Streams configured with ContentPacks do not automatically stream messages

[cgoldstein13]

When I configure streams with a contentpack, the stream does not automatically stream messages. I find a 'Nothing found in stream' message in the specific stream I click into (see steps to reproduce)

Expected Behavior

I expect streams configured via contentpack to automatically stream messages that are received by graylog without manually opening manage rules and hitting save on any rule (see steps to reproduce).

Current Behavior

I upload streams via contentpacks. The stream appears in /streams, but when I click into a specific stream messages that match the rules do not appear. When I go back to /streams, open manage rules on a stream, and hit "save" the messages begin appearing in ALL streams configured via contentpack - not just the stream I hit "save" in the manage rules section(see steps to reproduce).

Steps to Reproduce (for bugs)

1. I add streams via contentpacks (import manually or automatically)

   {
   "name": "Service Crash Streams",
   "description": "Content Pack contains stream which matches the service name and has a level < 3",
   "category": "Streams",
   "inputs": [{
     "title":"GELF UDP INPUT",
     "configuration":{
       "override_source":null,
       "recv_buffer_size":262144,
       "bind_address":"0.0.0.0",
       "port":12201,
       "decompress_size_limit":8388608
     },
     "static_fields":{},
     "type":"org.graylog2.inputs.gelf.udp.GELFUDPInput",
     "global":true,
     "extractors":[]
   }],
   "streams": [
   {
     "id": "5914dab9f264de98311db39d",
     "title": "[Vital] Service A Crash",
     "description": "Service A Crash Messages ",
     "disabled": false,
     "matching_type": "AND",
     "stream_rules": [
       {
         "type": "EXACT",
         "field": "service",
         "value": "serviceA",
         "inverted": false,
         "description": ""
       },
       {
         "type": "SMALLER",
         "field": "level",
         "value": 3,
         "inverted": false,
         "description": ""
       }
     ],
     "outputs": []
   },
   {
    "id": "5925dcd9f264de98311dc40b",
     "title": "[Vital] Service B Crash",
     "description": "Service B Crash Messages",
     "disabled": false,
     "matching_type": "AND",
     "stream_rules": [
       {
         "type": "EXACT",
         "field": "service",
         "value": "serviceB",
         "inverted": false,
         "description": ""
       },
       {
         "type": "SMALLER",
         "field": "level",
         "value": 3,
         "inverted": false,
         "description": ""
       }
     ],
     "outputs": []
   }
   ],
   "outputs": [],
   "dashboards": [],
   "grok_patterns": []
   }

2. The streams appear in /streams
3. When I select a single stream - messages do not appear under a stream
4. I go back to /streams and click 'manage rules' on the stream
5. I hit save on a SINGLE rule preconfigured by the contentpacks
6. Messages begin to appear in ALL streams configured via the contentpack

Your Environment

• Graylog Version: 2.1
• Elasticsearch Version: 2
• MongoDB Version: 3.4.0

[joschi]

@cgoldstein13 Thanks for reporting this!

The issue will be fixed in Graylog 2.3.0. Until then, the workaround is to manually edit the stream on the Streams page and save them (without any changes).