>
> Is there any other approach to check
> that through writing Java test-cases? Righting test-cases would be easier
> for keeping track of changes.
While the Shell is great, it does not serve as an automated, repeatable
test case.
An alternative approach along these lines, is to create your own JUnit test
cases that leverage a Stellar executor to execute arbitrary expressions and
validate the result. This is what we do in any unit tests for Stellar
functions. For example, see `GetProfileTest` that tests the Profiler's
`PROFILE_GET` function.
Do you think these examples get you 80% there?
On Fri, Jul 7, 2017 at 10:54 AM, Nick Allen <n...@nickallen.org> wrote:
> For experimenting or validating specific Stellar expressions, the Stellar
> Shell is perfect. To do this, you just have to remember than when your
> Stellar expressions execute all of the fields of the message are in-scope.
>
> For example, here is a quick session where I mock-up some logic that sends
> a message to Triage if a hypothetical "count" field is greater than 22. In
> this example, I expect my telemetry to look-like the following.
>
> {
> "ip_src_addr": "10.0.0.2",
> "ip_dst_addr": "10.0.0.3",
> "ip_src_port": "22",
> "ip_dst_port": "12345",
> "source.type": "bro",
> "count": "22"
> }
>
>
> Like I said, when my Stellar expression executes each of the fields from
> the message are in-scope as variables. To replicate this in the shell, all
> I have to do is create those variables as I would expect them to exist in
> the telemetry.
>
> [Stellar]>>>
> [Stellar]>>> ip_src_addr := "10.0.0.2"
> [Stellar]>>> ip_dst_addr := "10.0.0.3"
> [Stellar]>>> ip_src_port := 22
> [Stellar]>>> ip_dst_port := 12345
> [Stellar]>>> source.type := "bro"
> [Stellar]>>> count := 22
> [Stellar]>>> is_alert := if count > 22 then true else false
> [Stellar]>>> is_alert
>
> false
>
> This session helped me validate the `is_alert` expression that I will add
> as an enrichment expression.
>
> Hope that answered at least some of your questions.
>
>
>
>
> On Tue, Jul 4, 2017 at 10:23 AM, Ali Nazemian <alinazem...@gmail.com>
> wrote:
>
>> Hi Simon,
>>
>> Yeah, it does, but we are looking for a way to mock a specific message and
>> check some post-parse/enrichments stuff. Is that achievable via Stellar
>> shell? Right now we are checking that either through end-to-end testing,
>> or
>> changing flux files to check them section by section. Unfortunately, both
>> approaches are time-consuming. We are using the Stellar shell for only
>> checking the validity of Stellar functions one by one right now.
>>
>> Suppose there is an approach we can define a JSON object as an output of a
>> parser. Then, we can apply a set of post-parsing and enrichment process on
>> that JSON object and check the output. Is that achievable via Stellar
>> shell? Do you have any sample that we can follow to understand Stellar
>> shell capabilities for this scenario? Is there any other approach to check
>> that through writing Java test-cases? Righting test-cases would be easier
>> for keeping track of changes.
>>
>> Cheers,
>> Ali
>>
>>
>> On Wed, Jul 5, 2017 at 12:06 AM, Simon Elliston Ball <
>> si...@simonellistonball.com> wrote:
>>
>> > You should probably use the Stellar REPL (../metron/bin/stellar -z $ZK)
>> > which gives you a kind of Stellar playground.
>> >
>> > Simon
>> >
>> > > On 4 Jul 2017, at 15:02, Ali Nazemian <alinazem...@gmail.com> wrote:
>> > >
>> > > Hi all,
>> > >
>> > > I was wondering if there is a test framework we can use for Stellar
>> > > post-parsing and enrichment use cases. It is very time-consuming to
>> > verify
>> > > use cases end-to-end. Therefore, I am looking for a way of mocking use
>> > > cases step by step to speed up our development.
>> > >
>> > > Regards,
>> > > Ali
>> >
>> >
>>
>>
>> --
>> A.Nazemian
>>
>
>
