github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 17:59:23 -04:00
Code Issues Projects Releases Packages Wiki Activity

[Security Solution] Remove docValueFields usage from security_soultion and timelines plugins (#137802)

Browse source 
* [Security Solution] Remove docValueFields usage from security_soultion and timelines plugins

* [CI] Auto-commit changed files from 'node scripts/precommit_hook.js --ref HEAD~1..HEAD --fix'

* Fixed tests

* Fixed type checkes

* Removed unused type

* [CI] Auto-commit changed files from 'node scripts/eslint --no-cache --fix'

* Fixed tests

* Fixed FTR

* Fixed unit test

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
This commit is contained in:
Yuliia Naumenko 2022-08-23 02:18:50 -07:00 committed by GitHub
parent 1a70f6fd37
commit 1ae09bc91c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
62 changed files with 46 additions and 621 deletions
Download patch file Download diff file Expand all files Collapse all files

1
x-pack/plugins/security_solution/common/search_strategy/common/index.ts
View file

@ -10,7 +10,6 @@ export type {
SortField,
TimerangeInput,
PaginationInputPaginated,
DocValueFields,
CursorType,
TotalValue,
} from '@kbn/timelines-plugin/common';

6
x-pack/plugins/security_solution/common/search_strategy/index_fields/index.ts
View file

@ -14,8 +14,4 @@ export type {
BrowserField,
BrowserFields,
} from '@kbn/timelines-plugin/common';
export {
EMPTY_BROWSER_FIELDS,
EMPTY_DOCVALUE_FIELD,
EMPTY_INDEX_FIELDS,
} from '@kbn/timelines-plugin/common';
export { EMPTY_BROWSER_FIELDS, EMPTY_INDEX_FIELDS } from '@kbn/timelines-plugin/common';

2
x-pack/plugins/security_solution/common/search_strategy/security_solution/index.ts
View file

@ -4,7 +4,6 @@
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import type * as estypes from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
import type { IEsSearchRequest } from '@kbn/data-plugin/common';
import type { ESQuery } from '../../typed_json';
import type {
@ -120,7 +119,6 @@ export interface RequestBasicOptions extends IEsSearchRequest {
timerange: TimerangeInput;
filterQuery: ESQuery | string | undefined;
defaultIndex: string[];
docValueFields?: estypes.QueryDslFieldAndFormat[];
factoryQueryType?: FactoryQueryTypes;
}

2
x-pack/plugins/security_solution/public/common/components/matrix_histogram/index.tsx
View file

@ -72,7 +72,6 @@ const HistogramPanel = styled(Panel)<{ height?: number }>`
export const MatrixHistogramComponent: React.FC<MatrixHistogramComponentProps> = ({
chartHeight,
defaultStackByOption,
docValueFields,
endDate,
errorMessage,
filterQuery,
@ -176,7 +175,6 @@ export const MatrixHistogramComponent: React.FC<MatrixHistogramComponentProps> =
stackByField: selectedStackByOption.value,
runtimeMappings,
isPtrIncluded,
docValueFields,
skip: querySkip,
};
const [loading, { data, inspect, totalCount, refetch }] =

2
x-pack/plugins/security_solution/public/common/components/matrix_histogram/types.ts
View file

@ -15,7 +15,6 @@ import type { InputsModelId } from '../../store/inputs/constants';
import type { MatrixHistogramType } from '../../../../common/search_strategy/security_solution';
import type { UpdateDateRange } from '../charts/common';
import type { GlobalTimeArgs } from '../../containers/use_global_time';
import type { DocValueFields } from '../../../../common/search_strategy';
import type { FieldValueThreshold } from '../../../detections/components/rules/threshold_input';
import type { GetLensAttributes, LensAttributes } from '../visualization_actions/types';
@ -66,7 +65,6 @@ interface MatrixHistogramBasicProps {
}
export interface MatrixHistogramQueryProps {
docValueFields?: DocValueFields[];
endDate: string;
errorMessage: string;
indexNames: string[];

6
x-pack/plugins/security_solution/public/common/containers/matrix_histogram/index.ts
View file

@ -6,7 +6,7 @@
*/
import deepEqual from 'fast-deep-equal';
import { getOr, isEmpty, noop } from 'lodash/fp';
import { getOr, noop } from 'lodash/fp';
import { useCallback, useEffect, useMemo, useRef, useState } from 'react';
import { Subscription } from 'rxjs';
@ -48,7 +48,6 @@ export interface UseMatrixHistogramArgs {
}
export const useMatrixHistogram = ({
docValueFields,
endDate,
errorMessage,
filterQuery,
@ -88,7 +87,6 @@ export const useMatrixHistogram = ({
runtimeMappings,
threshold,
...(isPtrIncluded != null ? { isPtrIncluded } : {}),
...(!isEmpty(docValueFields) ? { docValueFields } : {}),
...(includeMissingData != null ? { includeMissingData } : {}),
});
const { addError, addWarning } = useAppToasts();
@ -171,7 +169,6 @@ export const useMatrixHistogram = ({
stackByField,
threshold,
...(isPtrIncluded != null ? { isPtrIncluded } : {}),
...(!isEmpty(docValueFields) ? { docValueFields } : {}),
};
if (!deepEqual(prevRequest, myRequest)) {
return myRequest;
@ -187,7 +184,6 @@ export const useMatrixHistogram = ({
histogramType,
threshold,
isPtrIncluded,
docValueFields,
]);
useEffect(() => {

19
x-pack/plugins/security_solution/public/common/containers/source/index.test.tsx
View file

@ -102,7 +102,6 @@ describe('source/index.tsx', () => {
expect(payload.id).toEqual('neato');
expect(Object.keys(payload.browserFields)).toHaveLength(12);
expect(Object.keys(payload.indexFields)).toHaveLength(mocksSource.indexFields.length);
expect(payload.docValueFields).toEqual([{ field: '@timestamp' }]);
});
it('should reuse the result for dataView info when cleanCache not passed', async () => {
@ -120,23 +119,18 @@ describe('source/index.tsx', () => {
await indexFieldsSearch!({ dataViewId: 'neato' });
const {
payload: { browserFields, indexFields, docValueFields },
payload: { browserFields, indexFields },
} = mockDispatch.mock.calls[1][0];
mockDispatch.mockClear();
await indexFieldsSearch!({ dataViewId: 'neato' });
const {
payload: {
browserFields: newBrowserFields,
indexFields: newIndexFields,
docValueFields: newDocValueFields,
},
payload: { browserFields: newBrowserFields, indexFields: newIndexFields },
} = mockDispatch.mock.calls[1][0];
expect(browserFields).toBe(newBrowserFields);
expect(indexFields).toBe(newIndexFields);
expect(docValueFields).toBe(newDocValueFields);
});
it('should not reuse the result for dataView info when cleanCache passed', async () => {
@ -154,23 +148,18 @@ describe('source/index.tsx', () => {
await indexFieldsSearch!({ dataViewId: 'neato' });
const {
payload: { browserFields, indexFields, docValueFields },
payload: { browserFields, indexFields },
} = mockDispatch.mock.calls[1][0];
mockDispatch.mockClear();
await indexFieldsSearch!({ dataViewId: 'neato', cleanCache: true });
const {
payload: {
browserFields: newBrowserFields,
indexFields: newIndexFields,
docValueFields: newDocValueFields,
},
payload: { browserFields: newBrowserFields, indexFields: newIndexFields },
} = mockDispatch.mock.calls[1][0];
expect(browserFields).not.toBe(newBrowserFields);
expect(indexFields).not.toBe(newIndexFields);
expect(docValueFields).not.toBe(newDocValueFields);
});
});
});

10
x-pack/plugins/security_solution/public/common/containers/source/index.tsx
View file

