Example 41 with Result
use of org.graylog2.plugin.inputs.Extractor.Result in project graylog2-server by Graylog2.
the class ExtractorTest method testCursorStrategyCutIfBeginAndEndIndexAreDisabled.
@Test
public void testCursorStrategyCutIfBeginAndEndIndexAreDisabled() throws Exception {
final TestExtractor extractor = new TestExtractor.Builder().cursorStrategy(CUT).sourceField("msg").callback(new Callable<Result[]>() {
@Override
public Result[] call() throws Exception {
return new Result[] { new Result("the", -1, -1) };
}
}).build();
final Message msg = createMessage("message");
msg.addField("msg", "the hello");
extractor.runExtractor(msg);
// If the begin and end index is -1, the source field should not be modified.
assertThat(msg.getField("msg")).isEqualTo("the hello");
}Example 42 with Result
use of org.graylog2.plugin.inputs.Extractor.Result in project graylog2-server by Graylog2.
the class ExtractorTest method testWithOneTargetValueResult.
@Test
public void testWithOneTargetValueResult() throws Exception {
final TestExtractor extractor = new TestExtractor.Builder().callback(new Callable<Result[]>() {
@Override
public Result[] call() throws Exception {
return new Result[] { new Result("hello", "world", -1, -1) };
}
}).build();
final Message msg = createMessage("the hello");
extractor.runExtractor(msg);
assertThat(msg.hasField("target")).isFalse();
assertThat(msg.getField("world")).isEqualTo("hello");
}Example 43 with Result
use of org.graylog2.plugin.inputs.Extractor.Result in project graylog2-server by Graylog2.
the class ExtractorTest method testConvertersThatReturnNullValue.
@Test
public void testConvertersThatReturnNullValue() throws Exception {
final Converter converter = new TestConverter.Builder().callback(new Function<Object, Object>() {
@Nullable
@Override
public Object apply(Object input) {
return null;
}
}).build();
final TestExtractor extractor = new TestExtractor.Builder().converters(Lists.newArrayList(converter)).callback(new Callable<Result[]>() {
@Override
public Result[] call() throws Exception {
return new Result[] { new Result("1", -1, -1) };
}
}).build();
final Message msg = createMessage("message");
extractor.runExtractor(msg);
assertThat(msg.getField("target")).isNull();
}Example 44 with Result
use of org.graylog2.plugin.inputs.Extractor.Result in project graylog2-server by Graylog2.
the class FieldContentValueAlertCondition method runCheck.
@Override
public CheckResult runCheck() {
String filter = "streams:" + stream.getId();
String query = field + ":\"" + value + "\"";
Integer backlogSize = getBacklog();
boolean backlogEnabled = false;
int searchLimit = 1;
if (backlogSize != null && backlogSize > 0) {
backlogEnabled = true;
searchLimit = backlogSize;
}
try {
SearchResult result = searches.search(query, filter, RelativeRange.create(configuration.getAlertCheckInterval()), searchLimit, 0, new Sorting("timestamp", Sorting.Direction.DESC));
final List<MessageSummary> summaries;
if (backlogEnabled) {
summaries = Lists.newArrayListWithCapacity(result.getResults().size());
for (ResultMessage resultMessage : result.getResults()) {
final Message msg = resultMessage.getMessage();
summaries.add(new MessageSummary(resultMessage.getIndex(), msg));
}
} else {
summaries = Collections.emptyList();
}
final long count = result.getTotalResults();
final String resultDescription = "Stream received messages matching <" + query + "> " + "(Current grace time: " + grace + " minutes)";
if (count > 0) {
LOG.debug("Alert check <{}> found [{}] messages.", id, count);
return new CheckResult(true, this, resultDescription, Tools.nowUTC(), summaries);
} else {
LOG.debug("Alert check <{}> returned no results.", id);
return new NegativeCheckResult();
}
} catch (InvalidRangeParametersException e) {
// cannot happen lol
LOG.error("Invalid timerange.", e);
return null;
} catch (InvalidRangeFormatException e) {
// lol same here
LOG.error("Invalid timerange format.", e);
return null;
}
}
Also used :
InvalidRangeFormatException(org.graylog2.indexer.InvalidRangeFormatException)
InvalidRangeParametersException(org.graylog2.plugin.indexer.searches.timeranges.InvalidRangeParametersException)
ResultMessage(org.graylog2.indexer.results.ResultMessage)
Message(org.graylog2.plugin.Message)
SearchResult(org.graylog2.indexer.results.SearchResult)
ResultMessage(org.graylog2.indexer.results.ResultMessage)
Sorting(org.graylog2.indexer.searches.Sorting)
MessageSummary(org.graylog2.plugin.MessageSummary)
Example 45 with Result
use of org.graylog2.plugin.inputs.Extractor.Result in project graylog2-server by Graylog2.
the class FieldValueAlertCondition method runCheck.
