All Classes and Interfaces
Class
Description
Helper Function implementation which evaluates and memoizes all constant FunctionArgs.
Contains functionality that is used in multiple API resources.
Provides access to access tokens in the database.
Audit actor is always the username.
Address (A/AAAA) DNS lookup response from
DnsClient.Active Directory UserAccountControl flags.
Checks all POST, PUT and DELETE resource methods for
AuditEvent annotations and reports missing ones.Represents an audit event with namespace, object and action.
Thrown when authentication fails due to an external service being unavailable.
A token to be used for token-based authentication.
Utility methods related to Google AutoValue
A common utils class for the AWS plugin.
Responsible for initializing and building AWS SDK clients.
General AWS input for all types of supported AWS logs.
This request is used to save a new Kinesis AWS input.
A helper class that supports the ability to detect the type of AWS log message.
Identifies the type of input for a particular log source (eg.
Each source will require its own specific set of input configuration fields.
All AWS API requests should implement this interface.
A common implementation on AWSRequest, which can be used for any AWS request that just needs region and credentials.
Web endpoints for the AWS integration.
FrameDecoder for the Beats/Lumberjack protocol.
BucketSpecs describe configurations for aggregation buckets.
Implementations of this class contribute handlers for buckets concrete implementations of
the pivot search type.This TermRangeQuery bypasses Automation and its generated states when it comes to the visitor pattern.
This will be passed to
LookupDataAdapter.refresh(LookupCachePurge) to allow data adapters to purge
the cache after updating their state/data.Place to store constants that are not a subject of user/client configuration.
Merges signed certificate, received after CSR was processed, with private key, that was awaiting in a safe file.
This class provides the opportunity to add top level commands or command groups to the bootstrap processes.
A single CloudWatch log event.
A collection of CloudWatch log events that was generated by a Kinesis CloudWatch log subscription.
Service to save and retrieve cluster configuration beans.
Specification for a Cluster Configuration object.
The primary objective of this API is to provide facilities for managing Lookup Tables on the cluster level.
Deprecated.
Deprecated.
Shutting down nodes using an API request is discouraged in favor of using a service manager to
control the server process.
Deprecated, for removal: This API element is subject to removal in a future version.
Use
DbEntity insteadHelper class to hold configuration of Graylog
Exception thrown in case of an invalid configuration
A Content Security Policy header consists of a list of policy directives, each of
which consists of a directive and one or more values:
The
DBJobDefinitionService is still using the old mongojack version, so we can't implement a
findOrCreate method and have to use this custom service until the class is migrated to the new mongojack
version.Manages database state for
EventProcessors.Manages the database collection for processing status.
A fallback failure handler, which persists submitted failures in Mongo via
IndexFailureService.A default set of configuration values, which leaves
the original failure handling behaviour intact.
This is the default
JobSchedulerConfig.Creates a session response which contains the common attributes of the session.
This class subscribes to all
StreamsChangedEvent events and reloads the default stream if it has changed.A Jackson
Module that adds our custom DeserializationProblemHandler implementations
to the object mapper.Development implementation of the
IndexHtmlGenerator interface that provides a dummy "index.html" page.Manages a pool of Netty
DnsNameResolverFactory objects.This class provides access to the system and plugin API resources that are available through the Guice multi-binder.
The main difference to using a CSVReader is that this explicitly handles comment lines and does not support
a column name line.
ElasticsearchException is the superclass of those
exceptions that can be thrown during the normal interaction
with Elasticsearch.Utility class to create preconfigured
Email instances by applying the settings from
EmailConfiguration.Dummy class to allow constructing an empty
query instance.Utility functions to deal with input configuration that contains encrypted values.
This is a container for encrypted values.
Configures an
ObjectMapper to enable database serialization for EncryptedValue.The unique description of a (virtual) entity by ID and type.
This object maps
EntityDescriptor objects to generated IDs that will be used as ID in
Entity objects.Handler for sharing calls.
Deserialize DateTime from MongoDB, ISODateTime or our ES_DATE_FORMAT format
Represents an operation that accepts a single input argument and returns no result.
Collects additional information for
event definitions like
scheduler information.Handles event definitions and creates scheduler job definitions and job triggers.
This class contains indices helper for the events system.
Data object that can be used in notifications to provide structured data to plugins.
Interface to be implemented by event processors.
This can be used by an event processor to check if required event definitions have already processed a specific
timerange.
This is thrown when an
EventProcessor fails.This gets thrown when a precondition for an event processor is not ready.
Stores the information necessary to recreate a query that triggered a search-based event.
Resolves dependencies between events
The event handler engine is responsible for executing handlers on events.
