Examples with Result org.graylog2.plugin.inputs.Extractor.Result used on opensource projects

Search in sources :

Example 66 with Result

use of org.graylog2.plugin.inputs.Extractor.Result in project graylog2-server by Graylog2.

the class RelativeSearchResource method searchRelative.

@GET
@Timed
@ApiOperation(value = "Message search with relative timerange.", notes = "Search for messages in a relative timerange, specified as seconds from now. " + "Example: 300 means search from 5 minutes ago to now.")
@ApiResponses(value = { @ApiResponse(code = 400, message = "Invalid timerange parameters provided.") })
@Produces(MediaType.APPLICATION_JSON)
public SearchResponse searchRelative(@ApiParam(name = "query", value = "Query (Lucene syntax)", required = true) @QueryParam("query") @NotEmpty String query, @ApiParam(name = "range", value = "Relative timeframe to search in. See method description.", required = true) @QueryParam("range") int range, @ApiParam(name = "limit", value = "Maximum number of messages to return.", required = false) @QueryParam("limit") int limit, @ApiParam(name = "offset", value = "Offset", required = false) @QueryParam("offset") int offset, @ApiParam(name = "filter", value = "Filter", required = false) @QueryParam("filter") String filter, @ApiParam(name = "fields", value = "Comma separated list of fields to return", required = false) @QueryParam("fields") String fields, @ApiParam(name = "sort", value = "Sorting (field:asc / field:desc)", required = false) @QueryParam("sort") String sort, @ApiParam(name = "decorate", value = "Run decorators on search result", required = false) @QueryParam("decorate") @DefaultValue("true") boolean decorate) {
    checkSearchPermission(filter, RestPermissions.SEARCHES_RELATIVE);
    final List<String> fieldList = parseOptionalFields(fields);
    final Sorting sorting = buildSorting(sort);
    final TimeRange timeRange = buildRelativeTimeRange(range);
    final SearchesConfig searchesConfig = SearchesConfig.builder().query(query).filter(filter).fields(fieldList).range(timeRange).limit(limit).offset(offset).sorting(sorting).build();
    final Optional<String> streamId = Searches.extractStreamId(filter);
    try {
        return buildSearchResponse(searches.search(searchesConfig), timeRange, decorate, streamId);
    } catch (SearchPhaseExecutionException e) {
        throw createRequestExceptionForParseFailure(query, e);
    }
}
Also used : TimeRange(org.graylog2.plugin.indexer.searches.timeranges.TimeRange) SearchesConfig(org.graylog2.indexer.searches.SearchesConfig) SearchPhaseExecutionException(org.elasticsearch.action.search.SearchPhaseExecutionException) Sorting(org.graylog2.indexer.searches.Sorting) Produces(javax.ws.rs.Produces) Timed(com.codahale.metrics.annotation.Timed) GET(javax.ws.rs.GET) ApiOperation(io.swagger.annotations.ApiOperation) ApiResponses(io.swagger.annotations.ApiResponses)

Example 67 with Result

use of org.graylog2.plugin.inputs.Extractor.Result in project graylog2-server by Graylog2.

the class StreamAlertConditionResource method create.

@POST
@Timed
@ApiOperation(value = "Create an alert condition")
@ApiResponses(value = { @ApiResponse(code = 404, message = "Stream not found."), @ApiResponse(code = 400, message = "Invalid ObjectId.") })
@AuditEvent(type = AuditEventTypes.ALERT_CONDITION_CREATE)
public Response create(@ApiParam(name = "streamId", value = "The stream id this new alert condition belongs to.", required = true) @PathParam("streamId") String streamid, @ApiParam(name = "JSON body", required = true) @Valid @NotNull CreateConditionRequest ccr) throws NotFoundException, ValidationException {
    checkPermission(RestPermissions.STREAMS_EDIT, streamid);
    final Stream stream = streamService.load(streamid);
    try {
        final AlertCondition alertCondition = alertService.fromRequest(convertConfigurationInRequest(ccr), stream, getCurrentUser().getName());
        streamService.addAlertCondition(stream, alertCondition);
        final Map<String, String> result = ImmutableMap.of("alert_condition_id", alertCondition.getId());
        final URI alertConditionUri = getUriBuilderToSelf().path(StreamAlertConditionResource.class).path("{conditionId}").build(stream.getId(), alertCondition.getId());
        return Response.created(alertConditionUri).entity(result).build();
    } catch (ConfigurationException e) {
        throw new BadRequestException("Invalid alert condition parameters", e);
    }
}
Also used : ConfigurationException(org.graylog2.plugin.configuration.ConfigurationException) AlertCondition(org.graylog2.plugin.alarms.AlertCondition) BadRequestException(javax.ws.rs.BadRequestException) Stream(org.graylog2.plugin.streams.Stream) URI(java.net.URI) POST(javax.ws.rs.POST) Timed(com.codahale.metrics.annotation.Timed) ApiOperation(io.swagger.annotations.ApiOperation) AuditEvent(org.graylog2.audit.jersey.AuditEvent) ApiResponses(io.swagger.annotations.ApiResponses)

Example 68 with Result

use of org.graylog2.plugin.inputs.Extractor.Result in project graylog2-server by Graylog2.

the class AbsoluteSearchResource method searchAbsolute.

