[Infrastructure UI] Remove sensitive info from telemetry payload (#159314)

## Summary This PR changes the `Hosts View Query Submitted` telemetry event payload, stopping Kibana from sending potentially sensitive information to analytics services. An example of the new payload: ```ts { control_filter_fields: ['host.os.name'], filter_fields: ['host.name', 'cloud.provider'], interval: 'interval(now-1h)', with_query: false, limit: 100, } ``` Instead of sending filter values, we'll pass only the field names. Except for the query bar, because it's to complicated to parse and retrieve that information Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
2025-04-24 09:48:58 -04:00 · 2023-06-09 09:58:08 +02:00 · 2023-06-09 09:58:08 +02:00 · 3bc3a362ca
commit 3bc3a362ca
parent 95edefb221
5 changed files with 32 additions and 17 deletions
--- a/x-pack/plugins/infra/public/pages/metrics/hosts/hooks/use_unified_search.ts
+++ b/x-pack/plugins/infra/public/pages/metrics/hosts/hooks/use_unified_search.ts
@ -22,6 +22,7 @@ import {
  type HostsState,
  type StringDateRangeTimestamp,
 } from './use_unified_search_url_state';
+import { retrieveFieldsFromFilter } from '../utils';

 const buildQuerySubmittedPayload = (
  hostState: HostsState & { parsedDateRange: StringDateRangeTimestamp }
@ -29,10 +30,10 @@ const buildQuerySubmittedPayload = (
  const { panelFilters, filters, parsedDateRange, query: queryObj, limit } = hostState;

  return {
-    control_filters: panelFilters.map((filter) => JSON.stringify(filter)),
-    filters: filters.map((filter) => JSON.stringify(filter)),
+    control_filter_fields: retrieveFieldsFromFilter(panelFilters),
+    filter_fields: retrieveFieldsFromFilter(filters),
    interval: telemetryTimeRangeFormatter(parsedDateRange.to - parsedDateRange.from),
-    query: queryObj.query,
+    with_query: !!queryObj.query,
    limit,
  };
 };
--- a/x-pack/plugins/infra/public/pages/metrics/hosts/utils.ts
+++ b/x-pack/plugins/infra/public/pages/metrics/hosts/utils.ts
@ -5,7 +5,7 @@
 * 2.0.
 */

-import { DataViewBase, Filter } from '@kbn/es-query';
+import { DataViewBase, Filter, isCombinedFilter } from '@kbn/es-query';

 export const createHostsFilter = (hostNames: string[], dataView?: DataViewBase): Filter => {
  return {
@ -25,3 +25,17 @@ export const createHostsFilter = (hostNames: string[], dataView?: DataViewBase):
      : {},
  };
 };
+
+export const retrieveFieldsFromFilter = (filters: Filter[], fields: string[] = []) => {
+  for (const filter of filters) {
+    if (isCombinedFilter(filter)) {
+      retrieveFieldsFromFilter(filter.meta.params, fields);
+    }
+
+    if (filter.meta.key) {
+      fields.push(filter.meta.key);
+    }
+  }
+
+  return fields;
+};
--- a/x-pack/plugins/infra/public/services/telemetry/telemetry_events.ts
+++ b/x-pack/plugins/infra/public/services/telemetry/telemetry_events.ts
@ -9,7 +9,7 @@ import { InfraTelemetryEventTypes, InfraTelemetryEvent } from './types';
 const hostsViewQuerySubmittedEvent: InfraTelemetryEvent = {
  eventType: InfraTelemetryEventTypes.HOSTS_VIEW_QUERY_SUBMITTED,
  schema: {
-    control_filters: {
+    control_filter_fields: {
      type: 'array',
      items: {
        type: 'text',
@ -19,7 +19,7 @@ const hostsViewQuerySubmittedEvent: InfraTelemetryEvent = {
        },
      },
    },
-    filters: {
+    filter_fields: {
      type: 'array',
      items: {
        type: 'text',
@ -36,8 +36,8 @@ const hostsViewQuerySubmittedEvent: InfraTelemetryEvent = {
        optional: false,
      },
    },
-    query: {
-      type: 'text',
+    with_query: {
+      type: 'boolean',
      _meta: {
        description: 'KQL query search for hosts',
        optional: false,
--- a/x-pack/plugins/infra/public/services/telemetry/telemetry_service.test.ts
+++ b/x-pack/plugins/infra/public/services/telemetry/telemetry_service.test.ts
@ -103,10 +103,10 @@ describe('TelemetryService', () => {
      const telemetry = service.start();

      telemetry.reportHostsViewQuerySubmitted({
-        control_filters: ['test-filter'],
-        filters: [],
+        control_filter_fields: ['host.os.name'],
+        filter_fields: [],
        interval: 'interval(now-1h)',
-        query: '',
+        with_query: false,
        limit: 100,
      });

@ -114,10 +114,10 @@ describe('TelemetryService', () => {
      expect(setupParams.analytics.reportEvent).toHaveBeenCalledWith(
        InfraTelemetryEventTypes.HOSTS_VIEW_QUERY_SUBMITTED,
        {
-          control_filters: ['test-filter'],
-          filters: [],
+          control_filter_fields: ['host.os.name'],
+          filter_fields: [],
          interval: 'interval(now-1h)',
-          query: '',
+          with_query: false,
          limit: 100,
        }
      );
--- a/x-pack/plugins/infra/public/services/telemetry/types.ts
+++ b/x-pack/plugins/infra/public/services/telemetry/types.ts
@ -21,10 +21,10 @@ export enum InfraTelemetryEventTypes {
 }

 export interface HostsViewQuerySubmittedParams {
-  control_filters: string[];
-  filters: string[];
+  control_filter_fields: string[];
+  filter_fields: string[];
  interval: string;
-  query: string | { [key: string]: any };
+  with_query: boolean;
  limit: number;
 }