Examples with Codec org.graylog2.plugin.inputs.annotations.Codec used on opensource projects

Example 1 with Codec

use of org.graylog2.plugin.inputs.annotations.Codec in project graylog2-server by Graylog2.

the class DecodingProcessor method postProcessMessage.

@Nullable
private Message postProcessMessage(RawMessage raw, Codec codec, String inputIdOnCurrentNode, String baseMetricName, Message message, long decodeTime) {
    if (message == null) {
        metricRegistry.meter(name(baseMetricName, "failures")).mark();
        return null;
    }
    if (!message.isComplete()) {
        metricRegistry.meter(name(baseMetricName, "incomplete")).mark();
        if (LOG.isDebugEnabled()) {
            LOG.debug("Dropping incomplete message {} on input <{}>. Parsed fields: [{}]", raw, inputIdOnCurrentNode, message.getFields());
        }
        return null;
    }
    message.setMessageQueueId(raw.getMessageQueueId());
    message.recordTiming(serverStatus, "parse", decodeTime);
    metricRegistry.timer(name(baseMetricName, "parseTime")).update(decodeTime, TimeUnit.NANOSECONDS);
    for (final RawMessage.SourceNode node : raw.getSourceNodes()) {
        switch(node.type) {
            case SERVER:
                // Always use the last source node.
                if (message.getField(Message.FIELD_GL2_SOURCE_INPUT) != null) {
                    LOG.debug("Multiple server nodes ({} {}) set for message id {}", message.getField(Message.FIELD_GL2_SOURCE_INPUT), node.nodeId, message.getId());
                }
                message.addField(Message.FIELD_GL2_SOURCE_INPUT, node.inputId);
                message.addField(Message.FIELD_GL2_SOURCE_NODE, node.nodeId);
                break;
            // TODO Due to be removed in Graylog 3.x
            case RADIO:
                // Always use the last source node.
                if (message.getField(Message.FIELD_GL2_SOURCE_RADIO_INPUT) != null) {
                    LOG.debug("Multiple radio nodes ({} {}) set for message id {}", message.getField(Message.FIELD_GL2_SOURCE_RADIO_INPUT), node.nodeId, message.getId());
                }
                message.addField(Message.FIELD_GL2_SOURCE_RADIO_INPUT, node.inputId);
                message.addField(Message.FIELD_GL2_SOURCE_RADIO, node.nodeId);
                break;
        }
    }
    if (inputIdOnCurrentNode != null) {
        try {
            message.setSourceInputId(inputIdOnCurrentNode);
        } catch (RuntimeException e) {
            LOG.warn("Unable to find input with id " + inputIdOnCurrentNode + ", not setting input id in this message.", e);
        }
    }
    final ResolvableInetSocketAddress remoteAddress = raw.getRemoteAddress();
    if (remoteAddress != null) {
        final String addrString = InetAddresses.toAddrString(remoteAddress.getAddress());
        message.addField(Message.FIELD_GL2_REMOTE_IP, addrString);
        if (remoteAddress.getPort() > 0) {
            message.addField(Message.FIELD_GL2_REMOTE_PORT, remoteAddress.getPort());
        }
        if (remoteAddress.isReverseLookedUp()) {
            // avoid reverse lookup if the hostname is available
            message.addField(Message.FIELD_GL2_REMOTE_HOSTNAME, remoteAddress.getHostName());
        }
        if (Strings.isNullOrEmpty(message.getSource())) {
            message.setSource(addrString);
        }
    }
    if (codec.getConfiguration() != null && codec.getConfiguration().stringIsSet(Codec.Config.CK_OVERRIDE_SOURCE)) {
        message.setSource(codec.getConfiguration().getString(Codec.Config.CK_OVERRIDE_SOURCE));
    }
    // Make sure that there is a value for the source field.
    if (Strings.isNullOrEmpty(message.getSource())) {
        message.setSource("unknown");
    }
    // The raw message timestamp is the receive time of the message. It has been created before writing the raw
    // message to the journal.
    message.setReceiveTime(raw.getTimestamp());
    metricRegistry.meter(name(baseMetricName, "processedMessages")).mark();
    decodedTrafficCounter.inc(message.getSize());
    return message;
}

Example 2 with Codec

use of org.graylog2.plugin.inputs.annotations.Codec in project graylog2-server by Graylog2.

the class DecodingProcessor method processMessage.

