public String streamEventToJson(AlertStreamEvent event) { Map<String, Object> jsonMap = new HashMap<String, Object>(); jsonMap.put("policyId", event.getPolicyId()); jsonMap.put("streamId", event.getStreamId()); jsonMap.put("createBy", event.getCreatedBy()); jsonMap.put("createTime", event.getCreatedTime()); // data int size = event.getData().length; List<StreamColumn> columns = event.getSchema().getColumns(); for (int i = 0; i < size; i++) { if (columns.size() < i) { // redundant check to log inconsistency LOG.error(" stream event data have different lenght compare to column definition! "); } else { jsonMap.put(columns.get(i).getName(), event.getData()[i]); } } return JsonUtils.writeValueAsString(jsonMap); }
private static VelocityContext buildAlertContext(PolicyDefinition policyDefinition, AlertStreamEvent event) { VelocityContext context = new VelocityContext(); context.put(AlertContextFields.SITE_ID, event.getSiteId()); context.put(AlertContextFields.STREAM_ID, event.getStreamId()); context.put(AlertContextFields.ALERT_ID, event.getAlertId()); context.put(AlertContextFields.CREATED_BY, event.getCreatedBy()); context.put(AlertContextFields.CREATED_TIMESTAMP, event.getCreatedTime()); context.put(AlertContextFields.CREATED_TIME, String.format("%s %s", DateTimeUtil.millisecondsToHumanDateWithSeconds(event.getCreatedTime()), DateTimeUtil.CURRENT_TIME_ZONE.getID())); context.put(AlertContextFields.ALERT_TIMESTAMP, event.getTimestamp()); context.put(AlertContextFields.ALERT_TIME, String.format("%s %s", DateTimeUtil.millisecondsToHumanDateWithSeconds(event.getTimestamp()), DateTimeUtil.CURRENT_TIME_ZONE.getID())); context.put(AlertContextFields.ALERT_SCHEMA, event.getSchema()); context.put(AlertContextFields.ALERT_EVENT, event); context.put(AlertContextFields.POLICY_ID, policyDefinition.getName()); context.put(AlertContextFields.POLICY_DESC, policyDefinition.getDescription()); context.put(AlertContextFields.POLICY_TYPE, policyDefinition.getDefinition().getType()); context.put(AlertContextFields.POLICY_DEFINITION, policyDefinition.getDefinition().getValue()); context.put(AlertContextFields.POLICY_HANDLER, policyDefinition.getDefinition().getHandlerClass()); for (Map.Entry<String, Object> entry : event.getDataMap().entrySet()) { context.put(entry.getKey(), entry.getValue()); } return context; } }
event.getPolicyId(), event.getCreatedTime(), customFieldValues), stateFiledValue); if (outputEvents != null && outputEvents.size() > 0) { return outputEvents;
public AlertEntity convertAlertEvent(AlertStreamEvent event) { Preconditions.checkNotNull(event.getAlertId(), "alertId is not initialized before being published: " + event.toString()); AlertEntity alertEvent = new AlertEntity(); Map<String, String> tags = new HashMap<>(); tags.put(POLICY_ID_KEY, event.getPolicyId()); tags.put(ALERT_ID_KEY, event.getAlertId()); tags.put(ALERT_CATEGORY, event.getCategory()); tags.put(ALERT_SEVERITY, event.getSeverity().toString()); String host = event.getDataMap().getOrDefault("host", "null").toString(); String hostname = event.getDataMap().getOrDefault("hostname", "null").toString(); if (host != "null") { tags.put(ALERT_HOST, host); } else { tags.put(ALERT_HOST, hostname); } if (event.getContext() != null && !event.getContext().isEmpty()) { tags.put(SITE_ID_KEY, event.getContext().get(SITE_ID_KEY).toString()); alertEvent.setPolicyValue(event.getContext().get(POLICY_VALUE_KEY).toString()); alertEvent.setAppIds((List<String>) event.getContext().get(APP_IDS_KEY)); } alertEvent.setTimestamp(event.getCreatedTime()); alertEvent.setAlertData(event.getDataMap()); alertEvent.setAlertSubject(event.getSubject()); alertEvent.setAlertBody(event.getBody()); alertEvent.setTags(tags); return alertEvent; }
