@Override public String getKeyFromTuple(Tuple tuple) { if (gson == null) { gson = new Gson(); } Short ruleId = tuple.getShortByField(Constants.FIELD_RULE_ID); return String.valueOf(ruleId); }
@Override public void execute(Tuple tuple) { short ruleId = 0; try { ruleId = tuple.getShortByField(Constants.FIELD_RULE_ID); String endPoint = uiEndpoint+ruleId; DEngineEvent event = (DEngineEvent)tuple.getValueByField(Constants.FIELD_EVENT); HttpPost req = new HttpPost(endPoint); req.setEntity(new StringEntity(new Gson().toJson(event.getHeaders()), ContentType.APPLICATION_JSON)); CloseableHttpResponse resp = client.execute(req); counter++; if(counter%1000==0) { System.out.println(endPoint+"\t"+resp.getStatusLine().getStatusCode()+"\t"+EntityUtils.toString(resp.getEntity())); System.err.println("Alerts sent to UI:"+counter); } } catch (Exception e) { StormContextUtil.emitErrorTuple(collector, tuple, AlertViewerBolt.class, tuple.toString(), "Failed to send alert to UI", e); } collector.ack(tuple); }
@Override public void execute(Tuple tuple) { short ruleId = 0; try { ruleId = tuple.getShortByField(Constants.FIELD_RULE_ID); String endPoint = uiEndpoint+ruleId; HendrixEvent event = (HendrixEvent)tuple.getValueByField(Constants.FIELD_EVENT); HttpPost req = new HttpPost(endPoint); req.setEntity(new StringEntity(new Gson().toJson(event.getHeaders()), ContentType.APPLICATION_JSON)); CloseableHttpResponse resp = client.execute(req); counter++; if(counter%1000==0) { System.out.println(endPoint+"\t"+resp.getStatusLine().getStatusCode()+"\t"+EntityUtils.toString(resp.getEntity())); System.err.println("Alerts sent to UI:"+counter); } } catch (Exception e) { StormContextUtil.emitErrorTuple(collector, tuple, AlertViewerBolt.class, tuple.toString(), "Failed to send alert to UI", e); } collector.ack(tuple); }
@Override public void execute(Tuple tuple) { try { client = Utils.buildClient(this.uiEndpoint, 3000, 3000); HttpPut put = new HttpPut(this.uiEndpoint + "/" + tuple.getShortByField(Constants.FIELD_ALERT_TEMPLATE_ID) + "/" + tuple.getBooleanByField(Constants.SUPRESSION_STATE)); client.execute(put); client.close(); } catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException | IOException e) { collector.reportError(e); } collector.ack(tuple); }
alertResult = materialize((Event) tuple.getValueByField(Constants.FIELD_EVENT), tuple.getStringByField(Constants.FIELD_RULE_GROUP), tuple.getShortByField(Constants.FIELD_RULE_ID), tuple.getShortByField(Constants.FIELD_ACTION_ID), tuple.getStringByField(Constants.FIELD_RULE_NAME), tuple.getShortByField(Constants.FIELD_ALERT_TEMPLATE_ID), tuple.getLongByField(Constants.FIELD_TIMESTAMP)); } else { alertResult = materialize((Event) tuple.getValueByField(Constants.FIELD_EVENT), tuple.getShortByField(Constants.FIELD_RULE_ID), tuple.getShortByField(Constants.FIELD_ACTION_ID), tuple.getStringByField(Constants.FIELD_RULE_NAME), tuple.getShortByField(Constants.FIELD_ALERT_TEMPLATE_ID), tuple.getLongByField(Constants.FIELD_TIMESTAMP)); StormContextUtil.emitErrorTuple(collector, tuple, TemplatedAlertingEngineBolt.class, "Failed to materialize alert due to missing template for rule:" + tuple.getShortByField(Constants.FIELD_RULE_ID) + ",templateid:" + tuple.getShortByField(Constants.FIELD_ALERT_TEMPLATE_ID), eventJson, null);
alertResult = materialize((Event) tuple.getValueByField(Constants.FIELD_EVENT), tuple.getStringByField(Constants.FIELD_RULE_GROUP), tuple.getShortByField(Constants.FIELD_RULE_ID), tuple.getShortByField(Constants.FIELD_ACTION_ID), tuple.getStringByField(Constants.FIELD_ALERT_TARGET), tuple.getStringByField(Constants.FIELD_ALERT_MEDIA), StormContextUtil.emitErrorTuple(collector, tuple, AlertingEngineBolt.class, "Failed to materialize alert due to missing template for rule:" + tuple.getShortByField(Constants.FIELD_RULE_ID) + ",action:" + tuple.getShortByField(Constants.FIELD_ACTION_ID), eventJson, null); } else { collector.emit(Constants.ALERT_STREAM_ID, tuple, new Values(alertResult.getTarget(), alertResult.getMedia(), alertResult.getBody(), gson.toJson(alertResult), tuple.getShortByField(Constants.FIELD_RULE_ID), tuple.getShortByField(Constants.FIELD_ACTION_ID)));
