search

billmurrin / graylog-plugin-slookup-function

Stream Lookup function for GrayLog2 Pipeline Processor
GNU General Public License v3.0
14 stars 4 forks source link

Graylog 4 does not start with slookup #12

Open victorfeng19 opened 3 years ago

victorfeng19 commented 3 years ago

Hi,

We have been using slookup heavily in Graylog 2.x. Now we are upgrading to Graylog 4. Graylog 4 does not start with this plugin. It keeps throwing out following msg.

2021-09-13T15:17:01.089-04:00 INFO [Version] HV000001: Hibernate Validator null 2021-09-13T15:17:14.391-04:00 INFO [CmdLineTool] Loaded plugin: Csv function 0.0.4 [com.alexjck.plugins.csv.CsvFunctionPlugin] 2021-09-13T15:17:14.394-04:00 INFO [CmdLineTool] Loaded plugin: AWS plugins 4.0.5 [org.graylog.aws.AWSPlugin] 2021-09-13T15:17:14.395-04:00 INFO [CmdLineTool] Loaded plugin: Enterprise Integrations 4.0.5 [org.graylog.enterprise.integrations.EnterpriseIntegrationsPlugin] 2021-09-13T15:17:14.396-04:00 INFO [CmdLineTool] Loaded plugin: Integrations 4.0.5 [org.graylog.integrations.IntegrationsPlugin] 2021-09-13T15:17:14.396-04:00 INFO [CmdLineTool] Loaded plugin: Collector 4.0.5 [org.graylog.plugins.collector.CollectorPlugin] 2021-09-13T15:17:14.397-04:00 INFO [CmdLineTool] Loaded plugin: Graylog Enterprise 4.0.5 [org.graylog.plugins.enterprise.EnterprisePlugin] 2021-09-13T15:17:14.397-04:00 INFO [CmdLineTool] Loaded plugin: Stream Lookup pipeline function 2.0.0 [org.graylog.plugins.slookup.StreamLookupFunctionPlugin] 2021-09-13T15:17:14.398-04:00 INFO [CmdLineTool] Loaded plugin: Threat Intelligence Plugin 4.0.5 [org.graylog.plugins.threatintel.ThreatIntelPlugin] 2021-09-13T15:17:14.398-04:00 INFO [CmdLineTool] Loaded plugin: Elasticsearch 6 Support 4.0.5+d95b909 [org.graylog.storage.elasticsearch6.Elasticsearch6Plugin] 2021-09-13T15:17:14.398-04:00 INFO [CmdLineTool] Loaded plugin: Elasticsearch 7 Support 4.0.5+d95b909 [org.graylog.storage.elasticsearch7.Elasticsearch7Plugin] 2021-09-13T15:17:14.594-04:00 INFO [CmdLineTool] Running with JVM arguments: -Xms4g -Xmx4g -XX:NewRatio=1 -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -XX:-OmitStackTraceInFastThrow -Djdk.tls.acknowledgeCloseNotify=true -Djavax.net.ssl.trustStore=/etc/graylog/server/cert/cacerts.jks -XX:+UseParNewGC -Dlog4j.configurationFile=file:///etc/graylog/server/log4j2.xml -Djava.library.path=/usr/share/graylog-server/lib/sigar -Dgraylog2.installation_source=rpm 2021-09-13T15:17:14.802-04:00 INFO [Version] HV000001: Hibernate Validator null

Can you take a look please?

csjhonore commented 3 years ago

Pour faire fonctionner le plugin avec les versions 4.0.x de graylog : Supprimer la directive suivante import org.elasticsearch.action.search.SearchPhaseExecutionException; Supprimer les appels à org.graylog2.indexer.searches.Sorting.asElastic() (ces commandes ne sont appelées que dans des exceptions...

csjhonore commented 3 years ago

Pour faire fonctionner le plugin avec les versions 4.1.x de graylog : Modifier le fichier "StreamLookupFunction.java" Ajouter dans l'en-tête : import org.graylog2.plugin.indexer.searches.timeranges.InvalidRangeParametersException; Remplacer :

this.timeRange = RelativeRange.builder().type("relative").range(timeRange).build();

Par :

try {
  this.timeRange = RelativeRange.create(timeRange.intValue());
} catch (InvalidRangeParametersException e) {
  LOG.info(e.getMessage());
}
victorfeng19 commented 3 years ago

Thank you!

jimzz2live commented 3 years ago

Thanks csjhonore I took a try at it and have it working for Graylog 4.1.5:

https://github.com/jimzz2live/graylog-plugin-slookup-function/releases/tag/4.1.0