@GET
@Timed
@ApiOperation(value = "Message search with absolute timerange.", notes = "Search for messages using an absolute timerange, specified as from/to " + "with format yyyy-MM-ddTHH:mm:ss.SSSZ (e.g. 2014-01-23T15:34:49.000Z) or yyyy-MM-dd HH:mm:ss.")
@Produces(MediaType.APPLICATION_JSON)
@ApiResponses(value = { @ApiResponse(code = 400, message = "Invalid timerange parameters provided.") })
public SearchResponse searchAbsolute(@ApiParam(name = "query", value = "Query (Lucene syntax)", required = true) @QueryParam("query") @NotEmpty String query, @ApiParam(name = "from", value = "Timerange start. See description for date format", required = true) @QueryParam("from") String from, @ApiParam(name = "to", value = "Timerange end. See description for date format", required = true) @QueryParam("to") String to, @ApiParam(name = "limit", value = "Maximum number of messages to return.", required = false) @QueryParam("limit") int limit, @ApiParam(name = "offset", value = "Offset", required = false) @QueryParam("offset") int offset, @ApiParam(name = "filter", value = "Filter", required = false) @QueryParam("filter") String filter, @ApiParam(name = "fields", value = "Comma separated list of fields to return", required = false) @QueryParam("fields") String fields, @ApiParam(name = "sort", value = "Sorting (field:asc / field:desc)", required = false) @QueryParam("sort") String sort, @ApiParam(name = "decorate", value = "Run decorators on search result", required = false) @QueryParam("decorate") @DefaultValue("true") boolean decorate) {
    checkSearchPermission(filter, RestPermissions.SEARCHES_ABSOLUTE);
    final Sorting sorting = buildSorting(sort);
    final List<String> fieldList = parseOptionalFields(fields);
    TimeRange timeRange = buildAbsoluteTimeRange(from, to);
    final SearchesConfig searchesConfig = SearchesConfig.builder().query(query).filter(filter).fields(fieldList).range(timeRange).limit(limit).offset(offset).sorting(sorting).build();
    final Optional<String> streamId = Searches.extractStreamId(filter);
    try {
        return buildSearchResponse(searches.search(searchesConfig), timeRange, decorate, streamId);
    } catch (SearchPhaseExecutionException e) {
        throw createRequestExceptionForParseFailure(query, e);
    }
}
Also used : TimeRange(org.graylog2.plugin.indexer.searches.timeranges.TimeRange) SearchesConfig(org.graylog2.indexer.searches.SearchesConfig) SearchPhaseExecutionException(org.elasticsearch.action.search.SearchPhaseExecutionException) Sorting(org.graylog2.indexer.searches.Sorting) Produces(javax.ws.rs.Produces) Timed(com.codahale.metrics.annotation.Timed) GET(javax.ws.rs.GET) ApiOperation(io.swagger.annotations.ApiOperation) ApiResponses(io.swagger.annotations.ApiResponses)

Example 69 with Result

use of org.graylog2.plugin.inputs.Extractor.Result in project graylog2-server by Graylog2.

the class FieldContentValueAlertConditionTest method testRunNoMatchingMessages.

@Test
public void testRunNoMatchingMessages() throws Exception {
    final SearchHits searchHits = mock(SearchHits.class);
    when(searchHits.iterator()).thenReturn(Collections.<SearchHit>emptyIterator());
    final DateTime now = DateTime.now(DateTimeZone.UTC);
    final IndexRange indexRange = MongoIndexRange.create("graylog_test", now.minusDays(1), now, now, 0);
    final Set<IndexRange> indexRanges = Sets.newHashSet(indexRange);
    final SearchResult searchResult = spy(new SearchResult(searchHits, indexRanges, "message:something", null, new TimeValue(100, TimeUnit.MILLISECONDS)));
    when(searches.search(anyString(), anyString(), any(RelativeRange.class), anyInt(), anyInt(), any(Sorting.class))).thenReturn(searchResult);
    final FieldContentValueAlertCondition condition = getCondition(getParametersMap(0, "message", "something"), alertConditionTitle);
    final AlertCondition.CheckResult result = condition.runCheck();
    assertNotTriggered(result);
}
Also used : IndexRange(org.graylog2.indexer.ranges.IndexRange) MongoIndexRange(org.graylog2.indexer.ranges.MongoIndexRange) RelativeRange(org.graylog2.plugin.indexer.searches.timeranges.RelativeRange) AbstractAlertCondition(org.graylog2.alerts.AbstractAlertCondition) AlertCondition(org.graylog2.plugin.alarms.AlertCondition) SearchResult(org.graylog2.indexer.results.SearchResult) SearchHits(org.elasticsearch.search.SearchHits) DateTime(org.joda.time.DateTime) TimeValue(org.elasticsearch.common.unit.TimeValue) Sorting(org.graylog2.indexer.searches.Sorting) Test(org.junit.Test) AlertConditionTest(org.graylog2.alerts.AlertConditionTest)