alertContext.put(PublishConstants.ALERT_EMAIL_ALERT_SEVERITY, event.getSeverity().toString()); alertContext.put(PublishConstants.ALERT_EMAIL_TIME, String.format("%s %s", DateTimeUtil.millisecondsToHumanDateWithSeconds(event.getCreatedTime()), DateTimeUtil.CURRENT_TIME_ZONE.getID())); alertContext.put(PublishConstants.ALERT_EMAIL_STREAM_ID, event.getStreamId());
public static AlertPublishEvent createAlertPublishEvent(AlertStreamEvent event) { Preconditions.checkNotNull(event.getAlertId(), "alertId is not initialized before being published: " + event.toString()); AlertPublishEvent alertEvent = new AlertPublishEvent(); alertEvent.setAlertId(event.getAlertId()); alertEvent.setPolicyId(event.getPolicyId()); alertEvent.setAlertTimestamp(event.getCreatedTime()); alertEvent.setStreamId(event.getStreamId()); alertEvent.setCreatedBy(event.getCreatedBy()); alertEvent.setCreatedTime(event.getCreatedTime()); alertEvent.setAlertSubject(event.getSubject()); alertEvent.setAlertBody(event.getBody()); if (event.getContext() != null && !event.getContext().isEmpty()) { if (event.getContext().containsKey(SITE_ID_KEY)) { alertEvent.setSiteId(event.getContext().get(SITE_ID_KEY).toString()); } if (event.getContext().containsKey(POLICY_VALUE_KEY)) { alertEvent.setPolicyValue(event.getContext().get(POLICY_VALUE_KEY).toString()); } if (event.getContext().containsKey(APP_IDS_KEY)) { alertEvent.setAppIds((List<String>) event.getContext().get(APP_IDS_KEY)); } } alertEvent.setAlertData(event.getDataMap()); return alertEvent; }
EventUniq eventkey = new EventUniq(event.getStreamId(), event.getPolicyId(), event.getCreatedTime(), customFieldValues); LOG.info("event key: " + eventkey); LOG.info("dedup field: " + this.getDedupStateField());
event.setSchema(originalEvent.getSchema()); event.setPolicyId(originalEvent.getPolicyId()); event.setCreatedTime(originalEvent.getCreatedTime()); event.setCreatedBy(originalEvent.getCreatedBy()); event.setTimestamp(originalEvent.getTimestamp());
@Test public void testNormal() throws Exception { Config config = ConfigFactory.load(); DedupCache dedupCache = new DedupCache(config, "testPublishment"); StreamDefinition stream = createStream(); PolicyDefinition policy = createPolicy(stream.getStreamId(), "testPolicy"); String[] states = new String[] {"OPEN", "WARN", "CLOSE"}; Random random = new Random(); for (int i = 0; i < 20; i++) { AlertStreamEvent event = createEvent(stream, policy, new Object[] { System.currentTimeMillis(), "host1", "testPolicy-host1-01", states[random.nextInt(3)], 0, 0 }); HashMap<String, String> dedupFieldValues = new HashMap<String, String>(); dedupFieldValues.put("alertKey", (String) event.getData()[event.getSchema().getColumnIndex("alertKey")]); List<AlertStreamEvent> result = dedupCache.dedup(event, new EventUniq(event.getStreamId(), event.getPolicyId(), event.getCreatedTime(), dedupFieldValues), "state", (String) event.getData()[event.getSchema().getColumnIndex("state")], "closed"); System.out.println((i + 1) + " >>>> " + ToStringBuilder.reflectionToString(result)); } Assert.assertTrue(true); }