alertResult = materialize(((Event) tuple.getValueByField(Constants.FIELD_EVENT)).getHeaders(), tuple.getStringByField(Constants.FIELD_RULE_GROUP), tuple.getShortByField(Constants.FIELD_RULE_ID), tuple.getShortByField(Constants.FIELD_ACTION_ID), tuple.getStringByField(Constants.FIELD_RULE_NAME), tuple.getShortByField(Constants.FIELD_ALERT_TEMPLATE_ID), tuple.getLongByField(Constants.FIELD_TIMESTAMP)); if (alertResult != null) { StormContextUtil.emitErrorTuple(collector, tuple, TemplatedAlertingEngineBolt.class, "Failed to materialize alert due to missing template for rule:" + tuple.getShortByField(Constants.FIELD_RULE_ID) + ",templateid:" + tuple.getShortByField(Constants.FIELD_ALERT_TEMPLATE_ID), eventJson, null);
alertResult = materialize((Event) tuple.getValueByField(Constants.FIELD_EVENT), tuple.getStringByField(Constants.FIELD_RULE_GROUP), tuple.getShortByField(Constants.FIELD_RULE_ID), tuple.getShortByField(Constants.FIELD_ACTION_ID), tuple.getStringByField(Constants.FIELD_ALERT_TARGET), tuple.getStringByField(Constants.FIELD_ALERT_MEDIA), } else { alertResult = materialize((Event) tuple.getValueByField(Constants.FIELD_EVENT), tuple.getShortByField(Constants.FIELD_RULE_ID), tuple.getShortByField(Constants.FIELD_ACTION_ID), tuple.getStringByField(Constants.FIELD_ALERT_TARGET), tuple.getStringByField(Constants.FIELD_ALERT_MEDIA), StormContextUtil.emitErrorTuple(collector, tuple, AlertingEngineBolt.class, "Failed to materialize alert due to missing template for rule:" + tuple.getShortByField(Constants.FIELD_RULE_ID) + ",action:" + tuple.getShortByField(Constants.FIELD_ACTION_ID), eventJson, null); } else { collector.emit(Constants.ALERT_STREAM_ID, tuple, new Values(alertResult.getTarget(), alertResult.getMedia(), alertResult.getBody(), gson.toJson(alertResult), tuple.getShortByField(Constants.FIELD_RULE_ID), tuple.getShortByField(Constants.FIELD_ACTION_ID)));
when(input.getShortByField(Constants.FIELD_RULE_ID)).thenReturn((short) 1123); when(input.getStringByField(Constants.FIELD_RULE_NAME)).thenReturn("hello"); when(input.getStringByField(Constants.FIELD_RULE_GROUP)).thenReturn("test"); when(input.getLongByField(Constants.FIELD_TIMESTAMP)).thenReturn(1L); when(input.getShortByField(Constants.FIELD_ALERT_TEMPLATE_ID)).thenReturn((short) 0); when(input.getShortByField(Constants.FIELD_ACTION_ID)).thenReturn((short) 0); bolt.execute(input); Gson gson = new Gson();
@Test public void testAlertExecution() { AlertingEngineBolt bolt = new AlertingEngineBolt(); when(input.getSourceStreamId()).thenReturn(Constants.EVENT_STREAM_ID); int hostCounter = 0; for (String event : events) { final AtomicReference<Values> processedEventContainer = new AtomicReference<Values>(null); bolt.prepare(stormConf, null, MockTupleHelpers.mockCollector(new Answer<Object>() { @Override public Object answer(InvocationOnMock invocation) throws Throwable { Object newEvent = invocation.getArguments()[2]; processedEventContainer.set((Values) newEvent); System.out.println("Alert emitted:" + processedEventContainer.get()); return new ArrayList<>(); } })); when(input.getValueByField(Constants.FIELD_EVENT)).thenReturn(TestUtils.stringToEvent(event)); when(input.getShortByField(Constants.FIELD_RULE_ID)).thenReturn((short) 1123); when(input.getShortByField(Constants.FIELD_ACTION_ID)).thenReturn((short) 0); when(input.getStringByField(Constants.FIELD_ALERT_TARGET)).thenReturn("dlp"); when(input.getStringByField(Constants.FIELD_ALERT_MEDIA)).thenReturn("mail"); bolt.execute(input); assertEquals("dlp", processedEventContainer.get().get(0)); assertEquals("mail", processedEventContainer.get().get(1)); if (processedEventContainer.get().get(2).toString().contains("test")) { hostCounter++; } } assertEquals(4, hostCounter); }