@Override
public CheckResult runCheck() {
try {
final String filter = "streams:" + stream.getId();
// TODO we don't support cardinality yet
final FieldStatsResult fieldStatsResult = searches.fieldStats(field, "*", filter, RelativeRange.create(time * 60), false, true, false);
if (fieldStatsResult.getCount() == 0) {
LOG.debug("Alert check <{}> did not match any messages. Returning not triggered.", type);
return new NegativeCheckResult();
}
final double result;
switch(type) {
case MEAN:
result = fieldStatsResult.getMean();
break;
case MIN:
result = fieldStatsResult.getMin();
break;
case MAX:
result = fieldStatsResult.getMax();
break;
case SUM:
result = fieldStatsResult.getSum();
break;
case STDDEV:
result = fieldStatsResult.getStdDeviation();
break;
default:
LOG.error("No such field value check type: [{}]. Returning not triggered.", type);
return new NegativeCheckResult();
}
LOG.debug("Alert check <{}> result: [{}]", id, result);
if (Double.isInfinite(result)) {
// This happens when there are no ES results/docs.
LOG.debug("Infinite value. Returning not triggered.");
return new NegativeCheckResult();
}
final boolean triggered;
switch(thresholdType) {
case HIGHER:
triggered = result > threshold.doubleValue();
break;
case LOWER:
triggered = result < threshold.doubleValue();
break;
default:
triggered = false;
}
if (triggered) {
final String resultDescription = "Field " + field + " had a " + type + " of " + decimalFormat.format(result) + " in the last " + time + " minutes with trigger condition " + thresholdType + " than " + decimalFormat.format(threshold) + ". " + "(Current grace time: " + grace + " minutes)";
final List<MessageSummary> summaries;
if (getBacklog() > 0) {
final List<ResultMessage> searchResult = fieldStatsResult.getSearchHits();
summaries = Lists.newArrayListWithCapacity(searchResult.size());
for (ResultMessage resultMessage : searchResult) {
final Message msg = resultMessage.getMessage();
summaries.add(new MessageSummary(resultMessage.getIndex(), msg));
}
} else {
summaries = Collections.emptyList();
}
return new CheckResult(true, this, resultDescription, Tools.nowUTC(), summaries);
} else {
return new NegativeCheckResult();
}
} catch (InvalidRangeParametersException e) {
// cannot happen lol
LOG.error("Invalid timerange.", e);
return null;
} catch (InvalidRangeFormatException e) {
// lol same here
LOG.error("Invalid timerange format.", e);
return null;
} catch (Searches.FieldTypeException e) {
LOG.debug("Field [{}] seems not to have a numerical type or doesn't even exist at all. Returning not triggered.", field, e);
return new NegativeCheckResult();
}
}
Also used :
InvalidRangeFormatException(org.graylog2.indexer.InvalidRangeFormatException)
InvalidRangeParametersException(org.graylog2.plugin.indexer.searches.timeranges.InvalidRangeParametersException)
ResultMessage(org.graylog2.indexer.results.ResultMessage)
Message(org.graylog2.plugin.Message)
Searches(org.graylog2.indexer.searches.Searches)
ResultMessage(org.graylog2.indexer.results.ResultMessage)
FieldStatsResult(org.graylog2.indexer.results.FieldStatsResult)
MessageSummary(org.graylog2.plugin.MessageSummary)
Aggregations
Test (org.junit.Test)73
Message (org.graylog2.plugin.Message)51
Result (org.graylog2.plugin.inputs.Extractor.Result)27
Callable (java.util.concurrent.Callable)26
Stream (org.graylog2.plugin.streams.Stream)20
StreamRule (org.graylog2.plugin.streams.StreamRule)19
DateTime (org.joda.time.DateTime)18
Timed (com.codahale.metrics.annotation.Timed)13
ApiOperation (io.swagger.annotations.ApiOperation)13
AlertCondition (org.graylog2.plugin.alarms.AlertCondition)12
ApiResponses (io.swagger.annotations.ApiResponses)11
Produces (javax.ws.rs.Produces)9
AuditEvent (org.graylog2.audit.jersey.AuditEvent)9
Function (com.google.common.base.Function)8
UsingDataSet (com.lordofthejars.nosqlunit.annotation.UsingDataSet)8
ZonedDateTime (java.time.ZonedDateTime)8
AbstractAlertCondition (org.graylog2.alerts.AbstractAlertCondition)8
Sorting (org.graylog2.indexer.searches.Sorting)8
URI (java.net.URI)7
MessageSummary (org.graylog2.plugin.MessageSummary)7
