
            final List<MessageSummary> summaries = Lists.newArrayList();
            if (getBacklog() > 0) {
                final SearchResult backlogResult = searches.search("*", filter, range, getBacklog(), 0, new Sorting(Message.FIELD_TIMESTAMP, Sorting.Direction.DESC));
                for (ResultMessage resultMessage : backlogResult.getResults()) {
                    final Message msg = resultMessage.getMessage();
                    summaries.add(new MessageSummary(resultMessage.getIndex(), msg));
                }
            }
            final String resultDescription = "Stream had " + count + " messages in the last " + time + " minutes with trigger condition " + thresholdType.toString().toLowerCase(Locale.ENGLISH) + " than " + threshold + " messages. " + "(Current grace time: " + grace + " minutes)";
            return new CheckResult(true, this, resultDescription, Tools.nowUTC(), summaries);
        } else {
            return new NegativeCheckResult();
        }
    } catch (InvalidRangeParametersException e) {
        // cannot happen lol
        LOG.error("Invalid timerange.", e);
        return null;
    }
}
Also used : InvalidRangeParametersException(org.graylog2.plugin.indexer.searches.timeranges.InvalidRangeParametersException) ResultMessage(org.graylog2.indexer.results.ResultMessage) Message(org.graylog2.plugin.Message) AbsoluteRange(org.graylog2.plugin.indexer.searches.timeranges.AbsoluteRange) SearchResult(org.graylog2.indexer.results.SearchResult) CountResult(org.graylog2.indexer.results.CountResult) ResultMessage(org.graylog2.indexer.results.ResultMessage) Sorting(org.graylog2.indexer.searches.Sorting) RelativeRange(org.graylog2.plugin.indexer.searches.timeranges.RelativeRange) MessageSummary(org.graylog2.plugin.MessageSummary)

Example 8 with InvalidRangeParametersException

use of org.graylog2.plugin.indexer.searches.timeranges.InvalidRangeParametersException in project graylog2-server by Graylog2.

the class QueryEffectiveTimeRangeTest method returnSearchTypeTimeRangeIfPresentAndNoGlobalOverride.

@Test
public void returnSearchTypeTimeRangeIfPresentAndNoGlobalOverride() throws InvalidRangeParametersException {
    final SearchType searchType = mock(SearchType.class);
    when(searchType.timerange()).thenReturn(Optional.of(DerivedTimeRange.of(RelativeRange.create(7200))));
    final Query queryWithTimeRange = query.toBuilder().timerange(RelativeRange.create(3600)).build();
    final TimeRange result = queryWithTimeRange.effectiveTimeRange(searchType);
    assertThat(result).isEqualTo(RelativeRange.create(7200));
}
Also used : DerivedTimeRange(org.graylog.plugins.views.search.timeranges.DerivedTimeRange) TimeRange(org.graylog2.plugin.indexer.searches.timeranges.TimeRange) Test(org.junit.Test)

Example 9 with InvalidRangeParametersException

use of org.graylog2.plugin.indexer.searches.timeranges.InvalidRangeParametersException in project graylog2-server by Graylog2.

the class QueryEffectiveTimeRangeTest method returnGlobalOverrideTimeRangeWithOffsetIfPresentAndOffsetTimeRange.

@Test
public void returnGlobalOverrideTimeRangeWithOffsetIfPresentAndOffsetTimeRange() throws InvalidRangeParametersException {
    DateTimeUtils.setCurrentMillisFixed(1578590095642L);
    final SearchType searchType = mock(SearchType.class);
    when(searchType.timerange()).thenReturn(Optional.of(DerivedTimeRange.of(OffsetRange.Builder.builder().source("query").build())));
    final Query queryWithTimeRange = query.toBuilder().timerange(RelativeRange.create(3600)).globalOverride(GlobalOverride.builder().timerange(RelativeRange.create(600)).build()).build();
    final TimeRange result = queryWithTimeRange.effectiveTimeRange(searchType);
    assertThat(result).isEqualTo(AbsoluteRange.create("2020-01-09T16:54:55.642Z", "2020-01-09T17:04:55.642Z"));
}
Also used : DerivedTimeRange(org.graylog.plugins.views.search.timeranges.DerivedTimeRange) TimeRange(org.graylog2.plugin.indexer.searches.timeranges.TimeRange) Test(org.junit.Test)

