org.graylog2.plugin.Tools Java Examples
The following examples show how to use
org.graylog2.plugin.Tools.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: BeatsCodec.java From graylog-plugin-beats with GNU General Public License v3.0 | 6 votes |
|
private Message parseEvent(JsonNode event) {
final String beatsType = event.path("@metadata").path("beat").asText("beat");
final String rootPath = useBeatPrefix ? beatsType : "";
final String message = event.path("message").asText("-");
final String timestampField = event.path("@timestamp").asText();
final DateTime timestamp = Tools.dateTimeFromString(timestampField);
final JsonNode beat = event.path("beat");
final String hostname = beat.path("hostname").asText(BEATS_UNKNOWN);
final Message gelfMessage = new Message(message, hostname, timestamp);
gelfMessage.addField("beats_type", beatsType);
gelfMessage.addField("facility", "beats");
addFlattened(gelfMessage, rootPath, event);
return gelfMessage;
}
Example #2
| Source File: AggregatesAlertCondition.java From graylog-plugin-aggregates with GNU General Public License v3.0 | 6 votes |
|
@AssistedInject
public AggregatesAlertCondition(Searches searches,
ClusterConfigService clusterConfigService,
HistoryItemService historyItemService,
@Assisted Stream stream,
@Nullable @Assisted("id") String id,
@Assisted DateTime createdAt,
@Assisted("userid") String creatorUserId,
@Assisted Map<String, Object> parameters,
@Assisted("title") @Nullable String title) {
super(stream, id, AggregatesUtil.ALERT_CONDITION_TYPE, createdAt, creatorUserId, parameters, title);
this.description = (String) parameters.get("description");
this.query = (String) parameters.get("query");
this.field = (String) parameters.get("field");
this.numberOfMatches = (Long)parameters.get("number_of_matches");
this.matchMoreOrEqual = parameters.get("match_more_or_equal") == null ? true : (boolean) parameters.get("match_more_or_equal");
this.searches = searches;
this.limit = 100;
this.interval = Tools.getNumber(parameters.get("interval"), Integer.valueOf(1)).intValue();
this.ruleName = (String) parameters.get("rule_name");
this.clusterConfigService = clusterConfigService;
this.historyItemService= historyItemService;
}
Example #3
| Source File: FormattedEmailAlertSender.java From graylog-plugin-aggregates with GNU General Public License v3.0 | 5 votes |
|
private String buildStreamDetailsURL(URI baseUri, AlertCondition.CheckResult checkResult, Stream stream) {
// Return an informational message if the web interface URL hasn't been set
if (baseUri == null || isNullOrEmpty(baseUri.getHost())) {
return "Please configure 'transport_email_web_interface_url' in your Graylog configuration file.";
}
int time = 5;
if (checkResult.getTriggeredCondition().getParameters().get("time") != null) {
time = (int) checkResult.getTriggeredCondition().getParameters().get("time");
}
DateTime dateAlertEnd = checkResult.getTriggeredAt();
DateTime dateAlertStart = dateAlertEnd.minusMinutes(time);
String alertStart = Tools.getISO8601String(dateAlertStart);
String alertEnd = Tools.getISO8601String(dateAlertEnd);
AggregatesAlertCondition condition = (AggregatesAlertCondition) checkResult.getTriggeredCondition();
String query = condition.getQuery();
if (query != null && !"".equals(query)){
try {
query= "&q=" + URLEncoder.encode(query,"UTF-8");
} catch (UnsupportedEncodingException e) {
LOG.error("Failed to encode query [{}]", query );
}
} else {
query = "";
}
return baseUri + "/streams/" + stream.getId() + "/messages?rangetype=absolute&from=" + alertStart + "&to=" + alertEnd + query;
}
Example #4
| Source File: AggregatesAlertCondition.java From graylog-plugin-aggregates with GNU General Public License v3.0 | 5 votes |
|
