Example 46 with RawMessage
use of org.graylog2.plugin.journal.RawMessage in project graylog2-server by Graylog2.
the class GelfCodecTest method decodeFailsWithWrongTypeForShortMessage.
@Test
public void decodeFailsWithWrongTypeForShortMessage() throws Exception {
final String json = "{" + "\"version\": \"1.1\"," + "\"host\": \"example.org\"," + "\"short_message\": 42" + "}";
final RawMessage rawMessage = new RawMessage(json.getBytes(StandardCharsets.UTF_8));
assertThatIllegalArgumentException().isThrownBy(() -> codec.decode(rawMessage)).withNoCause().withMessageMatching("GELF message <[0-9a-f-]+> has invalid \"short_message\": 42");
}
Also used :
RawMessage(org.graylog2.plugin.journal.RawMessage)
Test(org.junit.Test)
Example 47 with RawMessage
use of org.graylog2.plugin.journal.RawMessage in project graylog2-server by Graylog2.
the class GelfCodecTest method decodeFailsWithEmptyShortMessage.
@Test
public void decodeFailsWithEmptyShortMessage() throws Exception {
final String json = "{" + "\"version\": \"1.1\"," + "\"host\": \"example.org\"," + "\"short_message\": \"\"" + "}";
final RawMessage rawMessage = new RawMessage(json.getBytes(StandardCharsets.UTF_8));
assertThatIllegalArgumentException().isThrownBy(() -> codec.decode(rawMessage)).withNoCause().withMessageMatching("GELF message <[0-9a-f-]+> has empty mandatory \"short_message\" field.");
}
Also used :
RawMessage(org.graylog2.plugin.journal.RawMessage)
Test(org.junit.Test)
Example 48 with RawMessage
use of org.graylog2.plugin.journal.RawMessage in project graylog2-server by Graylog2.
the class GelfCodecTest method decodeSucceedsWithoutShortMessageButWithMessage.
@Test
public void decodeSucceedsWithoutShortMessageButWithMessage() throws Exception {
final String json = "{" + "\"version\": \"1.1\"," + "\"host\": \"example.org\"," + "\"message\": \"A short message that helps you identify what is going on\"" + "}";
final RawMessage rawMessage = new RawMessage(json.getBytes(StandardCharsets.UTF_8));
final Message message = codec.decode(rawMessage);
assertThat(message).isNotNull();
}
Also used :
RawMessage(org.graylog2.plugin.journal.RawMessage)
Message(org.graylog2.plugin.Message)
RawMessage(org.graylog2.plugin.journal.RawMessage)
Test(org.junit.Test)
Example 49 with RawMessage
use of org.graylog2.plugin.journal.RawMessage in project graylog2-server by Graylog2.
the class JournalDecode method runCommand.
@Override
protected void runCommand() {
Range<Long> range;
try {
final List<String> offsets = Splitter.on("..").limit(2).splitToList(rangeArg);
if (offsets.size() == 1) {
range = Range.singleton(Long.valueOf(offsets.get(0)));
} else if (offsets.size() == 2) {
final String first = offsets.get(0);
final String second = offsets.get(1);
if (first.isEmpty()) {
range = Range.atMost(Long.valueOf(second));
} else if (second.isEmpty()) {
range = Range.atLeast(Long.valueOf(first));
} else {
range = Range.closed(Long.valueOf(first), Long.valueOf(second));
}
} else {
throw new RuntimeException();
}
} catch (Exception e) {
System.err.println("Malformed offset range: " + rangeArg);
return;
}
final Map<String, Codec.Factory<? extends Codec>> codecFactory = injector.getInstance(Key.get(new TypeLiteral<Map<String, Codec.Factory<? extends Codec>>>() {
}));
final Long readOffset = range.lowerEndpoint();
final long count = range.upperEndpoint() - range.lowerEndpoint() + 1;
final List<Journal.JournalReadEntry> entries = journal.read(readOffset, count);
for (final Journal.JournalReadEntry entry : entries) {
final RawMessage raw = RawMessage.decode(entry.getPayload(), entry.getOffset());
if (raw == null) {
System.err.println(MessageFormatter.format("Journal entry at offset {} failed to decode", entry.getOffset()));
continue;
}
final Codec codec = codecFactory.get(raw.getCodecName()).create(raw.getCodecConfig());
final Message message = codec.decode(raw);
if (message == null) {
System.err.println(MessageFormatter.format("Could not use codec {} to decode raw message id {} at offset {}", new Object[] { raw.getCodecName(), raw.getId(), entry.getOffset() }));
} else {
message.setMessageQueueId(raw.getMessageQueueId());
}
final ResolvableInetSocketAddress remoteAddress = raw.getRemoteAddress();
final String remote = remoteAddress == null ? "unknown address" : remoteAddress.getInetSocketAddress().toString();
final StringBuffer sb = new StringBuffer();
sb.append("Message ").append(raw.getId()).append('\n').append(" at ").append(raw.getTimestamp()).append('\n').append(" in format ").append(raw.getCodecName()).append('\n').append(" at offset ").append(raw.getMessageQueueId()).append('\n').append(" received from remote address ").append(remote).append('\n').append(" (source field: ").append(message == null ? "unparsed" : message.getSource()).append(')').append('\n');
if (message != null) {
sb.append(" contains ").append(message.getFieldNames().size()).append(" fields.");
} else {
sb.append("The message could not be parse by the given codec.");
}
System.out.println(sb);
}
}
Also used :
RawMessage(org.graylog2.plugin.journal.RawMessage)
Message(org.graylog2.plugin.Message)
Journal(org.graylog2.shared.journal.Journal)
Codec(org.graylog2.plugin.inputs.codecs.Codec)
ResolvableInetSocketAddress(org.graylog2.plugin.ResolvableInetSocketAddress)
TypeLiteral(com.google.inject.TypeLiteral)
RawMessage(org.graylog2.plugin.journal.RawMessage)
Example 50 with RawMessage
use of org.graylog2.plugin.journal.RawMessage in project graylog2-server by Graylog2.
the class GelfCodec method decode.