Example 10 with InvalidRangeParametersException

use of org.graylog2.plugin.indexer.searches.timeranges.InvalidRangeParametersException in project graylog2-server by Graylog2.

the class EntityConverter method convert.

public ViewEntity convert(DashboardEntity dashboardEntity, Map<String, ValueReference> parameters) {
    this.parameters = parameters;
    this.dashboardEntity = dashboardEntity;
    final String queryId = UUID.randomUUID().toString();
    final Map<DashboardWidgetEntity, List<WidgetEntity>> widgets = convertWidgets();
    final Map<String, WidgetPositionDTO> widgetPositionMap = DashboardEntity.positionMap(parameters, widgets);
    final Titles titles = DashboardEntity.widgetTitles(widgets, parameters);
    final Map<String, Set<String>> widgetMapping = new HashMap<>();
    final Set<SearchTypeEntity> searchTypes = new HashSet<>();
    createSearchTypes(widgets, widgetMapping, searchTypes);
    SearchEntity searchEntity;
    try {
        searchEntity = createSearchEntity(queryId, searchTypes);
    } catch (InvalidRangeParametersException e) {
        throw new IllegalArgumentException("The provided entity does not have a valid TimeRange", e);
    }
    final ViewStateEntity viewStateEntity = ViewStateEntity.builder().widgets(widgets.values().stream().flatMap(Collection::stream).collect(Collectors.toSet())).titles(titles).widgetMapping(widgetMapping).widgetPositions(widgetPositionMap).build();
    final Map<String, ViewStateEntity> viewStateEntityMap = ImmutableMap.of(queryId, viewStateEntity);
    return ViewEntity.builder().search(searchEntity).state(viewStateEntityMap).title(dashboardEntity.title()).properties(Collections.emptySet()).description(dashboardEntity.description()).requires(Collections.emptyMap()).summary(ValueReference.of("Converted Dashboard")).createdAt(DateTime.now(DateTimeZone.UTC)).type(ViewEntity.Type.DASHBOARD).build();
}
Also used : ViewStateEntity(org.graylog2.contentpacks.model.entities.ViewStateEntity) SearchTypeEntity(org.graylog2.contentpacks.model.entities.SearchTypeEntity) HashSet(java.util.HashSet) ImmutableSet(com.google.common.collect.ImmutableSet) Set(java.util.Set) InvalidRangeParametersException(org.graylog2.plugin.indexer.searches.timeranges.InvalidRangeParametersException) HashMap(java.util.HashMap) ElasticsearchQueryString(org.graylog.plugins.views.search.elasticsearch.ElasticsearchQueryString) Titles(org.graylog.plugins.views.search.views.Titles) SearchEntity(org.graylog2.contentpacks.model.entities.SearchEntity) DashboardWidgetEntity(org.graylog2.contentpacks.model.entities.DashboardWidgetEntity) Collection(java.util.Collection) List(java.util.List) WidgetPositionDTO(org.graylog.plugins.views.search.views.WidgetPositionDTO) HashSet(java.util.HashSet)

Aggregations

TimeRange (org.graylog2.plugin.indexer.searches.timeranges.TimeRange)13 DerivedTimeRange (org.graylog.plugins.views.search.timeranges.DerivedTimeRange)10 Test (org.junit.Test)9 InvalidRangeParametersException (org.graylog2.plugin.indexer.searches.timeranges.InvalidRangeParametersException)8 BasicDBObject (com.mongodb.BasicDBObject)3 DashboardWidget (org.graylog2.dashboards.widgets.DashboardWidget)3 InvalidWidgetConfigurationException (org.graylog2.dashboards.widgets.InvalidWidgetConfigurationException)3 ResultMessage (org.graylog2.indexer.results.ResultMessage)3 Message (org.graylog2.plugin.Message)3 MessageSummary (org.graylog2.plugin.MessageSummary)3 Timed (com.codahale.metrics.annotation.Timed)2 ApiOperation (io.swagger.annotations.ApiOperation)2 ApiResponses (io.swagger.annotations.ApiResponses)2 HashMap (java.util.HashMap)2 List (java.util.List)2 Map (java.util.Map)2 BadRequestException (javax.ws.rs.BadRequestException)2 Produces (javax.ws.rs.Produces)2 ElasticsearchQueryString (org.graylog.plugins.views.search.elasticsearch.ElasticsearchQueryString)2 SearchConfig (org.graylog.plugins.views.search.engine.SearchConfig)2