@ -15,7 +15,6 @@ import { Subscription } from 'rxjs';
import type {
BrowserField,
BrowserFields,
DocValueFields,
IndexField,
IndexFieldsStrategyRequest,
IndexFieldsStrategyResponse,
@ -26,7 +25,7 @@ import * as i18n from './translations';
import { useAppToasts } from '../../hooks/use_app_toasts';
import { getDataViewStateFromIndexFields } from './use_data_view';
export type { BrowserField, BrowserFields, DocValueFields };
export type { BrowserField, BrowserFields };
export function getAllBrowserFields(browserFields: BrowserFields): Array<Partial<BrowserField>> {
const result: Array<Partial<BrowserField>> = [];
@ -86,11 +85,8 @@ export const getBrowserFields = memoizeOne(
const DEFAULT_BROWSER_FIELDS = {};
const DEFAULT_INDEX_PATTERNS = { fields: [], title: '' };
const DEFAULT_DOC_VALUE_FIELDS: DocValueFields[] = [];
interface FetchIndexReturn {
browserFields: BrowserFields;
docValueFields: DocValueFields[];
indexes: string[];
indexExists: boolean;
indexPatterns: DataViewBase;
@ -112,7 +108,6 @@ export const useFetchIndex = (
const [state, setState] = useState<FetchIndexReturn>({
browserFields: DEFAULT_BROWSER_FIELDS,
docValueFields: DEFAULT_DOC_VALUE_FIELDS,
indexes: indexNames,
indexExists: true,
indexPatterns: DEFAULT_INDEX_PATTERNS,
@ -140,14 +135,13 @@ export const useFetchIndex = (
const stringifyIndices = response.indicesExist.sort().join();
previousIndexesName.current = response.indicesExist;
const { browserFields, docValueFields } = getDataViewStateFromIndexFields(
const { browserFields } = getDataViewStateFromIndexFields(
stringifyIndices,
response.indexFields
);
setLoading(false);
setState({
browserFields,
docValueFields,
indexes: response.indicesExist,
indexExists: response.indicesExist.length > 0,
indexPatterns: getIndexFields(stringifyIndices, response.indexFields),

12
x-pack/plugins/security_solution/public/common/containers/source/mock.ts
View file

@ -7,7 +7,6 @@
import type { MappingRuntimeFields } from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
import { DEFAULT_INDEX_PATTERN } from '../../../../common/constants';
import type { DocValueFields } from '../../../../common/search_strategy';
import type { BrowserFields } from '../../../../common/search_strategy/index_fields';
export const mocksSource = {
@ -957,17 +956,6 @@ export const mockBrowserFields: BrowserFields = {
},
};
export const mockDocValueFields: DocValueFields[] = [
{
field: '@timestamp',
format: 'date_time',
},
{
field: 'event.end',
format: 'date_time',
},
];
export const mockRuntimeMappings: MappingRuntimeFields = {
'@a.runtime.field': {
script: {

9
x-pack/plugins/security_solution/public/common/containers/source/use_data_view.tsx
View file

@ -12,7 +12,6 @@ import memoizeOne from 'memoize-one';
import { omit, pick } from 'lodash/fp';
import type {
BrowserField,
DocValueFields,
IndexField,
IndexFieldsStrategyRequest,
IndexFieldsStrategyResponse,
@ -40,7 +39,6 @@ type DangerCastForBrowserFieldsMutation = Record<
>;
interface DataViewInfo {
browserFields: DangerCastForBrowserFieldsMutation;
docValueFields: DocValueFields[];
indexFields: FieldSpec[];
}
@ -69,17 +67,10 @@ export const getDataViewStateFromIndexFields = memoizeOne(
pick(['name', 'searchable', 'type', 'aggregatable', 'esTypes', 'subType'], field)
);
// mutate docValueFields
if (field.readFromDocValues && acc.docValueFields.length < 100) {
acc.docValueFields.push({
field: field.name,
});
}
return acc;
},
{
browserFields: {},
docValueFields: [],
indexFields: [],
}
);

1
x-pack/plugins/security_solution/public/common/containers/sourcerer/index.tsx
View file

@ -408,7 +408,6 @@ export const useSourcererDataView = (
() => ({
browserFields: sourcererDataView.browserFields,
dataViewId: sourcererDataView.id,
docValueFields: sourcererDataView.docValueFields,
indexPattern: {
fields: sourcererDataView.indexFields,
title: selectedPatterns.join(','),

1
x-pack/plugins/security_solution/public/common/containers/sourcerer/readme.md
View file

@ -16,7 +16,6 @@
interface SelectedDataView {
browserFields: SourcererDataView['browserFields'];
dataViewId: string | null; // null if legacy pre-8.0 timeline
docValueFields: SourcererDataView['docValueFields'];
/**
* DataViewBase with enhanced index fields used in timelines
*/

8
x-pack/plugins/security_solution/public/common/mock/global_state.ts
View file

@ -34,12 +34,7 @@ import type { ManagementState } from '../../management/types';
import { initialSourcererState, SourcererScopeName } from '../store/sourcerer/model';
import { allowedExperimentalValues } from '../../../common/experimental_features';
import { getScopePatternListSelection } from '../store/sourcerer/helpers';
import {
mockBrowserFields,
mockDocValueFields,
mockIndexFields,
mockRuntimeMappings,
} from '../containers/source/mock';
import { mockBrowserFields, mockIndexFields, mockRuntimeMappings } from '../containers/source/mock';
import { usersModel } from '../../users/store';
import { UsersFields } from '../../../common/search_strategy/security_solution/users/common';
@ -49,7 +44,6 @@ export const mockSourcererState = {
defaultDataView: {
...initialSourcererState.defaultDataView,
browserFields: mockBrowserFields,
docValueFields: mockDocValueFields,
id: DEFAULT_DATA_VIEW_ID,
indexFields: mockIndexFields,
loading: false,

1
x-pack/plugins/security_solution/public/common/store/sourcerer/actions.ts
View file

@ -19,7 +19,6 @@ const actionCreator = actionCreatorFactory('x-pack/security_solution/local/sourc
export const setDataView = actionCreator<{
browserFields: SourcererDataView['browserFields'];
docValueFields: SourcererDataView['docValueFields'];
id: SourcererDataView['id'];
indexFields: SourcererDataView['indexFields'];
loading: SourcererDataView['loading'];

12
x-pack/plugins/security_solution/public/common/store/sourcerer/model.ts
View file

@ -6,12 +6,8 @@
*/
import type { MappingRuntimeFields } from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
import type { BrowserFields, DocValueFields } from '@kbn/timelines-plugin/common';
import {
EMPTY_BROWSER_FIELDS,
EMPTY_DOCVALUE_FIELD,
EMPTY_INDEX_FIELDS,
} from '@kbn/timelines-plugin/common';
import type { BrowserFields } from '@kbn/timelines-plugin/common';
import { EMPTY_BROWSER_FIELDS, EMPTY_INDEX_FIELDS } from '@kbn/timelines-plugin/common';
import type { SecuritySolutionDataViewBase } from '../../types';
/** Uniquely identifies a Sourcerer Scope */
export enum SourcererScopeName {
@ -64,8 +60,6 @@ export interface SourcererDataView extends KibanaDataView {
* category, description, format
* indices the field is included in etc*/
browserFields: BrowserFields;
/** query DSL field and format */
docValueFields: DocValueFields[];
/** comes from dataView.fields.toSpec() */
indexFields: SecuritySolutionDataViewBase['fields'];
/** set when data view fields are fetched */
@ -84,7 +78,6 @@ export interface SourcererDataView extends KibanaDataView {
export interface SelectedDataView {
browserFields: SourcererDataView['browserFields'];
dataViewId: string | null; // null if legacy pre-8.0 timeline
docValueFields: SourcererDataView['docValueFields'];
/**
* DataViewBase with enhanced index fields used in timelines
*/
@ -131,7 +124,6 @@ export const initSourcererScope: Omit<SourcererScope, 'id'> = {
};
export const initDataView = {
browserFields: EMPTY_BROWSER_FIELDS,
docValueFields: EMPTY_DOCVALUE_FIELD,
id: '',
indexFields: EMPTY_INDEX_FIELDS,
loading: false,

