use of org.graylog2.plugin.inputs.annotations.Codec in project graylog2-server by Graylog2.
the class DecodingProcessor method postProcessMessage.
@Nullable
private Message postProcessMessage(RawMessage raw, Codec codec, String inputIdOnCurrentNode, String baseMetricName, Message message, long decodeTime) {
if (message == null) {
metricRegistry.meter(name(baseMetricName, "failures")).mark();
return null;
}
if (!message.isComplete()) {
metricRegistry.meter(name(baseMetricName, "incomplete")).mark();
if (LOG.isDebugEnabled()) {
LOG.debug("Dropping incomplete message {} on input <{}>. Parsed fields: [{}]", raw, inputIdOnCurrentNode, message.getFields());
}
return null;
}
message.setMessageQueueId(raw.getMessageQueueId());
message.recordTiming(serverStatus, "parse", decodeTime);
metricRegistry.timer(name(baseMetricName, "parseTime")).update(decodeTime, TimeUnit.NANOSECONDS);
for (final RawMessage.SourceNode node : raw.getSourceNodes()) {
switch(node.type) {
case SERVER:
// Always use the last source node.
if (message.getField(Message.FIELD_GL2_SOURCE_INPUT) != null) {
LOG.debug("Multiple server nodes ({} {}) set for message id {}", message.getField(Message.FIELD_GL2_SOURCE_INPUT), node.nodeId, message.getId());
}
message.addField(Message.FIELD_GL2_SOURCE_INPUT, node.inputId);
message.addField(Message.FIELD_GL2_SOURCE_NODE, node.nodeId);
break;
// TODO Due to be removed in Graylog 3.x
case RADIO:
// Always use the last source node.
if (message.getField(Message.FIELD_GL2_SOURCE_RADIO_INPUT) != null) {
LOG.debug("Multiple radio nodes ({} {}) set for message id {}", message.getField(Message.FIELD_GL2_SOURCE_RADIO_INPUT), node.nodeId, message.getId());
}
message.addField(Message.FIELD_GL2_SOURCE_RADIO_INPUT, node.inputId);
message.addField(Message.FIELD_GL2_SOURCE_RADIO, node.nodeId);
break;
}
}
if (inputIdOnCurrentNode != null) {
try {
message.setSourceInputId(inputIdOnCurrentNode);
} catch (RuntimeException e) {
LOG.warn("Unable to find input with id " + inputIdOnCurrentNode + ", not setting input id in this message.", e);
}
}
final ResolvableInetSocketAddress remoteAddress = raw.getRemoteAddress();
if (remoteAddress != null) {
final String addrString = InetAddresses.toAddrString(remoteAddress.getAddress());
message.addField(Message.FIELD_GL2_REMOTE_IP, addrString);
if (remoteAddress.getPort() > 0) {
message.addField(Message.FIELD_GL2_REMOTE_PORT, remoteAddress.getPort());
}
if (remoteAddress.isReverseLookedUp()) {
// avoid reverse lookup if the hostname is available
message.addField(Message.FIELD_GL2_REMOTE_HOSTNAME, remoteAddress.getHostName());
}
if (Strings.isNullOrEmpty(message.getSource())) {
message.setSource(addrString);
}
}
if (codec.getConfiguration() != null && codec.getConfiguration().stringIsSet(Codec.Config.CK_OVERRIDE_SOURCE)) {
message.setSource(codec.getConfiguration().getString(Codec.Config.CK_OVERRIDE_SOURCE));
}
// Make sure that there is a value for the source field.
if (Strings.isNullOrEmpty(message.getSource())) {
message.setSource("unknown");
}
// The raw message timestamp is the receive time of the message. It has been created before writing the raw
// message to the journal.
message.setReceiveTime(raw.getTimestamp());
metricRegistry.meter(name(baseMetricName, "processedMessages")).mark();
decodedTrafficCounter.inc(message.getSize());
return message;
}
use of org.graylog2.plugin.inputs.annotations.Codec in project graylog2-server by Graylog2.
the class DecodingProcessor method processMessage.
private void processMessage(final MessageEvent event) throws ExecutionException {
final RawMessage raw = event.getRaw();
// for backwards compatibility: the last source node should contain the input we use.
// this means that extractors etc defined on the prior inputs are silently ignored.