@Nullable
@Override
public Message decode(@Nonnull final RawMessage rawMessage) {
final GELFMessage gelfMessage = new GELFMessage(rawMessage.getPayload(), rawMessage.getRemoteAddress());
final String json = gelfMessage.getJSON(decompressSizeLimit);
final JsonNode node;
try {
node = objectMapper.readTree(json);
if (node == null) {
throw new IOException("null result");
}
} catch (final Exception e) {
log.error("Could not parse JSON, first 400 characters: " + StringUtils.abbreviate(json, 403), e);
throw new IllegalStateException("JSON is null/could not be parsed (invalid JSON)", e);
}
try {
validateGELFMessage(node, rawMessage.getId(), rawMessage.getRemoteAddress());
} catch (IllegalArgumentException e) {
log.trace("Invalid GELF message <{}>", node);
throw e;
}
// Timestamp.
final double messageTimestamp = timestampValue(node);
final DateTime timestamp;
if (messageTimestamp <= 0) {
timestamp = rawMessage.getTimestamp();
} else {
// we treat this as a unix timestamp
timestamp = Tools.dateTimeFromDouble(messageTimestamp);
}
final Message message = new Message(stringValue(node, "short_message"), stringValue(node, "host"), timestamp);
message.addField(Message.FIELD_FULL_MESSAGE, stringValue(node, "full_message"));
final String file = stringValue(node, "file");
if (file != null && !file.isEmpty()) {
message.addField("file", file);
}
final long line = longValue(node, "line");
if (line > -1) {
message.addField("line", line);
}
// Level is set by server if not specified by client.
final int level = intValue(node, "level");
if (level > -1) {
message.addField("level", level);
}
// Facility is set by server if not specified by client.
final String facility = stringValue(node, "facility");
if (facility != null && !facility.isEmpty()) {
message.addField("facility", facility);
}
// Add additional data if there is some.
final Iterator<Map.Entry<String, JsonNode>> fields = node.fields();
while (fields.hasNext()) {
final Map.Entry<String, JsonNode> entry = fields.next();
String key = entry.getKey();
// Do not index useless GELF "version" field.
if ("version".equals(key)) {
continue;
}
// Don't include GELF syntax underscore in message field key.
if (key.startsWith("_") && key.length() > 1) {
key = key.substring(1);
}
// We already set short_message and host as message and source. Do not add as fields again.
if ("short_message".equals(key) || "host".equals(key)) {
continue;
}
// Skip standard or already set fields.
if (message.getField(key) != null || Message.RESERVED_FIELDS.contains(key) && !Message.RESERVED_SETTABLE_FIELDS.contains(key)) {
continue;
}
// Convert JSON containers to Strings, and pick a suitable number representation.
final JsonNode value = entry.getValue();
final Object fieldValue;
if (value.isContainerNode()) {
fieldValue = value.toString();
} else if (value.isFloatingPointNumber()) {
fieldValue = value.asDouble();
} else if (value.isIntegralNumber()) {
fieldValue = value.asLong();
} else if (value.isNull()) {
log.debug("Field [{}] is NULL. Skipping.", key);
continue;
} else if (value.isTextual()) {
fieldValue = value.asText();
} else {
log.debug("Field [{}] has unknown value type. Skipping.", key);
continue;
}
message.addField(key, fieldValue);
}
return message;
}
Also used :
RawMessage(org.graylog2.plugin.journal.RawMessage)
GELFMessage(org.graylog2.inputs.codecs.gelf.GELFMessage)
Message(org.graylog2.plugin.Message)
JsonNode(com.fasterxml.jackson.databind.JsonNode)
IOException(java.io.IOException)
IOException(java.io.IOException)
DateTime(org.joda.time.DateTime)
GELFMessage(org.graylog2.inputs.codecs.gelf.GELFMessage)
Map(java.util.Map)
Nullable(javax.annotation.Nullable)
Aggregations
RawMessage (org.graylog2.plugin.journal.RawMessage)59
Test (org.junit.Test)35
Message (org.graylog2.plugin.Message)23
InetSocketAddress (java.net.InetSocketAddress)13
IOException (java.io.IOException)7
Nullable (javax.annotation.Nullable)7
MappedMessage (org.graylog.plugins.cef.parser.MappedMessage)6
ResolvableInetSocketAddress (org.graylog2.plugin.ResolvableInetSocketAddress)6
DateTime (org.joda.time.DateTime)5
Configuration (org.graylog2.plugin.configuration.Configuration)4
ByteBuf (io.netty.buffer.ByteBuf)3
URL (java.net.URL)3
ZonedDateTime (java.time.ZonedDateTime)3
Timer (com.codahale.metrics.Timer)2
List (java.util.List)2
Map (java.util.Map)2
Properties (java.util.Properties)2
CountDownLatch (java.util.concurrent.CountDownLatch)2
NotFoundException (javax.ws.rs.NotFoundException)2
DocumentNotFoundException (org.graylog2.indexer.messages.DocumentNotFoundException)2