1
x-pack/plugins/security_solution/public/common/store/sourcerer/readme.md
View file

@ -69,7 +69,6 @@ interface SourcererDataView extends KibanaDataView {
* indices the field is included in etc*/
browserFields: BrowserFields;
/** query DSL field and format */
docValueFields: DocValueFields[];
/** comes from dataView.fields.toSpec() */
indexFields: SecuritySolutionDataViewBase['fields'];
/** set when data view fields are fetched */

1
x-pack/plugins/security_solution/public/common/utils/alerts.ts
View file

@ -9,7 +9,6 @@ import { merge } from '@kbn/std';
import { isPlainObject } from 'lodash';
import type { Ecs } from '@kbn/cases-plugin/common';
// TODO we need to allow -> docValueFields: [{ field: "@timestamp" }],
export const buildAlertsQuery = (alertIds: string[]) => {
if (alertIds.length === 0) {
return {};

1
x-pack/plugins/security_solution/public/detections/components/rules/step_define_rule/index.tsx
View file

@ -615,7 +615,6 @@ const StepDefineRuleComponent: FC<StepDefineRuleProps> = ({
component={QueryBarDefineRule}
componentProps={{
browserFields,
// docValueFields,
// runtimeMappings,
idAria: 'detectionEngineStepDefineRuleQueryBar',
indexPattern,

16
x-pack/plugins/security_solution/public/hosts/containers/hosts/index.tsx
View file

@ -17,7 +17,6 @@ import { generateTablePaginationOptions } from '../../../common/components/pagin
import type {
HostsEdges,
PageInfoPaginated,
DocValueFields,
HostsRequestOptions,
} from '../../../../common/search_strategy';
import { HostsQueries } from '../../../../common/search_strategy';
@ -44,7 +43,6 @@ export interface HostsArgs {
}
interface UseAllHost {
docValueFields?: DocValueFields[];
endDate: string;
filterQuery?: ESTermQuery | string;
indexNames: string[];
@ -54,7 +52,6 @@ interface UseAllHost {
}
export const useAllHost = ({
docValueFields,
endDate,
filterQuery,
indexNames,
@ -136,7 +133,6 @@ export const useAllHost = ({
const myRequest = {
...(prevRequest ?? {}),
defaultIndex: indexNames,
docValueFields: docValueFields ?? [],
factoryQueryType: HostsQueries.hosts,
filterQuery: createFilter(filterQuery),
pagination: generateTablePaginationOptions(activePage, limit),
@ -155,17 +151,7 @@ export const useAllHost = ({
}
return prevRequest;
});
}, [
activePage,
direction,
docValueFields,
endDate,
filterQuery,
indexNames,
limit,
startDate,
sortField,
]);
}, [activePage, direction, endDate, filterQuery, indexNames, limit, startDate, sortField]);
useEffect(() => {
if (!skip && hostsRequest) {

1
x-pack/plugins/security_solution/public/network/containers/network_dns/index.test.tsx
View file

@ -17,7 +17,6 @@ const mockUseSearchStrategy = useSearchStrategy as jest.Mock;
const mockSearch = jest.fn();
const props = {
docValueFields: [],
endDate: '2020-07-08T08:20:18.966Z',
id: ID,
indexNames: ['auditbeat-*'],

16
x-pack/plugins/security_solution/public/network/containers/network_dns/index.tsx
View file

@ -15,7 +15,6 @@ import { createFilter } from '../../../common/containers/helpers';
import { generateTablePaginationOptions } from '../../../common/components/paginated_table/helpers';
import { networkSelectors } from '../../store';
import type {
DocValueFields,
NetworkDnsRequestOptions,
NetworkDnsEdges,
PageInfoPaginated,
@ -41,7 +40,6 @@ export interface NetworkDnsResponse {
interface UseNetworkDns {
id: string;
docValueFields: DocValueFields[];
indexNames: string[];
filterQuery?: ESTermQuery | string;
endDate: string;
@ -50,7 +48,6 @@ interface UseNetworkDns {
}
export const useNetworkDns = ({
docValueFields,
endDate,
filterQuery,
id,
@ -119,7 +116,6 @@ export const useNetworkDns = ({
const myRequest = {
...(prevRequest ?? {}),
defaultIndex: indexNames,
docValueFields: docValueFields ?? [],
isPtrIncluded,
factoryQueryType: NetworkQueries.dns,
filterQuery: createFilter(filterQuery),
@ -136,17 +132,7 @@ export const useNetworkDns = ({
}
return prevRequest;
});
}, [
activePage,
indexNames,
endDate,
filterQuery,
limit,
startDate,
sort,
isPtrIncluded,
docValueFields,
]);
}, [activePage, indexNames, endDate, filterQuery, limit, startDate, sort, isPtrIncluded]);
useEffect(() => {
if (!skip && networkDnsRequest) {

3
x-pack/plugins/security_solution/public/network/pages/navigation/dns_query_tab_body.tsx
View file

@ -51,7 +51,6 @@ export const histogramConfigs: Omit<MatrixHistogramConfigs, 'title'> = {
const DnsQueryTabBodyComponent: React.FC<NetworkComponentQueryProps> = ({
deleteQuery,
docValueFields,
endDate,
filterQuery,
indexNames,
@ -82,7 +81,6 @@ const DnsQueryTabBodyComponent: React.FC<NetworkComponentQueryProps> = ({
loading,
{ totalCount, networkDns, pageInfo, loadPage, id, inspect, isInspected, refetch },
] = useNetworkDns({
docValueFields: docValueFields ?? [],
endDate,
filterQuery,
id: queryId,
@ -109,7 +107,6 @@ const DnsQueryTabBodyComponent: React.FC<NetworkComponentQueryProps> = ({
<MatrixHistogram
id={HISTOGRAM_ID}
isPtrIncluded={isPtrIncluded}
docValueFields={docValueFields}
endDate={endDate}
filterQuery={filterQuery}
indexNames={indexNames}

14
x-pack/plugins/security_solution/public/network/pages/navigation/network_routes.tsx
View file

@ -30,17 +30,7 @@ import { NetworkRouteType } from './types';
import { NETWORK_PATH } from '../../../../common/constants';
export const NetworkRoutes = React.memo<NetworkRoutesProps>(
({
docValueFields,
type,
to,
filterQuery,
isInitializing,
from,
indexPattern,
indexNames,
setQuery,
}) => {
({ type, to, filterQuery, isInitializing, from, indexPattern, indexNames, setQuery }) => {
const networkAnomaliesFilterQuery = {
bool: {
should: [
@ -83,7 +73,7 @@ export const NetworkRoutes = React.memo<NetworkRoutesProps>(
return (
<Switch>
<Route path={`${NETWORK_PATH}/:tabName(${NetworkRouteType.dns})`}>
<DnsQueryTabBody {...tabProps} docValueFields={docValueFields} />
<DnsQueryTabBody {...tabProps} />
</Route>
<Route path={`${NETWORK_PATH}/:tabName(${NetworkRouteType.flows})`}>
<>

7
x-pack/plugins/security_solution/public/network/pages/navigation/types.ts
View file