private void processMessage(final MessageEvent event) throws ExecutionException {
    final RawMessage raw = event.getRaw();
    // for backwards compatibility: the last source node should contain the input we use.
    // this means that extractors etc defined on the prior inputs are silently ignored.
    // TODO fix the above
    String inputIdOnCurrentNode;
    try {
        // .inputId checked during raw message decode!
        inputIdOnCurrentNode = Iterables.getLast(raw.getSourceNodes()).inputId;
    } catch (NoSuchElementException e) {
        inputIdOnCurrentNode = null;
    }
    final Codec.Factory<? extends Codec> factory = codecFactory.get(raw.getCodecName());
    if (factory == null) {
        LOG.warn("Couldn't find factory for codec <{}>, skipping message {} on input <{}>.", raw.getCodecName(), raw, inputIdOnCurrentNode);
        return;
    }
    final Codec codec = factory.create(raw.getCodecConfig());
    final String baseMetricName = name(codec.getClass(), inputIdOnCurrentNode);
    Message message = null;
    Collection<Message> messages = null;
    final Timer.Context decodeTimeCtx = parseTime.time();
    final long decodeTime;
    try {
        // TODO The Codec interface should be changed for 2.0 to support collections of messages so we can remove this hack.
        if (codec instanceof MultiMessageCodec) {
            messages = ((MultiMessageCodec) codec).decodeMessages(raw);
        } else {
            message = codec.decode(raw);
        }
    } catch (RuntimeException e) {
        LOG.error("Unable to decode raw message {} on input <{}>.", raw, inputIdOnCurrentNode);
        metricRegistry.meter(name(baseMetricName, "failures")).mark();
        throw e;
    } finally {
        decodeTime = decodeTimeCtx.stop();
    }
    if (message != null) {
        event.setMessage(postProcessMessage(raw, codec, inputIdOnCurrentNode, baseMetricName, message, decodeTime));
    } else if (messages != null && !messages.isEmpty()) {
        final List<Message> processedMessages = Lists.newArrayListWithCapacity(messages.size());
        for (final Message msg : messages) {
            final Message processedMessage = postProcessMessage(raw, codec, inputIdOnCurrentNode, baseMetricName, msg, decodeTime);
            if (processedMessage != null) {
                processedMessages.add(processedMessage);
            }
        }
        event.setMessages(processedMessages);
    }
}

Example 3 with Codec

use of org.graylog2.plugin.inputs.annotations.Codec in project graylog2-server by Graylog2.

the class AbstractTcpTransport method getChildChannelHandlers.

@Override
protected LinkedHashMap<String, Callable<? extends ChannelHandler>> getChildChannelHandlers(MessageInput input) {
    final LinkedHashMap<String, Callable<? extends ChannelHandler>> handlers = new LinkedHashMap<>();
    final CodecAggregator aggregator = getAggregator();
    handlers.put("channel-registration", () -> new ChannelRegistrationHandler(childChannels));
    handlers.put("traffic-counter", () -> throughputCounter);
    handlers.put("connection-counter", () -> connectionCounter);
    if (tlsEnable) {
        LOG.info("Enabled TLS for input [{}/{}]. key-file=\"{}\" cert-file=\"{}\"", input.getName(), input.getId(), tlsKeyFile, tlsCertFile);
        handlers.put("tls", getSslHandlerCallable(input));
    }
    handlers.putAll(getCustomChildChannelHandlers(input));
    if (aggregator != null) {
        LOG.debug("Adding codec aggregator {} to channel pipeline", aggregator);
        handlers.put("codec-aggregator", () -> new ByteBufMessageAggregationHandler(aggregator, localRegistry));
    }
    handlers.put("rawmessage-handler", () -> new RawMessageHandler(input));
    handlers.put("exception-logger", () -> new ExceptionLoggingChannelHandler(input, LOG, this.tcpKeepalive));
    return handlers;
}

Example 4 with Codec

use of org.graylog2.plugin.inputs.annotations.Codec in project graylog2-server by Graylog2.

the class RawMessage method encode.

public byte[] encode() {
    try {
        final JournalMessages.CodecInfo codec = msgBuilder.getCodec();
        final JournalMessages.CodecInfo.Builder builder = JournalMessages.CodecInfo.newBuilder(codec);
        final String codecConfigJson = codecConfig.serializeToJson();
        if (codecConfigJson != null) {
            builder.setConfig(codecConfigJson);
        }
        msgBuilder.setCodec(builder.build());
        final JournalMessage journalMessage = msgBuilder.build();
        return journalMessage.toByteArray();
    } catch (UninitializedMessageException e) {
        log.error("Unable to write RawMessage to journal because required fields are missing, " + "this message will be discarded. This is a bug.", e);
        return null;
    }
}

Example 5 with Codec

use of org.graylog2.plugin.inputs.annotations.Codec in project graylog2-server by Graylog2.

the class Beats2CodecTest method setUp.

@Before
public void setUp() throws Exception {
    configuration = new Configuration(Collections.singletonMap("no_beats_prefix", false));
    codec = new Beats2Codec(configuration, objectMapper);
}