use of org.graylog2.plugin.streams.StreamRule in project graylog2-server by Graylog2.
the class StreamListFingerprint method buildFingerprint.
private String buildFingerprint(List<Stream> streams) {
final MessageDigest sha1Digest = DigestUtils.getSha1Digest();
final StringBuilder sb = new StringBuilder();
for (Stream stream : Ordering.from(getStreamComparator()).sortedCopy(streams)) {
sb.append(stream.hashCode());
for (StreamRule rule : Ordering.from(getStreamRuleComparator()).sortedCopy(stream.getStreamRules())) {
sb.append(rule.hashCode());
}
for (Output output : Ordering.from(getOutputComparator()).sortedCopy(stream.getOutputs())) {
sb.append(output.hashCode());
}
}
return String.valueOf(Hex.encodeHex(sha1Digest.digest(sb.toString().getBytes(StandardCharsets.US_ASCII))));
}
use of org.graylog2.plugin.streams.StreamRule in project graylog2-server by Graylog2.
the class StreamRouterEngine method match.
/**
* Returns a list of matching streams for the given message.
*
* @param message the message
* @return the list of matching streams
*/
public List<Stream> match(Message message) {
final Set<Stream> result = Sets.newHashSet();
final Set<Stream> blackList = Sets.newHashSet();
for (final Rule rule : rulesList) {
if (blackList.contains(rule.getStream())) {
continue;
}
final StreamRule streamRule = rule.getStreamRule();
final StreamRuleType streamRuleType = streamRule.getType();
final Stream.MatchingType matchingType = rule.getMatchingType();
if (!ruleTypesNotNeedingFieldPresence.contains(streamRuleType) && !message.hasField(streamRule.getField())) {
if (matchingType == Stream.MatchingType.AND) {
result.remove(rule.getStream());
// blacklist stream because it can't match anymore
blackList.add(rule.getStream());
}
continue;
}
final Stream stream;
if (streamRuleType != StreamRuleType.REGEX) {
stream = rule.match(message);
} else {
stream = rule.matchWithTimeOut(message, streamProcessingTimeout, TimeUnit.MILLISECONDS);
}
if (stream == null) {
if (matchingType == Stream.MatchingType.AND) {
result.remove(rule.getStream());
// blacklist stream because it can't match anymore
blackList.add(rule.getStream());
}
} else {
result.add(stream);
if (matchingType == Stream.MatchingType.OR) {
// blacklist stream because it is already matched
blackList.add(rule.getStream());
}
}
}
final Stream defaultStream = defaultStreamProvider.get();
boolean alreadyRemovedDefaultStream = false;
for (Stream stream : result) {
streamMetrics.markIncomingMeter(stream.getId());
if (stream.getRemoveMatchesFromDefaultStream()) {
if (alreadyRemovedDefaultStream || message.removeStream(defaultStream)) {
alreadyRemovedDefaultStream = true;
if (LOG.isTraceEnabled()) {
LOG.trace("Successfully removed default stream <{}> from message <{}>", defaultStream.getId(), message.getId());
}
} else {
if (LOG.isWarnEnabled()) {
LOG.warn("Couldn't remove default stream <{}> from message <{}>", defaultStream.getId(), message.getId());
}
}
}
}
// or someone removed it, in which case we don't mark it.
if (!alreadyRemovedDefaultStream) {
streamMetrics.markIncomingMeter(defaultStream.getId());
}
return ImmutableList.copyOf(result);
}
use of org.graylog2.plugin.streams.StreamRule in project graylog2-server by Graylog2.
the class StreamRuleServiceImpl method loadForStreamId.
@Override
public List<StreamRule> loadForStreamId(String streamId) throws NotFoundException {
ObjectId id = new ObjectId(streamId);
final List<StreamRule> streamRules = new ArrayList<>();
final List<DBObject> respStreamRules = query(StreamRuleImpl.class, new BasicDBObject(StreamRuleImpl.FIELD_STREAM_ID, id));
for (DBObject streamRule : respStreamRules) {
streamRules.add(toStreamRule(streamRule));
}
return streamRules;
}
use of org.graylog2.plugin.streams.StreamRule in project graylog2-server by Graylog2.
the class StreamServiceImpl method load.
public Stream load(ObjectId id) throws NotFoundException {
final DBObject o = get(StreamImpl.class, id);
if (o == null) {
throw new NotFoundException("Stream <" + id + "> not found!");
}
final List<StreamRule> streamRules = streamRuleService.loadForStreamId(id.toHexString());
final Set<Output> outputs = loadOutputsForRawStream(o);
@SuppressWarnings("unchecked") final Map<String, Object> fields = o.toMap();
return new StreamImpl((ObjectId) o.get("_id"), fields, streamRules, outputs, getIndexSet(o));
}
use of org.graylog2.plugin.streams.StreamRule in project graylog2-server by Graylog2.
the class RegexMatcher method match.
@Override
public boolean match(Message msg, StreamRule rule) {
if (msg.getField(rule.getField()) == null)
return rule.getInverted();
try {
final Pattern pattern = patternCache.get(rule.getValue());
final CharSequence charSequence = new InterruptibleCharSequence(msg.getField(rule.getField()).toString());
return rule.getInverted() ^ pattern.matcher(charSequence).find();
} catch (ExecutionException e) {
LOG.error("Unable to get pattern from regex cache: ", e);
}
return false;
}
Aggregations