@ -15,8 +15,6 @@ import type { FlowTargetSourceDest } from '../../../../common/search_strategy/se
import type { networkModel } from '../../store';
import type { GlobalTimeArgs } from '../../../common/containers/use_global_time';
import type { DocValueFields } from '../../../common/containers/source';
export interface QueryTabBodyProps extends Pick<GlobalTimeArgs, 'setQuery' | 'deleteQuery'> {
endDate: string;
filterQuery?: string | ESTermQuery;
@ -27,9 +25,7 @@ export interface QueryTabBodyProps extends Pick<GlobalTimeArgs, 'setQuery' | 'de
type: networkModel.NetworkType;
}
export type NetworkComponentQueryProps = QueryTabBodyProps & {
docValueFields?: DocValueFields[];
};
export type NetworkComponentQueryProps = QueryTabBodyProps;
export type IPsQueryTabBodyProps = QueryTabBodyProps & {
flowTarget: FlowTargetSourceDest;
@ -47,7 +43,6 @@ export type IPQueryTabBodyProps = FTQueryTabBodyProps & {
export type HttpQueryTabBodyProps = QueryTabBodyProps;
export type NetworkRoutesProps = GlobalTimeArgs & {
docValueFields: DocValueFields[];
type: networkModel.NetworkType;
filterQuery?: string | ESTermQuery;
indexPattern: DataViewBase;

3
x-pack/plugins/security_solution/public/network/pages/network.tsx
View file

@ -112,7 +112,7 @@ const NetworkComponent = React.memo<NetworkComponentProps>(
[dispatch]
);
const { docValueFields, indicesExist, indexPattern, selectedPatterns } = useSourcererDataView();
const { indicesExist, indexPattern, selectedPatterns } = useSourcererDataView();
const onSkipFocusBeforeEventsTable = useCallback(() => {
containerElement.current
@ -214,7 +214,6 @@ const NetworkComponent = React.memo<NetworkComponentProps>(
</Display>
<NetworkRoutes
docValueFields={docValueFields}
filterQuery={tabsFilterQuery}
from={from}
isInitializing={isInitializing}

3
x-pack/plugins/security_solution/public/timelines/components/flyout/header/index.test.tsx
View file

@ -14,7 +14,7 @@ import { TimelineId } from '../../../../../common/types/timeline';
import { useTimelineKpis } from '../../../containers/kpis';
import { FlyoutHeader } from '.';
import { useSourcererDataView } from '../../../../common/containers/sourcerer';
import { mockBrowserFields, mockDocValueFields } from '../../../../common/containers/source/mock';
import { mockBrowserFields } from '../../../../common/containers/source/mock';
import { getEmptyValue } from '../../../../common/components/empty_value';
import { allCasesPermissions, readCasesPermissions } from '../../../../cases_test_utils';
@ -53,7 +53,6 @@ const mockUseTimelineLargeKpiResponse = {
};
const defaultMocks = {
browserFields: mockBrowserFields,
docValueFields: mockDocValueFields,
indexPattern: mockIndexPattern,
loading: false,
selectedPatterns: mockIndexNames,

3
x-pack/plugins/security_solution/public/timelines/components/flyout/header/index.tsx
View file

@ -345,7 +345,7 @@ const TimelineStatusInfoComponent: React.FC<FlyoutHeaderProps> = ({ timelineId }
const TimelineStatusInfo = React.memo(TimelineStatusInfoComponent);
const FlyoutHeaderComponent: React.FC<FlyoutHeaderProps> = ({ timelineId }) => {
const { selectedPatterns, indexPattern, docValueFields, browserFields } = useSourcererDataView(
const { selectedPatterns, indexPattern, browserFields } = useSourcererDataView(
SourcererScopeName.timeline
);
const getStartSelector = useMemo(() => startSelector(), []);
@ -409,7 +409,6 @@ const FlyoutHeaderComponent: React.FC<FlyoutHeaderProps> = ({ timelineId }) => {
const [loading, kpis] = useTimelineKpis({
defaultIndex: selectedPatterns,
docValueFields,
timerange,
isBlankTimeline,
filterQuery: combinedQueries?.filterQuery ?? '',

1
x-pack/plugins/security_solution/public/timelines/components/timeline/eql_tab_content/index.test.tsx
View file

@ -194,7 +194,6 @@ describe('Timeline', () => {
test('it does render the timeline table when the source is loading with no events', () => {
(useSourcererDataView as jest.Mock).mockReturnValue({
browserFields: {},
docValueFields: [],
loading: true,
indexPattern: {},
selectedPatterns: [],

3
x-pack/plugins/security_solution/public/timelines/components/timeline/index.test.tsx
View file

@ -11,7 +11,7 @@ import useResizeObserver from 'use-resize-observer/polyfilled';
import { DragDropContextWrapper } from '../../../common/components/drag_and_drop/drag_drop_context_wrapper';
import '../../../common/mock/match_media';
import { mockBrowserFields, mockDocValueFields } from '../../../common/containers/source/mock';
import { mockBrowserFields } from '../../../common/containers/source/mock';
import { TimelineId } from '../../../../common/types/timeline';
import {
createSecuritySolutionStorageMock,
@ -94,7 +94,6 @@ jest.mock('../../../common/containers/sourcerer');
const mockDataView = {
dataViewId: mockGlobalState.timeline.timelineById.test?.dataViewId,
browserFields: mockBrowserFields,
docValueFields: mockDocValueFields,
loading: false,
indexPattern: mockIndexPattern,
pageInfo: { activePage: 0, querySize: 0 },

1
x-pack/plugins/security_solution/public/timelines/components/timeline/query_tab_content/index.test.tsx
View file

@ -206,7 +206,6 @@ describe('Timeline', () => {
test('it does render the timeline table when the source is loading with no events', () => {
(useSourcererDataView as jest.Mock).mockReturnValue({
browserFields: {},
docValueFields: [],
loading: true,
indexPattern: {},
selectedPatterns: [],

6
x-pack/plugins/security_solution/public/timelines/containers/kpis/index.tsx
View file

@ -14,7 +14,6 @@ import { isCompleteResponse, isErrorResponse } from '@kbn/data-plugin/public';
import type { inputsModel } from '../../../common/store';
import { useKibana } from '../../../common/lib/kibana';
import type {
DocValueFields,
TimelineKpiStrategyRequest,
TimelineKpiStrategyResponse,
TimerangeInput,
@ -28,14 +27,12 @@ export interface UseTimelineKpiProps {
timerange: TimerangeInput;
filterQuery?: ESQuery | string | undefined;
defaultIndex: string[];
docValueFields?: DocValueFields[];
isBlankTimeline: boolean;
}
export const useTimelineKpis = ({
timerange,
filterQuery,
docValueFields,
defaultIndex,
isBlankTimeline,
}: UseTimelineKpiProps): [boolean, TimelineKpiStrategyResponse | null] => {
@ -96,7 +93,6 @@ export const useTimelineKpis = ({
setTimelineKpiRequest((prevRequest) => {
const myRequest = {
...(prevRequest ?? {}),
docValueFields,
defaultIndex,
timerange,
filterQuery,
@ -107,7 +103,7 @@ export const useTimelineKpis = ({
}
return prevRequest;
});
}, [docValueFields, defaultIndex, timerange, filterQuery]);
}, [defaultIndex, timerange, filterQuery]);
useEffect(() => {
if (!isBlankTimeline) {

15
x-pack/plugins/security_solution/public/users/pages/navigation/all_users_query_tab_body.tsx
View file

@ -32,7 +32,6 @@ export const AllUsersQueryTabBody = ({
setQuery,
startDate,
type,
docValueFields,
deleteQuery,
}: UsersComponentsQueryProps) => {
const { toggleStatus } = useQueryToggle(QUERY_ID);
@ -70,7 +69,6 @@ export const AllUsersQueryTabBody = ({
search({
filterQuery,
defaultIndex: indexNames,
docValueFields,
timerange: {
interval: '12h',
from: startDate,
@ -80,18 +78,7 @@ export const AllUsersQueryTabBody = ({
sort,
});
}
}, [
search,
startDate,
endDate,
filterQuery,
indexNames,
querySkip,
docValueFields,
activePage,
limit,
sort,
]);
}, [search, startDate, endDate, filterQuery, indexNames, querySkip, activePage, limit, sort]);
return (
<UsersTableManage