This indicates an error in an
EventStorageHandler.List of configuration values that are safe to return, i.e.
A failure occurring at different stages of message processing
(e.g.
A structure bearing a batch of failures.
A tag-like label representing a failure cause
A handler for failures, occurring at different stages of message processing
(e.g.
A runtime failure handling configuration.
A service consuming and processing failure batches submitted via
FailureSubmissionQueue.A factory creating an index mapping template for the failure index.
A supplementary service layer, which is aimed to simplify failure
submission for the calling code.
Leader election when we don't care (i.e.
This is the dummy config that accepts anything and has a marker method to detect a missing plugin.
This is the dummy config that accepts anything and has a marker method to detect a missing plugin.
Falback provider for GRN types that don't have a custom
GRNDescriptorProvider yet.Interface for field type lookups.
Maps Elasticsearch field types to Graylog types.
A
FileInfo presents a concise way of checking for file modification based on its file system attributes.The default BooleanQuery from lucene uses Multiset implementations in the visit method.
This Module binds a
Named boolean that can be used to detect whether a fresh installation
of Graylog is happening.This is generating API information in Swagger format.
A service to check whether the ASN and City MaxMind/IPInfo database files have changed, as well as whether the configuration has changed.
A
ClusterConfigValidator to validate configuration objects of type GeoIpResolverConfig.A factory to create ASN and Location
GeoIpResolver resolvers based on the DatabaseVendorType contained in
the current GeoIpResolverConfig.A service to create a
GeoIpResolver for a given configuration file and DatabaseVendorType.Services can implement this to participate in a graceful shutdown of the server.
A service that participates in the Graylog server graceful shutdown.
Listens for
UserDeletedEvents to remove orphaned grants from the DB.Deprecated.
Please use the appropriate enums in this package rather than this collection of strings
Deprecated.
This is a helper class for GRNs - Graylog Resource Names
GRNs are like URNs that we use for internal purposes only
A descriptor with metadata for a
GRN instance.Provides a
GRNDescriptor for the given GRN.Provides GRN descriptor instances.
Converts GRN strings format into a
GRN object.The global
GRN registry.Annotation to not bind a REST resource annotated with @Path in Graylog Cloud.
Resolves IANA protocol numbers to their names.
This decorator is needed to support field.id format for messages and aggregations.
This exception, when thrown by an implementation of
IndexTemplateProvider,
indicates that index template is not required for the current index rotation cycle
It might be useful in the following scenarios:
1) index template is managed externally
2) index template cannot be resolved at the moment
and it's acceptable to proceed with an already
existing template in ElasticsearchSearch filters are enterprise feature, so by default they won't be loaded.
This is only used for reuse of a wait strategy
This class can be used to poll index field type information for indices in an
IndexSet.Periodical that creates and maintains index field type information in the database.Manages the "index_field_types" MongoDB collection.
Implementations provide HTML content for an "index.html" file.
Representing the message type mapping in Elasticsearch.
Implementing classes provide an index mapping template representation that can be stored in Elasticsearch.
A
Periodical to clean up stale index ranges (e.In-database configuration (via ClusterConfigService) for index set
The values in this class are initialized from
ElasticsearchConfiguration configuration properties
to allow users to specify defaults for default system indices on the first boot of the Graylog server.Holds the information element definitions for the IANA assigned IPFIX information elements, as well as the
private enterprise extensions which can be loaded to support vendor extensions.
Container for base64 encoded binary data.
A PipelineService that does not persist any data, but simply keeps it in memory.
This
ProcessingStatusRecorder implementation should only be used for tests.A RuleService that does not persist any data, but simply keeps it in memory.
Custom
BeanDeserializer for input configuration values with transparent EncryptedValue handling.Record failures from
MessageInputs that happen during runtime.Provides CRUD operations for input status records.
Created by dennis on 12/12/14.
Created by dennis on 12/12/14.
Implement the PluginMetaData interface here.
Extend the PluginModule abstract class here to add you plugin to the system.
Implement the Plugin interface here.
Exception thrown in case of an invalid stream rule type.
Graylog's rule language wrapper for
InetAddress.Protobuf type
org.graylog.plugins.ipfix.DataSetProtobuf type
org.graylog.plugins.ipfix.DataSetProtobuf type
org.graylog.plugins.ipfix.RawIpfixProtobuf type
org.graylog.plugins.ipfix.RawIpfixA Graylog specific IPFIX parser.
A
GeoIpResolver to load IP ASN data from DatabaseVendorType.IPINFO.Custom
Reader wrapper to be able to support IPinfo database files.A
GeoIpResolver to load IP Location data from DatabaseVendorType.IPINFO.Small abstraction layer for the different location databases from MaxMind and IPinfo to make them usable in a
single lookup data adapter until we create separate adapters for the different databases.
A class that enables to get an IP range from CIDR specification.
Converts a comma separated list of IP addresses / sub nets to set of
IpSubnet.Interface to be implemented by job classes.
A simple event that signals a scheduler job completion to subscribers.
The job execution engine checks runnable triggers and starts job execution in the given worker pool.
This is thrown when a
Job failed to execute correctly.Pluggable interface for common job scheduler resource tasks.
JobResourceHandlers provide a pluggable way to list and cancel Jobs that run within the new JobScheduler.
A clock that provides access to the current
DateTime.Used by the scheduler to configure itself.
Job scheduler specific configuration fields for the server configuration file.
Job scheduler specific event bus instance.
Creates a
JobSchedulerEventBus instance.Job scheduler specific bindings.
Provides a few standard schedule strategies for triggers.
Job triggers can be in different lifecycle statuses.
Convenience factory to create
JobTriggerUpdate objects.Worker pool to execute jobs.
A Joda DurationSerializer that ignores the
com.fasterxml.jackson.databind.SerializationFeature.WRITE_DURATIONS_AS_TIMESTAMPS
setting and always serializes Durations to milliseconds.Protobuf type
org.graylog2.plugin.journal.CodecInfoProtobuf type
org.graylog2.plugin.journal.CodecInfoProtobuf type
org.graylog2.plugin.journal.JournalMessageProtobuf type
org.graylog2.plugin.journal.JournalMessageProtobuf type
org.graylog2.plugin.journal.RemoteAddressProtobuf type
org.graylog2.plugin.journal.RemoteAddressProtobuf type
org.graylog2.plugin.journal.SourceNodeProtobuf type
org.graylog2.plugin.journal.SourceNodeProtobuf enum
org.graylog2.plugin.journal.SourceNode.TypeAn annotation that can be used to set a default logical type name for documents that are missing it.
A runnable task that starts the Kinesis Consumer.
Responsible for decoding the raw Kinesis byte array payload.
Service for all AWS Kinesis business logic and SDK usages.
Web endpoints for the Kinesis auto-setup.
Runtime Kinesis consumer processor.
Periodically checks if there is a leader in the cluster and, if not, emits a notification
This is used to support legacy
AlarmCallbacks.Takes care of migrating legacy alert condition and alarm callback configurations to new
event definitions
and notification configurations.A decoder that splits the received
ByteBufs by one or more
delimiters.An ordering that compares objects according to a given order, sorting unknown elements by their natural comparison or last.
A decoder that splits the received
ByteBufs on line endings.This class is a convenience listener for
Service instances so that service lifecycle changes can easily
be logged without having to manually write listeners everywhere.This class is used as a key in
LookupCache implementations.This is passed into
LookupDataAdapter.doRefresh(LookupCachePurge) to allow data adapters to prune cache
entries without having to know about the actual cache instances.This is responsible for scheduling
LookupDataAdapter refreshes.This service listener should be attached to a
data adapter service.Context object for configurations which require access to services to perform validation.
The result of looking up a key in a lookup table (i.
A LookupTable references a
LookupCache and a LookupDataAdapter, which both have their own lifecycle.Abstracts the configuration retrieval for
LookupTableService.This service maintains the in-memory adapters, caches and lookup table instances.
A
GeoIpResolver to load IP ASN data from DatabaseVendorType.MAXMIND.A
GeoIpResolver to load IP location data from DatabaseVendorType.MAXMIND.A Log4J appender that keeps a configurable number of messages in memory.
MemoryLimitedCompressingFifoRingBuffer is a first-in first-out buffer that
is limited by the memory it can consume.
Deprecated.
Factory class for PagerDuty messages, heavily based on the works of the cited authors.
MessageSummary is being used as a return value for AlarmCallbacks.
Migration adjusting the position of dashboard widgets to the higher resolution of the
grid layout.
A
DeserializationProblemHandler implementation that handles missing type IDs.MongoDB connection singleton
A RuleService backed by a MongoDB collection.
MongoDB upsert requests can fail when they are creating a new entry concurrently.
This can be used to lookup types for message fields.
Use this annotation to have additional properties in your DTOs that are not to be saved.
This is a simple wrapper around MongoDB to allow storage of state data for stateful Inputs.
This abomination is necessary because when using MongoJack to read "_id" object ids back from the database
the property name isn't correctly mapped to the POJO using the LowerCaseWithUnderscoresStrategy.
Lock service implementation using MongoDB to maintain locks.
This class contains search helper for the events system.
Callback that receives message batches from
MoreSearch.scrollQuery(String, Set, Set, TimeRange, int, ScrollCallback).The unique description of a native entity by ID and type.
This UDP transport is largely identical to its superclass, but replaces the codec aggregator and its handler with custom
implementations that are able to pass the remote address.
For Netflow v9 packets we want to prepend the corresponding flow template.
Protobuf type
org.graylog.plugins.netflow.v9.RawNetflowV9Protobuf type
org.graylog.plugins.netflow.v9.RawNetflowV9This should be an interface.
Created by dennis on 11/12/14.
NoopJournal is used when disk journalling is turned off.
Checks the grace period of events at an early stage, to prevent creating unnecessary JobTriggers.
The cache that doesn't.
This codec always returns a null Message.
Compares Strings in format [index_prefix][separator][number], i.e.
Provider for a configured
OkHttpClient.The generic type is Realm, even though it really only contains AuthenticatingRealms.
Represents the current MessageProcessor ordering in the system.
The Pager Duty REST client implementation class compatible with events V2.
Main class that focuses on event notifications that should be sent to PagerDuty.
Configuration class for Pager Duty notifications.
Configuration entity for PagerDuty notification events.
This class is a helper to implement a basic Mongojack-based database service that allows CRUD operations on a
single DTO type and offers paginated access.
Shareable pagination parameters to be used with
PaginatedDbService.An object representation of a PAN message template.
Default PAN message templates.
Builds PAN message templates.
Utils for manually parsing Palo Alto logs from files.
Parameters describe variable inputs to queries.
Resolves a principal to specific permissions based on grants.
PivotSpecHandler<SPEC_TYPE extends PivotSpec,AGGREGATION_BUILDER,QUERY_RESULT,AGGREGATION_RESULT,SEARCHTYPE_HANDLER,QUERY_CONTEXT>
Implementations of this class contribute handlers for buckets and series to concrete implementations of
the pivot search type.A graylog plugin.
A configuration bean to be processed by
JadConfig.Provides up to date access to this plugins' cluster config without forcing consumers to listen to updates manually.
Used by
PluginConfigService to return the previously observed and current configuration
so that clients can act on changes if they need to.Adapter for
Plugin which implements PluginLoader.PluginAdapter.equals(Object) and PluginLoader.PluginAdapter.hashCode()
only taking PluginMetaData.getUniqueId() into account.Marker interface for JAX-RS resources in plugins.
Some plugins may have dynamic data that needs to be made available to the UI at server startup.
This Module can be implemented by Plugins that wish to perform
preflight checks before the server is started.
This is used to track processing status on a single Graylog node.
Production implementation of the
IndexHtmlGenerator interface that provides an "index.html" page
including the production web interface assets.Can be used to lookup protocol numbers.
This wrapper is intended to provide additional server error information
if something went wrong beyond the actual API HTTP call.
Deprecated.
Use
ProxiedResource.NodeResponse instead.Hostname and IP address matcher implementation similar to what the JDK is using in the proxy server selector
to support the
http.nonProxyHosts property.Reverse (PTR) DNS lookup response from
DnsClient.A search backend that is capable of generating and executing search jobs
A raw message is the unparsed data Graylog was handed by an input.
Deprecated.
Utility class to help creating an appropriate regex to be used in a whitelist entry.
The bean returned into the rule engine.
An HTTP Client interface for the Lookup Table API.
Deprecated.
Custom
CollectorRegistry that delegates all read operations to a registry reference.InetSocketAddress does not support finding out whether an IP address has been reverse looked up or not.Deprecated.
Use
RestrictToLeader insteadA part/chunk of search results for messages.
Consider using RuleAstBaseListener to only implement the callbacks relevant to you.
This class provides an empty implementation of
RuleLangListener,
which can be extended to create a listener which only needs to handle a subset
of the available methods.This interface defines a complete listener for a parse tree produced by
RuleLangParser.This interpreter listener maintains timer metrics for rules.
Service for pulling Geo Location Processor ASN and city database files from an S3 bucket and storing them on disk.
Deprecated.
Needed only by migrations.
Builds the current Set of capabilities this node provides.
Base content pack entity class, which any content pack entity that supports scopes should extend.
A base database service to handle persistence and deletion of
ScopedEntity instance.Entity base class, which can be used to enforce that each entity implementation
has the required id and _scope fields.
This class is a helper to implement a basic Mongojack-based database service that allows CRUD operations on a single DTO type.
Parses a simple query language for use in list filtering of data sitting in MongoDB.
