Java Code Examples for org.graylog2.plugin.Message#getField()

The following examples show how to use org.graylog2.plugin.Message#getField() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: BeatsCodecTest.java    From graylog-plugin-beats with GNU General Public License v3.0 6 votes vote down vote up 
@Test
public void decodeMessagesHandlesFilebeatMessagesWithoutPrefix() throws Exception {
    configuration = new Configuration(Collections.singletonMap("beats_prefix", false));
    codec = new BeatsCodec(configuration, objectMapper);

    final Message message = codec.decode(messageFromJson("filebeat.json"));
    assertThat(message).isNotNull();
    assertThat(message.getMessage()).isEqualTo("TEST");
    assertThat(message.getTimestamp()).isEqualTo(new DateTime(2016, 4, 1, 0, 0, DateTimeZone.UTC));
    assertThat(message.getField("facility")).isEqualTo("beats");
    assertThat(message.getField("beats_type")).isEqualTo("filebeat");
    assertThat(message.getField("source")).isEqualTo("/tmp/test.log");
    assertThat(message.getField("input_type")).isEqualTo("log");
    assertThat(message.getField("count")).isEqualTo(1);
    assertThat(message.getField("offset")).isEqualTo(0);
    @SuppressWarnings("unchecked") final List<String> tags = (List<String>) message.getField("tags");
    assertThat(tags).containsOnly("foobar", "test");
}
Example 2
Source File: BeatsCodecTest.java    From graylog-plugin-beats with GNU General Public License v3.0 6 votes vote down vote up 
@Test
public void decodeMessagesHandlesFilebeatMessages() throws Exception {
    final Message message = codec.decode(messageFromJson("filebeat.json"));
    assertThat(message).isNotNull();
    assertThat(message.getMessage()).isEqualTo("TEST");
    assertThat(message.getSource()).isEqualTo("example.local");
    assertThat(message.getTimestamp()).isEqualTo(new DateTime(2016, 4, 1, 0, 0, DateTimeZone.UTC));
    assertThat(message.getField("facility")).isEqualTo("beats");
    assertThat(message.getField("beats_type")).isEqualTo("filebeat");
    assertThat(message.getField("filebeat_source")).isEqualTo("/tmp/test.log");
    assertThat(message.getField("filebeat_input_type")).isEqualTo("log");
    assertThat(message.getField("filebeat_count")).isEqualTo(1);
    assertThat(message.getField("filebeat_offset")).isEqualTo(0);
    @SuppressWarnings("unchecked") final List<String> tags = (List<String>) message.getField("filebeat_tags");
    assertThat(tags).containsOnly("foobar", "test");
}
Example 3
Source File: AWSInstanceNameLookupProcessor.java    From graylog-plugin-aws with Apache License 2.0 5 votes vote down vote up 
@Override
public Messages process(Messages messages) {
    if (config == null || !config.lookupsEnabled() || !table.isLoaded()) {
        return messages;
    }

    for (Message message : messages) {
        Object awsGroupId = message.getField(AWS.SOURCE_GROUP_IDENTIFIER);
        if(awsGroupId != null && awsGroupId.equals(true)) {
            // This is a message from one of our own inputs and we want to do a lookup.
            TRANSLATABLE_FIELD_NAMES.stream().filter(fieldName -> message.hasField(fieldName)).forEach(fieldName -> {
                // Make it so!
                message.addField(
                        fieldName + "_entity",
                        table.findByIp(message.getField(fieldName).toString()).getName()
                );

                message.addField(
                        fieldName + "_entity_description",
                        table.findByIp(message.getField(fieldName).toString()).getDescription()
                );

                message.addField(
                        fieldName + "_entity_aws_type",
                        table.findByIp(message.getField(fieldName).toString()).getAWSType()
                );
            });

        }
    }

    return messages;
}