2
x-pack/plugins/security_solution/public/users/pages/navigation/authentications_query_tab_body.tsx
View file

@ -22,7 +22,6 @@ export const AuthenticationsQueryTabBody = ({
setQuery,
startDate,
type,
docValueFields,
deleteQuery,
userName,
}: AuthenticationsUserTableProps) => {
@ -47,7 +46,6 @@ export const AuthenticationsQueryTabBody = ({
startDate={startDate}
type={type}
skip={skip}
docValueFields={docValueFields}
userName={userName}
/>
</>

2
x-pack/plugins/security_solution/public/users/pages/navigation/types.ts
View file

@ -4,7 +4,6 @@
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import type { DocValueFields } from '@kbn/timelines-plugin/common';
import type { UsersTableType, UsersType } from '../../store/model';
import type { GlobalTimeArgs } from '../../../common/containers/use_global_time';
import type { ESTermQuery } from '../../../../common/typed_json';
@ -22,7 +21,6 @@ export interface QueryTabBodyProps {
export type UsersComponentsQueryProps = QueryTabBodyProps & {
deleteQuery?: GlobalTimeArgs['deleteQuery'];
docValueFields?: DocValueFields[];
indexNames: string[];
skip: boolean;
setQuery: GlobalTimeArgs['setQuery'];

2
x-pack/plugins/security_solution/public/users/pages/types.ts
View file

@ -6,13 +6,11 @@
*/
import type { Filter } from '@kbn/es-query';
import type { DocValueFields } from '@kbn/timelines-plugin/common';
import type { GlobalTimeArgs } from '../../common/containers/use_global_time';
import type { usersModel } from '../store';
export type UsersTabsProps = GlobalTimeArgs & {
docValueFields: DocValueFields[];
filterQuery: string;
pageFilters?: Filter[];
indexNames: string[];

3
x-pack/plugins/security_solution/public/users/pages/users.tsx
View file

@ -102,7 +102,7 @@ const UsersComponent = () => {
return filters;
}, [severitySelection, tabName, filters]);
const { docValueFields, indicesExist, indexPattern, selectedPatterns } = useSourcererDataView();
const { indicesExist, indexPattern, selectedPatterns } = useSourcererDataView();
const [filterQuery, kqlError] = useMemo(
() =>
convertToBuildEsQuery({
@ -210,7 +210,6 @@ const UsersComponent = () => {
<UsersTabs
deleteQuery={deleteQuery}
docValueFields={docValueFields}
filterQuery={tabsFilterQuery || ''}
from={from}
indexNames={selectedPatterns}

11
x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/queries/descendants.ts
View file

@ -10,8 +10,7 @@ import type { IScopedClusterClient } from '@kbn/core/server';
import type { JsonObject, JsonValue } from '@kbn/utility-types';
import type { FieldsObject, ResolverSchema } from '../../../../../../common/endpoint/types';
import type { NodeID, TimeRange } from '../utils';
import { docValueFields, validIDs } from '../utils';
import { resolverFields, validIDs } from '../utils';
interface DescendantsParams {
schema: ResolverSchema;
indexPatterns: string | string[];
@ -26,11 +25,11 @@ export class DescendantsQuery {
private readonly schema: ResolverSchema;
private readonly indexPatterns: string | string[];
private readonly timeRange: TimeRange;
private readonly docValueFields: JsonValue[];
private readonly isInternalRequest: boolean;
private readonly resolverFields: JsonValue[];
constructor({ schema, indexPatterns, timeRange, isInternalRequest }: DescendantsParams) {
this.docValueFields = docValueFields(schema);
this.resolverFields = resolverFields(schema);
this.schema = schema;
this.indexPatterns = indexPatterns;
this.timeRange = timeRange;
@ -40,7 +39,7 @@ export class DescendantsQuery {
private query(nodes: NodeID[], size: number): JsonObject {
return {
_source: false,
docvalue_fields: this.docValueFields,
fields: this.resolverFields,
size,
collapse: {
field: this.schema.id,
@ -93,7 +92,7 @@ export class DescendantsQuery {
private queryWithAncestryArray(nodes: NodeID[], ancestryField: string, size: number): JsonObject {
return {
_source: false,
docvalue_fields: this.docValueFields,
fields: this.resolverFields,
size,
collapse: {
field: this.schema.id,

8
x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/queries/lifecycle.ts
View file

@ -9,7 +9,7 @@ import type { IScopedClusterClient } from '@kbn/core/server';
import type { JsonObject, JsonValue } from '@kbn/utility-types';
import type { FieldsObject, ResolverSchema } from '../../../../../../common/endpoint/types';
import type { NodeID, TimeRange } from '../utils';
import { docValueFields, validIDs } from '../utils';
import { validIDs, resolverFields } from '../utils';
interface LifecycleParams {
schema: ResolverSchema;
@ -25,10 +25,10 @@ export class LifecycleQuery {
private readonly schema: ResolverSchema;
private readonly indexPatterns: string | string[];
private readonly timeRange: TimeRange;
private readonly docValueFields: JsonValue[];
private readonly isInternalRequest: boolean;
private readonly resolverFields: JsonValue[];
constructor({ schema, indexPatterns, timeRange, isInternalRequest }: LifecycleParams) {
this.docValueFields = docValueFields(schema);
this.resolverFields = resolverFields(schema);
this.schema = schema;
this.indexPatterns = indexPatterns;
this.timeRange = timeRange;
@ -38,7 +38,7 @@ export class LifecycleQuery {
private query(nodes: NodeID[]): JsonObject {
return {
_source: false,
docvalue_fields: this.docValueFields,
fields: this.resolverFields,
size: nodes.length,
collapse: {
field: this.schema.id,

26
x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/utils/index.ts
View file

@ -4,7 +4,6 @@
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import type { ResolverSchema } from '../../../../../../common/endpoint/types';
/**
@ -21,15 +20,21 @@ export interface TimeRange {
export type NodeID = string | number;
/**
* Returns the doc value fields filter to use in queries to limit the number of fields returned in the
* Returns valid IDs that can be used in a search.
*
* @param ids array of ids
*/
export function validIDs(ids: NodeID[]): NodeID[] {
return ids.filter((id) => String(id) !== '');
}
/**
* Returns the resolver fields filter to use in queries to limit the number of fields returned in the
* query response.
*
* See for more info: https://www.elastic.co/guide/en/elasticsearch/reference/current/search-fields.html#docvalue-fields
*
* @param schema is the node schema information describing how relationships are formed between nodes
* in the resolver graph.
*/
export function docValueFields(schema: ResolverSchema): Array<{ field: string }> {
export function resolverFields(schema: ResolverSchema): Array<{ field: string }> {
const filter = [{ field: '@timestamp' }, { field: schema.id }, { field: schema.parent }];
if (schema.ancestry) {
filter.push({ field: schema.ancestry });
@ -40,12 +45,3 @@ export function docValueFields(schema: ResolverSchema): Array<{ field: string }>
}
return filter;
}
/**
* Returns valid IDs that can be used in a search.
*
* @param ids array of ids
*/
export function validIDs(ids: NodeID[]): NodeID[] {
return ids.filter((id) => String(id) !== '');
}

4
x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/dns/query.dns_histogram.dsl.ts
View file

@ -5,8 +5,6 @@
* 2.0.
*/
import { isEmpty } from 'lodash/fp';
import moment from 'moment';
import type { MatrixHistogramRequestOptions } from '../../../../../../common/search_strategy';
@ -57,7 +55,6 @@ const getHistogramAggregation = ({ from, to }: { from: string; to: string }) =>
export const buildDnsHistogramQuery = ({
defaultIndex,
docValueFields,
filterQuery,
isPtrIncluded = false,
stackByField = 'dns.question.registered_domain',
@ -81,7 +78,6 @@ export const buildDnsHistogramQuery = ({
index: defaultIndex,
ignore_unavailable: true,
body: {
...(!isEmpty(docValueFields) ? { docvalue_fields: docValueFields } : {}),
aggregations: {
...getCountAgg(),
dns_name_query_count: {

2
x-pack/plugins/timelines/common/index.ts
View file

@ -46,7 +46,6 @@ export type {
BrowserField,
BrowserFields,
CursorType,
DocValueFields,
EqlOptionsData,
EqlOptionsSelected,
FieldsEqlOptions,
@ -81,6 +80,5 @@ export {
EntityType,
LastEventIndexKey,
EMPTY_BROWSER_FIELDS,
EMPTY_DOCVALUE_FIELD,
EMPTY_INDEX_FIELDS,
} from './search_strategy';

2
x-pack/plugins/timelines/common/search_strategy/common/index.ts
View file

@ -52,8 +52,6 @@ export interface PaginationInputPaginated {
querySize: number;
}
export type DocValueFields = estypes.QueryDslFieldAndFormat;
export interface TimerangeFilter {
range: {
[timestamp: string]: {

3
x-pack/plugins/timelines/common/search_strategy/index_fields/index.ts
View file

@ -10,7 +10,7 @@ import type { MappingRuntimeFields } from '@elastic/elasticsearch/lib/api/typesW
import type { IEsSearchRequest, IEsSearchResponse, FieldSpec } from '@kbn/data-plugin/common';
import type { RuntimeField } from '@kbn/data-views-plugin/common';
import type { DocValueFields, Maybe } from '../common';
import type { Maybe } from '../common';
export type BeatFieldsFactoryQueryType = 'beatFields';
@ -76,5 +76,4 @@ export interface BrowserField {
export type BrowserFields = Readonly<Record<string, Partial<BrowserField>>>;
export const EMPTY_BROWSER_FIELDS = {};
export const EMPTY_DOCVALUE_FIELD: DocValueFields[] = [];
export const EMPTY_INDEX_FIELDS: FieldSpec[] = [];

25
x-pack/plugins/timelines/public/container/source/index.tsx
View file

@ -20,7 +20,6 @@ import * as i18n from './translations';
import {
BrowserField,
BrowserFields,
DocValueFields,
IndexField,
IndexFieldsStrategyRequest,
IndexFieldsStrategyResponse,
@ -29,10 +28,8 @@ import { useAppToasts } from '../../hooks/use_app_toasts';
const DEFAULT_BROWSER_FIELDS = {};
const DEFAULT_INDEX_PATTERNS = { fields: [], title: '' };
const DEFAULT_DOC_VALUE_FIELDS: DocValueFields[] = [];
interface FetchIndexReturn {
browserFields: BrowserFields;
docValueFields: DocValueFields[];
indexes: string[];
indexExists: boolean;
indexPatterns: DataViewBase;
@ -67,26 +64,6 @@ export const getBrowserFields = memoizeOne(
(newArgs, lastArgs) => newArgs[0] === lastArgs[0]
);
export const getDocValueFields = memoizeOne(
(_title: string, fields: IndexField[]): DocValueFields[] =>
fields && fields.length > 0
? fields.reduce<DocValueFields[]>((accumulator: DocValueFields[], field: IndexField) => {
if (field.readFromDocValues && accumulator.length < 100) {
return [
...accumulator,
{
field: field.name,
format: field.format ? field.format : undefined,
},
];
}
return accumulator;
}, [])
: [],
// Update the value only if _title has changed
(newArgs, lastArgs) => newArgs[0] === lastArgs[0]
);
export const getIndexFields = memoizeOne(
(title: string, fields: IndexField[]): DataViewBase =>
fields && fields.length > 0
@ -112,7 +89,6 @@ export const useFetchIndex = (
const [state, setState] = useState<FetchIndexReturn>({
browserFields: DEFAULT_BROWSER_FIELDS,
docValueFields: DEFAULT_DOC_VALUE_FIELDS,
indexes: indexNames,
indexExists: true,
indexPatterns: DEFAULT_INDEX_PATTERNS,
@ -142,7 +118,6 @@ export const useFetchIndex = (
setState({
browserFields: getBrowserFields(stringifyIndices, response.indexFields),
docValueFields: getDocValueFields(stringifyIndices, response.indexFields),
indexes: response.indicesExist,
indexExists: response.indicesExist.length > 0,
indexPatterns: getIndexFields(stringifyIndices, response.indexFields),

12
x-pack/plugins/timelines/public/mock/browser_fields.ts
View file

@ -6,7 +6,6 @@
*/
import type { MappingRuntimeFields } from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
import type { DocValueFields } from '../../common/search_strategy';
import type { BrowserFields } from '../../common/search_strategy/index_fields';
const DEFAULT_INDEX_PATTERN = [
@ -815,17 +814,6 @@ export const mockBrowserFields: BrowserFields = {
},
};
export const mockDocValueFields: DocValueFields[] = [
{
field: '@timestamp',
format: 'date_time',
},
{
field: 'event.end',
format: 'date_time',
},
];
export const mockRuntimeMappings: MappingRuntimeFields = {
'@a.runtime.field': {
script: {

1
x-pack/plugins/timelines/server/search_strategy/timeline/eql/helpers.test.ts
View file

@ -10,7 +10,6 @@ import { buildEqlDsl, parseEqlResponse } from './helpers';
import { eventsResponse, sequenceResponse } from './__mocks__';
const defaultArgs = {
defaultIndex: ['logs-endpoint.events*'],
docValueFields: [],
runtimeMappings: {},
fieldRequested: [
'@timestamp',

2
x-pack/test/api_integration/apis/security_solution/authentications.ts
View file

@ -52,7 +52,6 @@ export default function ({ getService }: FtrProviderContext) {
querySize: 1,
},
defaultIndex: ['auditbeat-*'],
docValueFields: [],
stackByField: AuthStackByField.userName,
sort: { field: 'timestamp', direction: Direction.asc },
filterQuery: '',
@ -84,7 +83,6 @@ export default function ({ getService }: FtrProviderContext) {
querySize: 2,
},
defaultIndex: ['auditbeat-*'],
docValueFields: [],
stackByField: AuthStackByField.userName,
sort: { field: 'timestamp', direction: Direction.asc },
filterQuery: '',

3
x-pack/test/api_integration/apis/security_solution/events.ts
View file

@ -14,7 +14,7 @@ import {
TimelineEventsAllStrategyResponse,
} from '@kbn/security-solution-plugin/common/search_strategy';
import { FtrProviderContext } from '../../ftr_provider_context';
import { getDocValueFields, getFieldsToRequest, getFilterValue } from './utils';
import { getFieldsToRequest, getFilterValue } from './utils';
const TO = '3000-01-01T00:00:00.000Z';
const FROM = '2000-01-01T00:00:00.000Z';
@ -34,7 +34,6 @@ export default function ({ getService }: FtrProviderContext) {
const getPostBody = (): JsonObject => ({
defaultIndex: ['auditbeat-*'],
docValueFields: getDocValueFields(),
factoryQueryType: TimelineEventsQueries.all,
entityType: 'events',
fieldRequested: getFieldsToRequest(),

4
x-pack/test/api_integration/apis/security_solution/kpi_hosts.ts
View file

@ -64,7 +64,6 @@ export default function ({ getService }: FtrProviderContext) {
from: FROM,
},
defaultIndex: ['filebeat-*'],
docValueFields: [],
inspect: false,
},
strategy: 'securitySolutionSearchStrategy',
@ -84,7 +83,6 @@ export default function ({ getService }: FtrProviderContext) {
from: FROM,
},
defaultIndex: ['filebeat-*'],
docValueFields: [],
inspect: false,
},
strategy: 'securitySolutionSearchStrategy',
@ -168,7 +166,6 @@ export default function ({ getService }: FtrProviderContext) {
from: FROM,
},
defaultIndex: ['auditbeat-*'],
docValueFields: [],
inspect: false,
},
strategy: 'securitySolutionSearchStrategy',
@ -188,7 +185,6 @@ export default function ({ getService }: FtrProviderContext) {
from: FROM,
},
defaultIndex: ['auditbeat-*'],
docValueFields: [],
inspect: false,
},
strategy: 'securitySolutionSearchStrategy',

11
x-pack/test/api_integration/apis/security_solution/kpi_network.ts
View file

@ -88,7 +88,6 @@ export default function ({ getService }: FtrProviderContext) {
from: FROM,
},
defaultIndex: ['filebeat-*'],
docValueFields: [],
inspect: false,
},
strategy: 'securitySolutionSearchStrategy',
@ -107,7 +106,6 @@ export default function ({ getService }: FtrProviderContext) {
from: FROM,
},
defaultIndex: ['filebeat-*'],
docValueFields: [],
inspect: false,
},
strategy: 'securitySolutionSearchStrategy',
@ -126,7 +124,6 @@ export default function ({ getService }: FtrProviderContext) {
from: FROM,
},
defaultIndex: ['filebeat-*'],
docValueFields: [],
inspect: false,
},
strategy: 'securitySolutionSearchStrategy',
@ -145,7 +142,6 @@ export default function ({ getService }: FtrProviderContext) {
from: FROM,
},
defaultIndex: ['filebeat-*'],
docValueFields: [],
inspect: false,
},
strategy: 'securitySolutionSearchStrategy',
@ -164,7 +160,6 @@ export default function ({ getService }: FtrProviderContext) {
from: FROM,
},
defaultIndex: ['filebeat-*'],
docValueFields: [],
inspect: false,
},
strategy: 'securitySolutionSearchStrategy',
@ -184,7 +179,6 @@ export default function ({ getService }: FtrProviderContext) {
from: FROM,
},
defaultIndex: ['filebeat-*'],
docValueFields: [],
inspect: false,
},
strategy: 'securitySolutionSearchStrategy',
@ -235,7 +229,6 @@ export default function ({ getService }: FtrProviderContext) {
from: FROM,
},
defaultIndex: ['packetbeat-*'],
docValueFields: [],
inspect: false,
},
strategy: 'securitySolutionSearchStrategy',
@ -254,7 +247,6 @@ export default function ({ getService }: FtrProviderContext) {
from: FROM,
},
defaultIndex: ['packetbeat-*'],
docValueFields: [],
inspect: false,
},
strategy: 'securitySolutionSearchStrategy',
@ -273,7 +265,6 @@ export default function ({ getService }: FtrProviderContext) {
from: FROM,
},
defaultIndex: ['packetbeat-*'],
docValueFields: [],
inspect: false,
},
strategy: 'securitySolutionSearchStrategy',
@ -293,7 +284,6 @@ export default function ({ getService }: FtrProviderContext) {
from: FROM,
},
defaultIndex: ['packetbeat-*'],
docValueFields: [],
inspect: false,
},
strategy: 'securitySolutionSearchStrategy',
@ -312,7 +302,6 @@ export default function ({ getService }: FtrProviderContext) {
from: FROM,
},
defaultIndex: ['packetbeat-*'],
docValueFields: [],
inspect: false,
},
strategy: 'securitySolutionSearchStrategy',

2
x-pack/test/api_integration/apis/security_solution/kpi_users.ts
View file

@ -46,7 +46,6 @@ export default function ({ getService }: FtrProviderContext) {
from: FROM,
},
defaultIndex: ['filebeat-*'],
docValueFields: [],
inspect: false,
},
strategy: 'securitySolutionSearchStrategy',
@ -86,7 +85,6 @@ export default function ({ getService }: FtrProviderContext) {
from: FROM,
},
defaultIndex: ['auditbeat-*'],
docValueFields: [],
inspect: false,
},
strategy: 'securitySolutionSearchStrategy',

1
x-pack/test/api_integration/apis/security_solution/matrix_dns_histogram.ts
View file

@ -44,7 +44,6 @@ export default function ({ getService }: FtrProviderContext) {
supertest,
options: {
defaultIndex: ['large_volume_dns_data'],
docValueFields: [],
factoryQueryType: MatrixHistogramQuery,
histogramType: MatrixHistogramType.dns,
filterQuery:

2
x-pack/test/api_integration/apis/security_solution/network_dns.ts
View file

@ -38,7 +38,6 @@ export default function ({ getService }: FtrProviderContext) {
supertest,
options: {
defaultIndex: ['packetbeat-*'],
docValueFields: [],
factoryQueryType: NetworkQueries.dns,
filterQuery:
'{"bool":{"must":[],"filter":[{"match_all":{}}],"should":[],"must_not":[]}}',
@ -69,7 +68,6 @@ export default function ({ getService }: FtrProviderContext) {
ip: '151.205.0.17',
defaultIndex: ['packetbeat-*'],
factoryQueryType: NetworkQueries.dns,
docValueFields: [],
inspect: false,
pagination: {
activePage: 0,

4
x-pack/test/api_integration/apis/security_solution/network_top_n_flow.ts
View file

@ -55,7 +55,6 @@ export default function ({ getService }: FtrProviderContext) {
to: TO,
from: FROM,
},
docValueFields: [],
inspect: false,
},
strategy: 'securitySolutionSearchStrategy',
@ -95,7 +94,6 @@ export default function ({ getService }: FtrProviderContext) {
to: TO,
from: FROM,
},
docValueFields: [],
inspect: false,
},
strategy: 'securitySolutionSearchStrategy',
@ -135,7 +133,6 @@ export default function ({ getService }: FtrProviderContext) {
to: TO,
from: FROM,
},
docValueFields: [],
inspect: false,
},
strategy: 'securitySolutionSearchStrategy',
@ -170,7 +167,6 @@ export default function ({ getService }: FtrProviderContext) {
to: TO,
from: FROM,
},
docValueFields: [],
inspect: false,
},
strategy: 'securitySolutionSearchStrategy',

1
x-pack/test/api_integration/apis/security_solution/overview_host.ts
View file

@ -59,7 +59,6 @@ export default function ({ getService }: FtrProviderContext) {
to: TO,
from: FROM,
},
docValueFields: [],
inspect: false,
},
strategy: 'securitySolutionSearchStrategy',

3
x-pack/test/api_integration/apis/security_solution/overview_network.ts
View file

@ -52,7 +52,6 @@ export default function ({ getService }: FtrProviderContext) {
to: TO,
from: FROM,
},
docValueFields: [],
inspect: false,
},
strategy: 'securitySolutionSearchStrategy',
@ -95,7 +94,6 @@ export default function ({ getService }: FtrProviderContext) {
to: TO,
from: FROM,
},
docValueFields: [],
inspect: false,
},
strategy: 'securitySolutionSearchStrategy',
@ -137,7 +135,6 @@ export default function ({ getService }: FtrProviderContext) {
to: TO,
from: FROM,
},
docValueFields: [],
inspect: false,
},
strategy: 'securitySolutionSearchStrategy',

4
x-pack/test/api_integration/apis/security_solution/tls.ts
View file

@ -115,7 +115,6 @@ export default function ({ getService }: FtrProviderContext) {
querySize: 10,
},
defaultIndex: ['packetbeat-*'],
docValueFields: [],
inspect: false,
},
strategy: 'securitySolutionSearchStrategy',
@ -145,7 +144,6 @@ export default function ({ getService }: FtrProviderContext) {
querySize: 10,
},
defaultIndex: ['packetbeat-*'],
docValueFields: [],
inspect: false,
},
strategy: 'securitySolutionSearchStrategy',
@ -184,7 +182,6 @@ export default function ({ getService }: FtrProviderContext) {
querySize: 10,
},
defaultIndex: ['packetbeat-*'],
docValueFields: [],
inspect: false,
},
strategy: 'securitySolutionSearchStrategy',
@ -214,7 +211,6 @@ export default function ({ getService }: FtrProviderContext) {
querySize: 10,
},
defaultIndex: ['packetbeat-*'],
docValueFields: [],
inspect: false,
},
strategy: 'securitySolutionSearchStrategy',

