search

Graylog2 / graylog2-server

Free and open log management
https://www.graylog.org
Other
7.37k stars 1.06k forks source link

Watchlist search filters with query parameter definitions cannot be included in content packs #11409

Open miwent opened 3 years ago

miwent commented 3 years ago

Expected Behavior

When including event definitions with search filters using lookup-based parameters ($variable$) the content pack system should include the lookup information about the lookup. The reference(s) to the lookup should not use the lookup ID values but the name of the lookup tables to avoid forcing the inclusion of the lookup configuration in the same content pack as the event definition.

Current Behavior

Lookup table information is not included in the content pack. Installing a content pack with defined parameters results in the following: image

Possible Solution

Steps to Reproduce (for bugs)

  1. Create a test event definition that uses lookup-based query parameters
  2. Export the newly created content pack
  3. Import the content pack on a different system or remove the event definition and install the content pack
  4. Edit the test event definition and review the filter parameters - the query parameter definition does not exist

Context

Cannot include event definitions with query parameters in content packs.

Your Environment

bernd commented 3 years ago

@miwent Is this a blocker for 4.2?

miwent commented 3 years ago

@miwent Is this a blocker for 4.2?

No, but it has to be in 4.2.1

miwent commented 2 years ago

I missed that there is already an open issue for this: #7003

bernd commented 2 years ago

@Graylog2/search Can you please talk with @miwent about this issue and if there is a way to solve it? Thank you!