[Security Solution] Use search strategy error in timeline (#125178)

2025-04-24 17:59:23 -04:00 · 2022-02-11 11:06:05 -07:00 · 2022-02-11 11:06:05 -07:00 · 4fe96b799e
commit 4fe96b799e
parent 67fb388acd
14 changed files with 42 additions and 35 deletions
--- a/x-pack/plugins/timelines/public/components/t_grid/integrated/index.tsx
+++ b/x-pack/plugins/timelines/public/components/t_grid/integrated/index.tsx
@ -101,6 +101,7 @@ export interface TGridIntegratedProps {
  createFieldComponent?: CreateFieldComponentType;
  data?: DataPublicPluginStart;
  dataProviders: DataProvider[];
+  dataViewId?: string | null;
  defaultCellActions?: TGridCellAction[];
  deletedEventIds: Readonly<string[]>;
  disabledCellActions: string[];
@ -145,6 +146,7 @@ const TGridIntegratedComponent: React.FC<TGridIntegratedProps> = ({
  columns,
  data,
  dataProviders,
+  dataViewId = null,
  defaultCellActions,
  deletedEventIds,
  disabledCellActions,
@ -236,6 +238,7 @@ const TGridIntegratedComponent: React.FC<TGridIntegratedProps> = ({
      // We rely on entityType to determine Events vs Alerts
      alertConsumers: SECURITY_ALERTS_CONSUMERS,
      data,
+      dataViewId,
      docValueFields,
      endDate: end,
      entityType,
--- a/x-pack/plugins/timelines/public/components/t_grid/standalone/index.tsx
+++ b/x-pack/plugins/timelines/public/components/t_grid/standalone/index.tsx
@ -86,6 +86,7 @@ export interface TGridStandaloneProps {
  } | null;
  afterCaseSelection?: Function;
  columns: ColumnHeaderOptions[];
+  dataViewId?: string | null;
  defaultCellActions?: TGridCellAction[];
  deletedEventIds: Readonly<string[]>;
  disabledCellActions: string[];
@ -130,6 +131,7 @@ const TGridStandaloneComponent: React.FC<TGridStandaloneProps> = ({
  casesOwner,
  casePermissions,
  columns,
+  dataViewId = null,
  defaultCellActions,
  deletedEventIds,
  disabledCellActions,
@ -224,6 +226,7 @@ const TGridStandaloneComponent: React.FC<TGridStandaloneProps> = ({
    loading,
    { consumers, events, updatedAt, loadPage, pageInfo, refetch, totalCount = 0, inspect },
  ] = useTimelineEvents({
+    dataViewId,
    docValueFields: [],
    entityType,
    excludeEcsData: true,
--- a/x-pack/plugins/timelines/public/container/index.tsx
+++ b/x-pack/plugins/timelines/public/container/index.tsx
@ -12,6 +12,7 @@ import { useCallback, useEffect, useRef, useState } from 'react';
 import { useDispatch } from 'react-redux';
 import { Subscription } from 'rxjs';
 import { MappingRuntimeFields } from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
+import type { DataView } from '../../../../../src/plugins/data_views/public';
 import {
  clearEventsLoading,
  clearEventsDeleted,
@ -73,6 +74,7 @@ type TimelineResponse<T extends KueryFilterQueryKind> = TimelineEventsAllStrateg
 export interface UseTimelineEventsProps {
  alertConsumers?: AlertConsumers[];
  data?: DataPublicPluginStart;
+  dataViewId: string | null;
  docValueFields?: DocValueFields[];
  endDate: string;
  entityType: EntityType;
@ -117,6 +119,7 @@ export const initSortDefault = [
 const NO_CONSUMERS: AlertConsumers[] = [];
 export const useTimelineEvents = ({
  alertConsumers = NO_CONSUMERS,
+  dataViewId,
  docValueFields,
  endDate,
  entityType,
@ -191,7 +194,7 @@ export const useTimelineEvents = ({
    loadPage: wrappedLoadPage,
    updatedAt: 0,
  });
-  const { addError, addWarning } = useAppToasts();
+  const { addWarning } = useAppToasts();

  const timelineSearch = useCallback(
    (request: TimelineRequest<typeof language> | null) => {
@ -213,6 +216,8 @@ export const useTimelineEvents = ({
                    ? 'timelineEqlSearchStrategy'
                    : 'timelineSearchStrategy',
                abortSignal: abortCtrl.current.signal,
+                // we only need the id to throw better errors
+                indexPattern: { id: dataViewId } as unknown as DataView,
              }
            )
            .subscribe({
@ -242,9 +247,7 @@ export const useTimelineEvents = ({
              },
              error: (msg) => {
                setLoading(false);
-                addError(msg, {
-                  title: i18n.FAIL_TIMELINE_EVENTS,
-                });
+                data.search.showError(msg);
                searchSubscription$.current.unsubscribe();
              },
            });
@ -256,7 +259,7 @@ export const useTimelineEvents = ({
      asyncSearch();
      refetch.current = asyncSearch;
    },
-    [skip, data, entityType, setUpdated, addWarning, addError]
+    [skip, data, entityType, dataViewId, setUpdated, addWarning]
  );

  useEffect(() => {
--- a/x-pack/plugins/timelines/public/container/translations.ts
+++ b/x-pack/plugins/timelines/public/container/translations.ts
@ -13,10 +13,3 @@ export const ERROR_TIMELINE_EVENTS = i18n.translate(
    defaultMessage: `An error has occurred on timeline events search`,
  }
 );
-
-export const FAIL_TIMELINE_EVENTS = i18n.translate(
-  'xpack.timelines.timelineEvents.failSearchDescription',
-  {
-    defaultMessage: `Failed to run search on timeline events`,
-  }
-);
--- a/x-pack/plugins/timelines/public/mock/t_grid.tsx
+++ b/x-pack/plugins/timelines/public/mock/t_grid.tsx
@ -92,6 +92,7 @@ export const tGridIntegratedProps: TGridIntegratedProps = {
  browserFields: mockBrowserFields,
  columns: columnHeaders,
  dataProviders: mockDataProviders,
+  dataViewId: 'data-view-id',
  deletedEventIds: [],
  disabledCellActions: [],
  docValueFields: mockDocValueFields,