3
x-pack/test/api_integration/apis/security_solution/uncommon_processes.ts
View file

@ -52,7 +52,6 @@ export default function ({ getService }: FtrProviderContext) {
querySize: 1,
},
defaultIndex: ['auditbeat-uncommon-processes'],
docValueFields: [],
inspect: false,
},
strategy: 'securitySolutionSearchStrategy',
@ -79,7 +78,6 @@ export default function ({ getService }: FtrProviderContext) {
querySize: 2,
},
defaultIndex: ['auditbeat-uncommon-processes'],
docValueFields: [],
inspect: false,
},
strategy: 'securitySolutionSearchStrategy',
@ -108,7 +106,6 @@ export default function ({ getService }: FtrProviderContext) {
querySize: 1,
},
defaultIndex: ['auditbeat-uncommon-processes'],
docValueFields: [],
inspect: false,
},
strategy: 'securitySolutionSearchStrategy',

1
x-pack/test/api_integration/apis/security_solution/users.ts
View file

@ -46,7 +46,6 @@ export default function ({ getService }: FtrProviderContext) {
from: FROM,
},
defaultIndex: ['auditbeat-users'],
docValueFields: [],
ip: IP,
flowTarget: FlowTarget.destination,
sort: { field: NetworkUsersFields.name, direction: Direction.asc },

317
x-pack/test/api_integration/apis/security_solution/utils.ts
View file

@ -8,7 +8,7 @@
import type * as estypes from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
import type { TransportResult } from '@elastic/elasticsearch';
import type { Client } from '@elastic/elasticsearch';
import { JsonObject, JsonArray } from '@kbn/utility-types';
import { JsonObject } from '@kbn/utility-types';
export async function getSavedObjectFromES<T>(
es: Client,
@ -102,318 +102,3 @@ export const getFieldsToRequest = (): string[] => [
'host.os.family',
'event.code',
];
/**
* https://www.elastic.co/guide/en/elasticsearch/reference/7.12/search-fields.html#docvalue-fields
* Use the docvalue_fields parameter to get values for selected fields.
* This can be a good choice when returning a fairly small number of fields that support doc values,
* such as keywords and dates.
*/
export const getDocValueFields = (): JsonArray => [
{
field: '@timestamp',
},
{
field: 'agent.ephemeral_id',
},
{
field: 'agent.id',
},
{
field: 'agent.name',
},
{
field: 'agent.type',
},
{
field: 'agent.version',
},
{
field: 'as.number',
},
{
field: 'as.organization.name',
},
{
field: 'client.address',
},
{
field: 'client.as.number',
},
{
field: 'client.as.organization.name',
},
{
field: 'client.bytes',
format: 'bytes',
},
{
field: 'client.domain',
},
{
field: 'client.geo.city_name',
},
{
field: 'client.geo.continent_name',
},
{
field: 'client.geo.country_iso_code',
},
{
field: 'client.geo.country_name',
},
{
field: 'client.geo.location',
},
{
field: 'client.geo.name',
},
{
field: 'client.geo.region_iso_code',
},
{
field: 'client.geo.region_name',
},
{
field: 'client.ip',
},
{
field: 'client.mac',
},
{
field: 'client.nat.ip',
},
{
field: 'client.nat.port',
format: 'string',
},
{
field: 'client.packets',
},
{
field: 'client.port',
format: 'string',
},
{
field: 'client.registered_domain',
},
{
field: 'client.top_level_domain',
},
{
field: 'client.user.domain',
},
{
field: 'client.user.email',
},
{
field: 'client.user.full_name',
},
{
field: 'client.user.group.domain',
},
{
field: 'client.user.group.id',
},
{
field: 'client.user.group.name',
},
{
field: 'client.user.hash',
},
{
field: 'client.user.id',
},
{
field: 'client.user.name',
},
{
field: 'cloud.account.id',
},
{
field: 'cloud.availability_zone',
},
{
field: 'cloud.instance.id',
},
{
field: 'cloud.instance.name',
},
{
field: 'cloud.machine.type',
},
{
field: 'cloud.provider',
},
{
field: 'cloud.region',
},
{
field: 'code_signature.exists',
},
{
field: 'code_signature.status',
},
{
field: 'code_signature.subject_name',
},
{
field: 'code_signature.trusted',
},
{
field: 'code_signature.valid',
},
{
field: 'container.id',
},
{
field: 'container.image.name',
},
{
field: 'container.image.tag',
},
{
field: 'container.name',
},
{
field: 'container.runtime',
},
{
field: 'destination.address',
},
{
field: 'destination.as.number',
},
{
field: 'destination.as.organization.name',
},
{
field: 'destination.bytes',
format: 'bytes',
},
{
field: 'destination.domain',
},
{
field: 'destination.geo.city_name',
},
{
field: 'destination.geo.continent_name',
},
{
field: 'destination.geo.country_iso_code',
},
{
field: 'destination.geo.country_name',
},
{
field: 'destination.geo.location',
},
{
field: 'destination.geo.name',
},
{
field: 'destination.geo.region_iso_code',
},
{
field: 'destination.geo.region_name',
},
{
field: 'destination.ip',
},
{
field: 'destination.mac',
},
{
field: 'destination.nat.ip',
},
{
field: 'destination.nat.port',
format: 'string',
},
{
field: 'destination.packets',
},
{
field: 'destination.port',
format: 'string',
},
{
field: 'destination.registered_domain',
},
{
field: 'destination.top_level_domain',
},
{
field: 'destination.user.domain',
},
{
field: 'destination.user.email',
},
{
field: 'destination.user.full_name',
},
{
field: 'destination.user.group.domain',
},
{
field: 'destination.user.group.id',
},
{
field: 'destination.user.group.name',
},
{
field: 'destination.user.hash',
},
{
field: 'destination.user.id',
},
{
field: 'destination.user.name',
},
{
field: 'dll.code_signature.exists',
},
{
field: 'dll.code_signature.status',
},
{
field: 'dll.code_signature.subject_name',
},
{
field: 'dll.code_signature.trusted',
},
{
field: 'dll.code_signature.valid',
},
{
field: 'dll.hash.md5',
},
{
field: 'dll.hash.sha1',
},
{
field: 'dll.hash.sha256',
},
{
field: 'dll.hash.sha512',
},
{
field: 'dll.name',
},
{
field: 'dll.path',
},
{
field: 'dll.pe.company',
},
{
field: 'dll.pe.description',
},
{
field: 'dll.pe.file_version',
},
{
field: 'dll.pe.original_file_name',
},
];

14
x-pack/test/timeline/security_and_spaces/tests/basic/events.ts
View file

@ -69,20 +69,6 @@ export default ({ getService }: FtrProviderContext) => {
const getPostBody = (): JsonObject => ({
defaultIndex: ['.alerts-*'],
entityType: 'alerts',
docValueFields: [
{
field: '@timestamp',
},
{
field: ALERT_RULE_CONSUMER,
},
{
field: ALERT_UUID,
},
{
field: 'event.kind',
},
],
factoryQueryType: TimelineEventsQueries.all,
fieldRequested: ['@timestamp', 'message', ALERT_RULE_CONSUMER, ALERT_UUID, 'event.kind'],
fields: [],

5
x-pack/test/timeline/security_and_spaces/tests/trial/events.ts
View file

@ -78,11 +78,6 @@ export default ({ getService }: FtrProviderContext) => {
const getPostBody = (): JsonObject => ({
defaultIndex: ['.alerts-*'],
entityType: 'alerts',
docValueFields: [
{
field: '@timestamp',
},
],
factoryQueryType: TimelineEventsQueries.all,
fieldRequested: ['@timestamp'],
fields: [],