Example 70 with Result

use of org.graylog2.plugin.inputs.Extractor.Result in project graylog2-server by Graylog2.

the class FieldContentValueAlertConditionTest method testRunMatchingMessagesInStream.

@Test
public void testRunMatchingMessagesInStream() throws Exception {
    final SearchHits searchHits = mock(SearchHits.class);
    final SearchHit searchHit = mock(SearchHit.class);
    final HashMap<String, Object> source = Maps.newHashMap();
    source.put("message", "something is in here");
    when(searchHit.getId()).thenReturn("some id");
    when(searchHit.getSource()).thenReturn(source);
    when(searchHit.getIndex()).thenReturn("graylog_test");
    when(searchHits.iterator()).thenReturn(Iterators.singletonIterator(searchHit));
    final DateTime now = DateTime.now(DateTimeZone.UTC);
    final IndexRange indexRange = MongoIndexRange.create("graylog_test", now.minusDays(1), now, now, 0);
    final Set<IndexRange> indexRanges = Sets.newHashSet(indexRange);
    final SearchResult searchResult = spy(new SearchResult(searchHits, indexRanges, "message:something", null, new TimeValue(100, TimeUnit.MILLISECONDS)));
    when(searchResult.getTotalResults()).thenReturn(1L);
    when(searches.search(anyString(), anyString(), any(RelativeRange.class), anyInt(), anyInt(), any(Sorting.class))).thenReturn(searchResult);
    final FieldContentValueAlertCondition condition = getCondition(getParametersMap(0, "message", "something"), "Alert Condition for testing");
    final AlertCondition.CheckResult result = condition.runCheck();
    assertTriggered(condition, result);
}
Also used : SearchHit(org.elasticsearch.search.SearchHit) SearchResult(org.graylog2.indexer.results.SearchResult) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) DateTime(org.joda.time.DateTime) Sorting(org.graylog2.indexer.searches.Sorting) IndexRange(org.graylog2.indexer.ranges.IndexRange) MongoIndexRange(org.graylog2.indexer.ranges.MongoIndexRange) RelativeRange(org.graylog2.plugin.indexer.searches.timeranges.RelativeRange) AbstractAlertCondition(org.graylog2.alerts.AbstractAlertCondition) AlertCondition(org.graylog2.plugin.alarms.AlertCondition) SearchHits(org.elasticsearch.search.SearchHits) TimeValue(org.elasticsearch.common.unit.TimeValue) Test(org.junit.Test) AlertConditionTest(org.graylog2.alerts.AlertConditionTest)

Aggregations

Test (org.junit.Test)73 Message (org.graylog2.plugin.Message)51 Result (org.graylog2.plugin.inputs.Extractor.Result)27 Callable (java.util.concurrent.Callable)26 Stream (org.graylog2.plugin.streams.Stream)20 StreamRule (org.graylog2.plugin.streams.StreamRule)19 DateTime (org.joda.time.DateTime)18 Timed (com.codahale.metrics.annotation.Timed)13 ApiOperation (io.swagger.annotations.ApiOperation)13 AlertCondition (org.graylog2.plugin.alarms.AlertCondition)12 ApiResponses (io.swagger.annotations.ApiResponses)11 Produces (javax.ws.rs.Produces)9 AuditEvent (org.graylog2.audit.jersey.AuditEvent)9 Function (com.google.common.base.Function)8 UsingDataSet (com.lordofthejars.nosqlunit.annotation.UsingDataSet)8 ZonedDateTime (java.time.ZonedDateTime)8 AbstractAlertCondition (org.graylog2.alerts.AbstractAlertCondition)8 Sorting (org.graylog2.indexer.searches.Sorting)8 URI (java.net.URI)7 MessageSummary (org.graylog2.plugin.MessageSummary)7
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial