fixed broken stuff

instruqt/pipelines_parsing_gim/scripts/setup_scripts/setup-pipelines_parsing_gim-grok.sh

@@ -6,8 +6,12 @@ source /etc/profile
 
 #Remove CPs from previous lessons
 cpid=$(curl -k -XGET -u 'admin:yabba dabba doo' https://localhost/api/system/content_packs | jq '.content_packs[] | select (.name=="solve-pipelines_parsing_gim-create_pipeline_and_rule").id' -r)
-instid=$(curl -k -XGET -u 'admin:yabba dabba doo' https://localhost/api/system/content_packs/$cpid/installations | jq '.installations[]._id' -r)
-curl -k -XDELETE -u 'admin:yabba dabba doo' https://localhost/api/system/content_packs/$cpid/installations/$instid -H "X-Requested-By:Graylog Service Delivery"
+if [ -z $cpid ] 
+    then echo "null skipping" 
+else 
+    instid=$(curl -k -XGET -u 'admin:yabba dabba doo' https://localhost/api/system/content_packs/$cpid/installations | jq '.installations[]._id' -r)
+    curl -k -XDELETE -u 'admin:yabba dabba doo' https://localhost/api/system/content_packs/$cpid/installations/$instid -H "X-Requested-By:Graylog Service Delivery"
+fi
 
 #Get Training Pipeline ID
 pipeID=$(curl -k -XGET -u 'admin:yabba dabba doo' https://localhost/api/system/pipelines/pipeline | jq -r '.[] | select (.title=="Training").id')
@@ -18,6 +22,25 @@ pipeID=$(curl -k -XGET -u 'admin:yabba dabba doo' https://localhost/api/system/p
 #Delete the pipeline
 curl -k -XDELETE -u 'admin:yabba dabba doo' https://localhost/api/system/pipelines/pipeline/$pipeID -H "X-Requested-By:Graylog Service Delivery"
 
+#Delete conflicting rules
+ruleid=$(curl -u 'admin:yabba dabba doo' -k -XGET "https://localhost/api/system/pipelines/rule"  -H 'Content-Type: application/json' -H 'X-Requested-By: PS_Packer' | jq -r '.[] | select (.title=="Route - Desktop Firewall - MS Logs").id')
+curl -k -XDELETE -u 'admin:yabba dabba doo' https://localhost/api/system/pipelines/rule/$ruleid -H "X-Requested-By:Graylog Service Delivery"
+
+ruleid=$(curl -u 'admin:yabba dabba doo' -k -XGET "https://localhost/api/system/pipelines/rule"  -H 'Content-Type: application/json' -H 'X-Requested-By: PS_Packer' | jq -r '.[] | select (.title=="Route - My First Stream Logs").id')
+curl -k -XDELETE -u 'admin:yabba dabba doo' https://localhost/api/system/pipelines/rule/$ruleid -H "X-Requested-By:Graylog Service Delivery"
+
+ruleid=$(curl -u 'admin:yabba dabba doo' -k -XGET "https://localhost/api/system/pipelines/rule"  -H 'Content-Type: application/json' -H 'X-Requested-By: PS_Packer' | jq -r '.[] | select (.title=="Parse - UTM-KV").id')
+curl -k -XDELETE -u 'admin:yabba dabba doo' https://localhost/api/system/pipelines/rule/$ruleid -H "X-Requested-By:Graylog Service Delivery"
+
+ruleid=$(curl -u 'admin:yabba dabba doo' -k -XGET "https://localhost/api/system/pipelines/rule"  -H 'Content-Type: application/json' -H 'X-Requested-By: PS_Packer' | jq -r '.[] | select (.title=="Route - Training").id')
+curl -k -XDELETE -u 'admin:yabba dabba doo' https://localhost/api/system/pipelines/rule/$ruleid -H "X-Requested-By:Graylog Service Delivery"
+
+ruleid=$(curl -u 'admin:yabba dabba doo' -k -XGET "https://localhost/api/system/pipelines/rule"  -H 'Content-Type: application/json' -H 'X-Requested-By: PS_Packer' | jq -r '.[] | select (.title=="Parse - Apache").id')
+curl -k -XDELETE -u 'admin:yabba dabba doo' https://localhost/api/system/pipelines/rule/$ruleid -H "X-Requested-By:Graylog Service Delivery"
+
+ruleid=$(curl -u 'admin:yabba dabba doo' -k -XGET "https://localhost/api/system/pipelines/rule"  -H 'Content-Type: application/json' -H 'X-Requested-By: PS_Packer' | jq -r '.[] | select (.title=="Context - Always True").id')
+curl -k -XDELETE -u 'admin:yabba dabba doo' https://localhost/api/system/pipelines/rule/$ruleid -H "X-Requested-By:Graylog Service Delivery"
+
 #Get Content Pack
 wget https://github.com/Graylog2/graylog-training-data/raw/main/instruqt/pipelines_parsing_gim/scripts/solve_content_packs/solve-pipelines_parsing_gim-Okay_lets_actually_use_a_pipeline_to_add_data.json
 
