Trying to Conduct Search from within Pipeline Processor Plugin Function

I’m trying to create a pipeline processor function that I can use to lookup a value from another stream and use that value to enrich the current message with a new field.

The project is located here and will compile and load in 2.1.3 as of this writing.

I am stuck at the point where I conduct the search which would provide the SearchResult. It appears I am not properly instantiating org.graylog2.indexer.searches.Searches to use the search method and I am not quite sure how to do so.

For something like Configuration and Client, how do I specify or obtain the current configuration and client that is being utilized. Also, for IndexRangeService I am wanting to start off with a relative value, how do I do the conversion to get the right range.

public Searches(Configuration configuration,
                    Deflector deflector,
                    IndexRangeService indexRangeService,
                    Client client,
                    MetricRegistry metricRegistry)

Maybe I’m overlooking something or over-complicating things.

Any help you can provide is appreciated. Thanks in advance.

Hi Bill,

Graylog is using Guice internally for dependency injection. This means that you can simply “request” a configured Searches instance in your constructor using the @Inject annotation.

See SourcesResource for an example inside Graylog:

Thanks for the response @jochen!

I’ll check out the references you provided.

@jochen, Can you tell me what the easiest way is to iterate through SearchResult to get to the message output?

I can see that response.getResults().size() returns 1 and , but I cannot get to the messages. I’ve tried something like this, which does not appear to be working for me.

LOG.info("SearchResult size: {}", response.getResults().size());
for (ResultMessage resultMessage : response.getResults()) {
    Message msg = resultMessage.getMessage();
    LOG.info("The Message: {}", msg.toString());
    LOG.info("Index is {}", resultMessage.getIndex());
}

Your assistance is greatly appreciated.

What exactly do you mean by that? What did you expect the Message object to include and what did it actually include?

What I mean is that the size() method indicates there is a message present and yet my LOG.info commands inside the for loop are not getting output into the log.

I have validated that there should be data available.

I am uncertain how to access the data in Message msg. It seems like something is wrong with my loop.

OK @jochen, If I access it using getField with the string of the field I am interested in, I can obtain the value I am after. I guess I was trying to access the field too direct.

This works

List<ResultMessage> resultMessages = response.getResults();    
Message msg = resultMessages.get(0).getMessage();
String returnField = msg.getField(rtnField).toString();

Thanks again for your assistance.