public boolean parametersEqual(Map<String, Object> parameters){
if (this.description == null || !this.description.equals((String) parameters.get("description"))){
return false;
}
if (this.query == null || !this.query.equals((String) parameters.get("query"))){
return false;
}
if (this.ruleName == null || !this.ruleName.equals((String) parameters.get("rule_name"))){
return false;
}
if (this.field == null || !this.field.equals((String) parameters.get("field"))){
return false;
}
if (!this.numberOfMatches.equals((Long)parameters.get("number_of_matches"))){
return false;
}
if (this.matchMoreOrEqual != (parameters.get("match_more_or_equal") == null ? true : (boolean) parameters.get("match_more_or_equal"))){
return false;
}
if (this.repeatNotifications != (boolean) parameters.get("repeat_notifications")){
return false;
}
if (this.interval != Tools.getNumber(parameters.get("interval"), Integer.valueOf(1)).intValue()){
return false;
}
return true;
}
Example #5
| Source File: S3Reader.java From graylog-plugin-aws with Apache License 2.0 | 5 votes |
|
public String readCompressed(String bucket, String key) throws IOException {
S3Object o = this.client.getObject(bucket, key);
if (o == null) {
throw new RuntimeException("Could not get S3 object from bucket [" + bucket + "].");
}
byte[] bytes = IOUtils.toByteArray(o.getObjectContent());
return Tools.decompressGzip(bytes);
}
Example #6
| Source File: AggregatesAlertCondition.java From graylog-plugin-aggregates with GNU General Public License v3.0 | 4 votes |
|
@Override
public CheckResult runCheck() {
Integer backlogSize = getBacklog();
boolean backlogEnabled = false;
int searchLimit = 100;
if(backlogSize != null && backlogSize > 0) {
backlogEnabled = true;
searchLimit = backlogSize;
}
List<MessageSummary> summaries = Lists.newArrayListWithCapacity(searchLimit);
String filter = "streams:" + stream.getId();
final TimeRange timeRange = buildRelativeTimeRange(60 * this.interval);
Map<String, Long> matchedTerms = new HashMap<String, Long>();
TermsResult result = null;
long ruleCount = 0;
if (null != timeRange) {
result = searches.terms(field, limit, query, filter, timeRange);
LOG.debug("built query: " + result.getBuiltQuery());
LOG.debug("query took " + result.tookMs() + "ms");
for (Map.Entry<String, Long> term : result.getTerms().entrySet()) {
String matchedFieldValue = term.getKey();
Long count = term.getValue();
if ((matchMoreOrEqual && count >= numberOfMatches)
|| (!matchMoreOrEqual && count < numberOfMatches)) {
LOG.info(count + " found for " + field + "=" + matchedFieldValue);
matchedTerms.put(matchedFieldValue, count);
ruleCount += count;
if (backlogEnabled) {
SearchResult searchResult = searches.search(
query + " AND " + field + ": " + QueryParser.escape(matchedFieldValue),
filter,
timeRange,
searchLimit,
0,
new Sorting(Message.FIELD_TIMESTAMP, Sorting.Direction.DESC)
);
for (ResultMessage resultMessage : searchResult.getResults()) {
if (summaries.size() < searchLimit) {
final Message msg = resultMessage.getMessage();
summaries.add(new MessageSummary(resultMessage.getIndex(), msg));
} else {
break;
}
}
} else {
summaries = Collections.emptyList();
LOG.debug("No messages found");
}
}
}
}
if (result != null && (!matchedTerms.isEmpty() || (result.getTerms().size() == 0 && !matchMoreOrEqual))){
HistoryItem historyItem = HistoryItemImpl.create(this.ruleName, new Date(), ruleCount);
historyItemService.create(historyItem);
LOG.debug("Alert check <{}> found [{}] terms.", id, matchedTerms.size());
return new AggregatesCheckResult(true, this, this.description, Tools.nowUTC(), summaries, matchedTerms);
} else {
LOG.debug("Alert check <{}> found no terms, alert should be resolved.");
return new NegativeCheckResult();
}
}
