search

Graylog2 / graylog2-server

Free and open log management
https://www.graylog.org
Other
7.41k stars 1.07k forks source link

Alert conditions do not appear properly after cloning a stream #3608

Closed ssriley closed 7 years ago

ssriley commented 7 years ago

When cloning a stream with alert conditions, the alert conditions show up only associated to the newly cloned stream in the web interface.

Expected Behavior

I would expect to be able to manage the alert conditions that are associated to with the original stream and the cloned stream.

What should happen is the newly cloned alert conditions have some text appended to the name so it is unique. That may fix the issue? What would be better is if the alert conditions aren't cloned at all with a stream but rather you could create an alert condition(s) under the alerts section, put them in groups, and apply those alert conditions/groups to streams. This would make the alert conditions more modular and reusable. Similar to how you have setup pipelines rules.

Current Behavior

You do not see the cloned alert conditions associated to both the original stream and the newly cloned stream in the web interface. So the problem is i can't manage the the alert conditions of the original stream in the web GUI because i can't see them. The alert conditions do continue to work with both streams. I think it is because the alert conditions have the exact same name. If I delete the cloned stream, i can then manage the original alert conditions that are tied to the original stream. It seems as though this is a bug.

Possible Solution

Steps to Reproduce (for bugs)

1.Create a stream with alert conditions 2.Clone the stream 3.Try to independently manage the alert conditions associated with the different streams. 4.

Context

We want to make stream template that has most alert conditions and rules already setup so we only have to change a few things when setting up a new stream. We don't want to have to setup everything from scratch each time.

Templating. Making creating streams and alert conditions quicker and easier.

Your Environment

jalogisch commented 7 years ago

thank you for submitting this bug.

I can confirm this, please see the images below. GL Graylog 2.2.2+691b4b7

one condition

only_one_condition

multiple notifications

alert_interface

addition

The conditions are stacked - when you delete the condition you can reload the page and see the alerting stream changed but the condition still present.

I guess some grouping is done and having the same name and conditions but for different streams does not work currently.