@@ -37,12 +60,13 @@ curl -u'admin:yabba dabba doo' -k -XPOST "https://localhost/api/system/content_p
 #Add Desktop Firewall Events Stream
 ##Get Index ID
 indexID=$(curl -u 'admin:yabba dabba doo' -k -XGET "https://localhost/api/system/indices/index_sets?skip=0&limit=0&stats=false" | jq -r '.index_sets[] | select (.title=="General Desktop Events").id')
-##Add Stream
-curl -u 'admin:yabba dabba doo' -k -XPOST "https://localhost/api/streams"  -H 'Content-Type: application/json' -H 'X-Requested-By: PS_Packer' -d "{\"index_set_id\":\"$indexID\",\"description\":\"\",\"title\":\"Desktop Firewall Events\",\"remove_matches_from_default_stream\":false}"
+
+##Edit Existing DFW Stream
+streamid=$(curl -u 'admin:yabba dabba doo' -k -XGET "https://localhost/api/streams"  -H 'Content-Type: application/json' -H 'X-Requested-By: PS_Packer' | jq -r '.streams[] | select (.title=="Desktop Firewall Events").id')
+curl -u 'admin:yabba dabba doo' -k -XPUT "https://localhost/api/streams/$streamid"  -H 'Content-Type: application/json' -H 'X-Requested-By: PS_Packer' -d "{\"index_set_id\":\"$indexID\",\"description\":\"\",\"title\":\"Desktop Firewall Events\",\"remove_matches_from_default_stream\":false}"
 
 ##Start Stream
-id=$(curl -u 'admin:yabba dabba doo' -k -XGET  "https://localhost/api/streams" | jq -r '.streams | .[] | select(.title=="Desktop Firewall Events") | .id')
-curl -u 'admin:yabba dabba doo' -k -XPOST "https://localhost/api/streams/$id/resume" -H 'X-Requested-By: Skipper'
+curl -u 'admin:yabba dabba doo' -k -XPOST "https://localhost/api/streams/$streamid/resume" -H 'X-Requested-By: Skipper'
 
 #Create Routing Rule
 curl -u 'admin:yabba dabba doo' -k -XPOST "https://localhost/api/system/pipelines/rule"  -H 'Content-Type: application/json' -H 'X-Requested-By: PS_Packer' -d '{"description":"","source":"rule \"Route - Desktop Firewall - MS Logs\"\nwhen\n  from_input(\n    name : \"MS Logs\"\n  )\nthen\n  route_to_stream(\n    name : \"Desktop Firewall Events\",\n    remove_from_default : true\n  );\n  set_field(\n    field : \"route\",\n    value : \"Desktop Firewall - MS Logs\"\n  );\nend","simulator_message":"message: test\nsource: unknown\n"}'