Add support for Graylog 4.1+

pom.xml

@@ -9,7 +9,7 @@
 
     <groupId>org.graylog.plugins</groupId>
     <artifactId>graylog-plugin-slookup-function</artifactId>
-    <version>2.0.0</version>
+    <version>4.1.0</version>
     <packaging>jar</packaging>
 
     <name>${project.artifactId}</name>
@@ -34,7 +34,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <maven.compiler.source>1.8</maven.compiler.source>
         <maven.compiler.target>1.8</maven.compiler.target>
-        <graylog.version>2.3.2</graylog.version>
+        <graylog.version>4.1.0</graylog.version>
         <graylog.plugin-dir>/usr/share/graylog-server/plugin</graylog.plugin-dir>
     </properties>
 
@@ -46,10 +46,14 @@
             <scope>provided</scope>
         </dependency>
         <dependency>
-            <groupId>org.graylog.plugins</groupId>
-            <artifactId>graylog-plugin-pipeline-processor</artifactId>
-            <version>1.1.1</version>
-            <scope>provided</scope>
+            <groupId>org.elasticsearch.client</groupId>
+            <artifactId>elasticsearch-rest-high-level-client</artifactId>
+            <version>7.7.0</version>
+        </dependency>
+        <dependency>
+            <groupId>org.elasticsearch</groupId>
+            <artifactId>elasticsearch</artifactId>
+            <version>7.7.0</version>
         </dependency>
     </dependencies>
 

src/main/java/org/graylog/plugins/slookup/StreamLookupFunction.java

@@ -1,6 +1,8 @@
 package org.graylog.plugins.slookup;
 
 import org.elasticsearch.action.search.SearchPhaseExecutionException;
+import org.elasticsearch.search.sort.SortOrder;
+
 import org.graylog2.indexer.results.ResultMessage;
 import org.graylog2.indexer.results.SearchResult;
 import org.graylog2.indexer.searches.SearchesConfig;
@@ -12,6 +14,7 @@
 import org.graylog.plugins.pipelineprocessor.EvaluationContext;
 import org.graylog.plugins.pipelineprocessor.ast.expressions.Expression;
 import org.graylog.plugins.pipelineprocessor.ast.functions.*;
+
 import static com.google.common.collect.ImmutableList.of;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -88,7 +91,13 @@ public List<String> evaluate(FunctionArgs functionArgs, EvaluationContext evalua
             blankList.add("No match found");
         }
 
-        this.timeRange = RelativeRange.builder().type("relative").range(timeRange).build();
+        //this.timeRange = RelativeRange.builder().type("relative").range(timeRange).build();
+	//this was changed in Graylog 4.1 to include an optional from/to instead of just range
+        try {
+            this.timeRange = RelativeRange.create(timeRange.intValue());
+        } catch (Exception e) {
+            LOG.info(e.getMessage());
+        }	 
 
         String srcFieldValue = evaluationContext.currentMessage().getField(srcField).toString();
         String escapeChars ="[\\\\+\\-\\!\\(\\)\\:\\^\\]\\{\\}\\~\\*\\?]";
@@ -103,12 +112,12 @@ public List<String> evaluate(FunctionArgs functionArgs, EvaluationContext evalua
 
         if (sortField.equals("asc")) {
             this.sortType = new Sorting("timestamp", Sorting.Direction.ASC);
-            LOG.debug("This sortType  - field: {}, order: {}", this.sortType.getField().toString(), this.sortType.asElastic().toString());
+            LOG.debug("This sortType  - field: {}, order: {}", this.sortType.getField().toString(), this.sortType.toString());
         }
         else
         {
             this.sortType = new Sorting("timestamp", Sorting.Direction.DESC);
-            LOG.debug("This sortType  - field: {}, order: {}", this.sortType.getField().toString(), this.sortType.asElastic().toString());
+            LOG.debug("This sortType  - field: {}, order: {}", this.sortType.getField().toString(), this.sortType.toString());
         }
 
         final SearchesConfig searchesConfig = SearchesConfig.builder()
@@ -123,7 +132,7 @@ public List<String> evaluate(FunctionArgs functionArgs, EvaluationContext evalua
 
         try {
             SearchResult response = this.searches.search(searchesConfig);
-            LOG.debug("Search config - field: {}, order: {}", searchesConfig.sorting().getField().toString(), searchesConfig.sorting().asElastic().toString());
+            LOG.debug("Search config - field: {}, order: {}", searchesConfig.sorting().getField().toString(), searchesConfig.sorting().toString());
             if (response.getResults().size() == 0) {
                 LOG.debug("No Search Results observed.");
                 return blankList;