Closed arugifa closed 4 years ago
@arugifa All entities in the installations returned by the /api/system/content_packs/<contne-pack-id>/installations
API call have been created. That the found_on_system
field is false
doesn't mean that the entity hasn't been created, it means that the entity didn't exist when the content pack was installed.
If you install a content pack and a grok pattern already existed before the installation, found_on_system
will be true
. This is used to make sure we don't remove entities on content pack installation that existed before the content pack installation.
Does that help?
Thanks for the explanation @bernd
However, I noticed that when installing entities with a Content Pack, I can then delete them manually. I would have thought that Graylog would forbid such action, and that entities created with a Content Pack could only be removed afterwards by uninstalling the Content Pack.
I'm trying to provision Graylog with Content Packs, and this behavior makes things harder to reason about. But maybe Content Packs are not appropriate for this task 🤔
@arugifa Yes, the system is currently not preventing entities installed by content packs to be removed. Implementing this will require massive changes to all subsystems, unfortunately. We have been thinking about an updated config system that would help you with your use case. But we don't know if or when we will implement this. Sorry.
I am closing this issue now. Feel free to re-open if you have more questions. Thank you!
Problem Description
I'm currently trying to install a custom content pack on Graylog 3.1.3:
Entities packaged in the content pack are correctly created, and I can see them on the dashboard. However, when retrieving installation details of the content pack via the web API, Graylog cannot find these entities on the system (
found_on_system
key):The same way, when retrieving details of created entities, these ones are not linked with the content pack they belong to (
content_pack
's value set tonull
):Expected Behavior
I expect Graylog to correctly make the association between content packs and the entities created during their installation.
Context
I'm trying to import content packs during deployment of Graylog on Kubernetes with a Helm chart.
My Environment