METRON-765: Add GUID to messages (iraghumitra via cestella) closes apache/incubator-metron#483
Project: http://git-wip-us.apache.org/repos/asf/incubator-metron/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-metron/commit/27b0d6e3 Tree: http://git-wip-us.apache.org/repos/asf/incubator-metron/tree/27b0d6e3 Diff: http://git-wip-us.apache.org/repos/asf/incubator-metron/diff/27b0d6e3 Branch: refs/heads/master Commit: 27b0d6e31de94317b085766349a892395f0d3309 Parents: 340e923 Author: iraghumitra <raghumitra....@gmail.com> Authored: Mon Mar 27 09:38:31 2017 -0400 Committer: cstella <ceste...@gmail.com> Committed: Mon Mar 27 09:38:31 2017 -0400 ---------------------------------------------------------------------- .../org/apache/metron/common/Constants.java | 1 + .../enrichment/bolt/EnrichmentSplitterBolt.java | 6 +- .../bolt/EnrichmentSplitterBoltTest.java | 4 + .../src/main/sample/data/asa/parsed/asa_parsed | 256 +++++++++---------- .../sample/data/bro/parsed/BroExampleParsed | 20 +- .../data/jsonMap/parsed/jsonMapExampleParsed | 4 +- .../main/sample/data/snort/parsed/SnortParsed | 6 +- .../sample/data/squid/parsed/SquidExampleParsed | 4 +- .../data/websphere/parsed/WebsphereParsed | 10 +- .../sample/data/yaf/parsed/YafExampleParsed | 20 +- .../apache/metron/parsers/bolt/ParserBolt.java | 4 + .../metron/parsers/bolt/ParserBoltTest.java | 13 +- ...pleHbaseEnrichmentWriterIntegrationTest.java | 2 +- .../metron/test/utils/ValidationUtils.java | 2 +- 14 files changed, 182 insertions(+), 170 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/27b0d6e3/metron-platform/metron-common/src/main/java/org/apache/metron/common/Constants.java ---------------------------------------------------------------------- diff --git a/metron-platform/metron-common/src/main/java/org/apache/metron/common/Constants.java b/metron-platform/metron-common/src/main/java/org/apache/metron/common/Constants.java index 29be31e..1dc73da 100644 --- a/metron-platform/metron-common/src/main/java/org/apache/metron/common/Constants.java +++ b/metron-platform/metron-common/src/main/java/org/apache/metron/common/Constants.java @@ -31,6 +31,7 @@ public class Constants { public static final String ERROR_STREAM = "error"; public static final String SIMPLE_HBASE_ENRICHMENT = "hbaseEnrichment"; public static final String SIMPLE_HBASE_THREAT_INTEL = "hbaseThreatIntel"; + public static final String GUID = "guid"; public static enum Fields { SRC_ADDR("ip_src_addr") http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/27b0d6e3/metron-platform/metron-enrichment/src/main/java/org/apache/metron/enrichment/bolt/EnrichmentSplitterBolt.java ---------------------------------------------------------------------- diff --git a/metron-platform/metron-enrichment/src/main/java/org/apache/metron/enrichment/bolt/EnrichmentSplitterBolt.java b/metron-platform/metron-enrichment/src/main/java/org/apache/metron/enrichment/bolt/EnrichmentSplitterBolt.java index 1ec4252..f9cad80 100644 --- a/metron-platform/metron-enrichment/src/main/java/org/apache/metron/enrichment/bolt/EnrichmentSplitterBolt.java +++ b/metron-platform/metron-enrichment/src/main/java/org/apache/metron/enrichment/bolt/EnrichmentSplitterBolt.java @@ -61,9 +61,10 @@ public class EnrichmentSplitterBolt extends SplitBolt<JSONObject> { } @Override public String getKey(Tuple tuple, JSONObject message) { - String key = null; + String key = null, guid = null; try { key = tuple.getStringByField("key"); + guid = (String)message.get(Constants.GUID); } catch(Throwable t) { //swallowing this just in case. @@ -71,6 +72,9 @@ public class EnrichmentSplitterBolt extends SplitBolt<JSONObject> { if(key != null) { return key; } + else if(guid != null) { + return guid; + } else { return UUID.randomUUID().toString(); } http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/27b0d6e3/metron-platform/metron-enrichment/src/test/java/org/apache/metron/enrichment/bolt/EnrichmentSplitterBoltTest.java ---------------------------------------------------------------------- diff --git a/metron-platform/metron-enrichment/src/test/java/org/apache/metron/enrichment/bolt/EnrichmentSplitterBoltTest.java b/metron-platform/metron-enrichment/src/test/java/org/apache/metron/enrichment/bolt/EnrichmentSplitterBoltTest.java index f3a1f2f..c79eb10 100644 --- a/metron-platform/metron-enrichment/src/test/java/org/apache/metron/enrichment/bolt/EnrichmentSplitterBoltTest.java +++ b/metron-platform/metron-enrichment/src/test/java/org/apache/metron/enrichment/bolt/EnrichmentSplitterBoltTest.java @@ -68,6 +68,10 @@ public class EnrichmentSplitterBoltTest extends BaseEnrichmentBoltTest { when(tuple.getStringByField("key")).thenReturn(someKey); key = enrichmentSplitterBolt.getKey(tuple, sampleMessage); Assert.assertEquals(someKey, key); + String guid = "sample-guid"; + when(sampleMessage.get("guid")).thenReturn(guid); + key = enrichmentSplitterBolt.getKey(tuple, sampleMessage); + Assert.assertEquals(guid, key); when(tuple.getBinary(0)).thenReturn(sampleMessageString.getBytes()); JSONObject generatedMessage = enrichmentSplitterBolt.generateMessage(tuple); removeTimingFields(generatedMessage);