// TODO fix the above
String inputIdOnCurrentNode;
try {
// .inputId checked during raw message decode!
inputIdOnCurrentNode = Iterables.getLast(raw.getSourceNodes()).inputId;
} catch (NoSuchElementException e) {
inputIdOnCurrentNode = null;
}
final Codec.Factory<? extends Codec> factory = codecFactory.get(raw.getCodecName());
if (factory == null) {
LOG.warn("Couldn't find factory for codec <{}>, skipping message {} on input <{}>.", raw.getCodecName(), raw, inputIdOnCurrentNode);
return;
}
final Codec codec = factory.create(raw.getCodecConfig());
final String baseMetricName = name(codec.getClass(), inputIdOnCurrentNode);
Message message = null;
Collection<Message> messages = null;
final Timer.Context decodeTimeCtx = parseTime.time();
final long decodeTime;
try {
// TODO The Codec interface should be changed for 2.0 to support collections of messages so we can remove this hack.
if (codec instanceof MultiMessageCodec) {
messages = ((MultiMessageCodec) codec).decodeMessages(raw);
} else {
message = codec.decode(raw);
}
} catch (RuntimeException e) {
LOG.error("Unable to decode raw message {} on input <{}>.", raw, inputIdOnCurrentNode);
metricRegistry.meter(name(baseMetricName, "failures")).mark();
throw e;
} finally {
decodeTime = decodeTimeCtx.stop();
}
if (message != null) {
event.setMessage(postProcessMessage(raw, codec, inputIdOnCurrentNode, baseMetricName, message, decodeTime));
} else if (messages != null && !messages.isEmpty()) {
final List<Message> processedMessages = Lists.newArrayListWithCapacity(messages.size());
for (final Message msg : messages) {
final Message processedMessage = postProcessMessage(raw, codec, inputIdOnCurrentNode, baseMetricName, msg, decodeTime);
if (processedMessage != null) {
processedMessages.add(processedMessage);
}
}
event.setMessages(processedMessages);
}
}
use of org.graylog2.plugin.inputs.annotations.Codec in project graylog2-server by Graylog2.
the class AbstractTcpTransport method getChildChannelHandlers.
@Override
protected LinkedHashMap<String, Callable<? extends ChannelHandler>> getChildChannelHandlers(MessageInput input) {
final LinkedHashMap<String, Callable<? extends ChannelHandler>> handlers = new LinkedHashMap<>();
final CodecAggregator aggregator = getAggregator();
handlers.put("channel-registration", () -> new ChannelRegistrationHandler(childChannels));
handlers.put("traffic-counter", () -> throughputCounter);
handlers.put("connection-counter", () -> connectionCounter);
if (tlsEnable) {
LOG.info("Enabled TLS for input [{}/{}]. key-file=\"{}\" cert-file=\"{}\"", input.getName(), input.getId(), tlsKeyFile, tlsCertFile);
handlers.put("tls", getSslHandlerCallable(input));
}
handlers.putAll(getCustomChildChannelHandlers(input));
if (aggregator != null) {
LOG.debug("Adding codec aggregator {} to channel pipeline", aggregator);
handlers.put("codec-aggregator", () -> new ByteBufMessageAggregationHandler(aggregator, localRegistry));
}
handlers.put("rawmessage-handler", () -> new RawMessageHandler(input));
handlers.put("exception-logger", () -> new ExceptionLoggingChannelHandler(input, LOG, this.tcpKeepalive));
return handlers;
}
use of org.graylog2.plugin.inputs.annotations.Codec in project graylog2-server by Graylog2.
the class RawMessage method encode.
public byte[] encode() {
try {
final JournalMessages.CodecInfo codec = msgBuilder.getCodec();
final JournalMessages.CodecInfo.Builder builder = JournalMessages.CodecInfo.newBuilder(codec);
final String codecConfigJson = codecConfig.serializeToJson();
if (codecConfigJson != null) {
builder.setConfig(codecConfigJson);
}
msgBuilder.setCodec(builder.build());
final JournalMessage journalMessage = msgBuilder.build();
return journalMessage.toByteArray();
} catch (UninitializedMessageException e) {
log.error("Unable to write RawMessage to journal because required fields are missing, " + "this message will be discarded. This is a bug.", e);
return null;
}
}
use of org.graylog2.plugin.inputs.annotations.Codec in project graylog2-server by Graylog2.
the class Beats2CodecTest method setUp.
@Before
public void setUp() throws Exception {
configuration = new Configuration(Collections.singletonMap("no_beats_prefix", false));
codec = new Beats2Codec(configuration, objectMapper);
}
Aggregations