search

Graylog2 / graylog2-server

Free and open log management
https://www.graylog.org
Other
7.33k stars 1.06k forks source link

Allow creating started stream through API #10873

Open asachs01 opened 3 years ago

asachs01 commented 3 years ago

Expected Behavior

When creating a stream, I should be able to create the stream and enable it upon creation.

Current Behavior

When creating a stream, I cannot use the attribute "disabled": false when creating the stream.

Steps to Reproduce (for bugs)

Consider the following JSON body:

{
      "matching_type": "AND",
      "description": "O365 Management API",
      "disabled": true,
      "title": "Illuminate:O365 Messages",
      "content_pack": null,
      "remove_matches_from_default_stream": true,
      "index_set_id": "9dd48538cfba81c01c216d4d",
      "is_default": false
}

This is pulled directly from the /streams endpoint, which yields:

{
      "id": "60ca9bf90d73097cdf0e000a",
      "creator_user_id": "admin",
      "outputs": [],
      "matching_type": "AND",
      "description": "O365 Management API",
      "created_at": "2021-06-17T00:48:57.124Z",
      "disabled": true,
      "rules": [],
      "alert_conditions": [],
      "alert_receivers": {
        "emails": [],
        "users": []
      },
      "title": "Illuminate:O365 Messages",
      "content_pack": null,
      "remove_matches_from_default_stream": true,
      "index_set_id": "9dd48538cfba81c01c216d4d",
      "is_default": false
    },

Now the schema for creating a stream consists of:

{
title (string, optional),
description (string, optional),
rules (array[object], optional),
content_pack (string, optional),
matching_type (string, optional) = ['AND' or 'OR'],
remove_matches_from_default_stream (boolean, optional),
index_set_id (string, optional)
}

Which omits a large number of the attributes that are returned via the API. Where this is problematic is when attempting to use any of these attributes not showing up as part of the schema, an error is returned:

{
    "type": "ApiError",
    "message": "Unable to map property disabled.\nKnown properties include: index_set_id, rules, title, description, content_pack, matching_type, remove_matches_from_default_stream"
}

I would expect that I would be able to use any of the attributes, in particular "disabled": false to set a stream to start on creation.

What's unclear to me is the purpose behind creating a disabled stream from the start. While I can see some of the reasoning for not starting it immediately (e.g., I create a stream that I might not be ready to route to), in the case of say, Illuminate content, which has no rules needed to route to the stream (it's all done via pipelines), it's not clear why I wouldn't want to immediately start the stream.

dennisoelkers commented 3 years ago

@asachs01: The idea behind creating a stream in a disabled state is pretty old. We wanted to prevent that a stream is already routing messages before all of its stream rules have been added.

asachs01 commented 3 years ago

@dennisoelkers that makes sense. I'd definitely like to see us implement disabled: false as an acceptable attribute when making the API call though.