Content Pack installation does not detect existing Event Definition entities

[williamtrelawny]

Given a content pack containing:

• a Correlation Event Definition ("ED-2") that relies on an underlying Event Definition ("ED-1")
• the Event Definition ("ED-1") required by ED-2, and
• the custom Stream tied to all Event Definitions

If the Stream and ED-1 already exist on the system and you install this new content pack, it will create a duplicate ED-1 but not a duplicate Stream.

This indicates there is some intelligent matching of Stream entities in Content Packs to pre-existing ones on the target system, but there is no such matching for Event Definitions.

Expected Behavior

If an Event Definition that a content pack provides already exists (by name not ID) on the target system, then content pack installation should skip the installation of its copy of the Event Definition.

Current Behavior

Content Pack installation creates a copy of the Event Definition (with a different object ID of course).

Possible Solution

Whatever intelligent matching is done for Streams in this fashion should be done as well for Event Definitions too.

Steps to Reproduce (for bugs)

1. Install this Content Pack first
2. Then install this one

Context

Affects my ability to install Correlation Event Definitions based on content previously built upon.

Your Environment

• Graylog Version: 5.2.6
• Java Version: bundled w/ Graylog

[waab76]

Event Definitions have the same issue that Streams had where we only identify them by ID and do not enforce uniqueness on the names. This is a messy issue and we will need to consult with Architecture on how to approach this.