A search type represents parts of a query that generates a .
Each search type should declare an implementation of its result conforming to this interface.
Provide a freemarker configuration with sane security defaults.
Helper class to simplify envelope creation.
Implementation of
BulkExecutor that executes bulk operation on entities sequentially, one at a time, using provided SingleEntityOperationExecutor.SeriesSpecHandler<SPEC_TYPE extends SeriesSpec,AGGREGATION_BUILDER,QUERY_RESULT,AGGREGATION_RESULT,SEARCHTYPE_HANDLER,QUERY_CONTEXT>
Implementations of this class contribute handlers for series to concrete implementations of
the pivot search type.Factory to create a JSON response for a given session.
This filter makes the request headers accessible within Shiro's
ThreadContext.This is a simple record holding the ID only.
Serializes JadConfig's Size utility object to bytes.
Retrieves titles from cache, using
Catalog.Leader election based on the static
Configuration.isLeader() setting in the configuration file.Statically ordered collection of Shiro AuthenticatingRealms.
Deprecated.
Representing a single stream from the streams collection.
Routes a
Message to its streams.Stream routing engine to select matching streams for a message.
Contains matching results for a stream.
Representing the rules of a single stream.
Returns streams that are used in documents where certain field is present/existing.
Ensures classes and methods that rely on specific back end search distributions are accessible only if a supported
distribution is running on the server.
Annotation to suppress Forbidden APIs errors inside a whole class, a method, or a field.
Implements a Netty
ByteToMessageDecoder for the Syslog octet counting framing.This is a wrapper around System.console, which is not available inside IDE.
Deprecated.
shutting down the node using an API request is discouraged in favor of using a service manager to
control the server process.
This socket factory wrapper sets the SO_KEEPALIVE flag for every created socket.
This
SSLSocketFactory wrapper sets the SO_KEEPALIVE flag for every created socket.The unique key for template flow ids, which is exporter source address and its observation domain id (source ID)
The unique key for template flow ids, which is exporter source address and its obversation id (source ID)
This class is being used in plugins for testing, DO NOT move it to the test/ directory without changing the plugins.
Deprecated.
Please use
ThrottleableTransport2 insteadNewer version of the
ThrottleableTransport which launches
with an InputFailureRecorderThe ThrottleStateUpdater publishes the current state buffer state of the journal to other interested parties,
chiefly the ThrottleableTransports.
An authentication strategy pretty much the same as the
FirstSuccessfulStrategy with the difference that it
will memoize a AuthenticationServiceUnavailableException thrown by any attempt.Helper to time arbitrary blocks of Java code, especially useful for coarse one-off performance testing.
Configuration bean for enabled TLS protocols.
Utility class for various tool/helper functions.
A
Response.StatusType for HTTP status 429 (Too many requests).Relies on the opentelemetry javaagent to provide an implementation of a tracer.
This TrustManager will blindly accept any certificate, useful only if you operate in a trusted environment where
the risk of MITM attacks is low, but you still want to prevent clear text connections to protect against
casual network sniffing.
Text (TXT) DNS lookup response from
DnsClient.This is being used as the fallback
RetentionStrategyConfig if the requested class is not
available (usually because it was contributed by a plugin which is not loaded).This class simply delegates the safe methods to the
URL.Indicates that there was an attempt to access a URL which is not whitelisted.
User management extension for the UserService.
Simply calls
UserSessionTerminationService.runGlobalSessionTermination() once on startup.This service checks on startup if all user sessions should be terminated.
Migration creating the default index set from the legacy settings.
Migration creating the default stream if it doesn't exist.
Migration for moving indexing settings into existing index sets.
Migration removing duplicate Grok patterns and adding a unique index to the "grok_patterns" collection in
MongoDB.
Migration adding mandatory (due to unique index) "id" and "rev" fields to legacy content packs.
Fixes errors in the default grok patterns that have been installed by the
V20180924111644_AddDefaultGrokPatterns migration.Creates an initial URL whitelist.
This migration is pluggable to allow us to modify the outcome from plugins (e.g.
The Original migration had a bug which caused the db_vendor_type field to always be updated--replacing any user supplied values.
Create initial index set default configuration based on
ElasticsearchConfiguration values.This is not really a migration but a deletion of existing contents by dropping the collections.
This is not really a migration but a deletion of existing elements in the grants collection.
Parameters describe variable inputs to queries.
Following the Semantic Versioning specification.
View Resolvers provide a way that plugins can provide custom sources for looking up views.
Provides support for decoding resolver view IDs (in the format resolver-name__viewId).
Interface to be used with input configuration request objects.