[8.16] [Security Solution] Remove warning for rule filter (#201776) (#204728)

# Backport

This will backport the following commits from `main` to `8.16`:
- [[Security Solution] Remove warning for rule filter
(#201776)](https://github.com/elastic/kibana/pull/201776)

<!--- Backport version: 9.6.2 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Jacek
Kolezynski","email":"jacek.kolezynski@elastic.co"},"sourceCommit":{"committedDate":"2024-12-18T09:47:05Z","message":"[Security
Solution] Remove warning for rule filter (#201776)\n\n**Resolves:
#178908**\n\n## Summary\n\nThis PR fixes a warning displayed for the
rule when certain filter is\npresent.\nI followed the suggestion from
@nikitaindik in the original ticket and\npulled his fix and tested that
it works, but it also needed some\nmodification borrowed from QueryBar
component, namely to update the\nfilters before displaying the
FilterItems component.\n\nNote: This PR only covers the Rule Creation /
Rules Details page. Two\nnew tickets have been created to cover issues
found in other places:\n#203600 and #203615\n\n# BEFORE\n<img
width=\"899\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/62b300b4-bc70-481f-8042-dc9d7c4b3ff0\">\n\n#
AFTER\n<img width=\"901\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/6c2915f8-e2e1-477d-bf6c-4ededf1a6907\">\n\n\n###
Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers
should verify this PR satisfies this list as well.\n\n- [ ] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [ ] [Flaky
Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\nused on any tests changed\n\n---------\n\nCo-authored-by: Nikita
Indik
<nikita.indik@elastic.co>","sha":"2e3a74829d953e3a968c75e0edaed21dce332c03","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:fix","v9.0.0","Team:Detections
and Resp","Team: SecuritySolution","Team:Detection Rule
Management","Feature:Rule Creation","Feature:Rule Details","Feature:Rule
Edit","backport:version","v8.18.0","v8.16.3","v8.17.1"],"title":"[Security
Solution] Remove warning for rule
filter","number":201776,"url":"https://github.com/elastic/kibana/pull/201776","mergeCommit":{"message":"[Security
Solution] Remove warning for rule filter (#201776)\n\n**Resolves:
#178908**\n\n## Summary\n\nThis PR fixes a warning displayed for the
rule when certain filter is\npresent.\nI followed the suggestion from
@nikitaindik in the original ticket and\npulled his fix and tested that
it works, but it also needed some\nmodification borrowed from QueryBar
component, namely to update the\nfilters before displaying the
FilterItems component.\n\nNote: This PR only covers the Rule Creation /
Rules Details page. Two\nnew tickets have been created to cover issues
found in other places:\n#203600 and #203615\n\n# BEFORE\n<img
width=\"899\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/62b300b4-bc70-481f-8042-dc9d7c4b3ff0\">\n\n#
AFTER\n<img width=\"901\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/6c2915f8-e2e1-477d-bf6c-4ededf1a6907\">\n\n\n###
Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers
should verify this PR satisfies this list as well.\n\n- [ ] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [ ] [Flaky
Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\nused on any tests changed\n\n---------\n\nCo-authored-by: Nikita
Indik
<nikita.indik@elastic.co>","sha":"2e3a74829d953e3a968c75e0edaed21dce332c03"}},"sourceBranch":"main","suggestedTargetBranches":["8.16"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/201776","number":201776,"mergeCommit":{"message":"[Security
Solution] Remove warning for rule filter (#201776)\n\n**Resolves:
#178908**\n\n## Summary\n\nThis PR fixes a warning displayed for the
rule when certain filter is\npresent.\nI followed the suggestion from
@nikitaindik in the original ticket and\npulled his fix and tested that
it works, but it also needed some\nmodification borrowed from QueryBar
component, namely to update the\nfilters before displaying the
FilterItems component.\n\nNote: This PR only covers the Rule Creation /
Rules Details page. Two\nnew tickets have been created to cover issues
found in other places:\n#203600 and #203615\n\n# BEFORE\n<img
width=\"899\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/62b300b4-bc70-481f-8042-dc9d7c4b3ff0\">\n\n#
AFTER\n<img width=\"901\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/6c2915f8-e2e1-477d-bf6c-4ededf1a6907\">\n\n\n###
Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers
should verify this PR satisfies this list as well.\n\n- [ ] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [ ] [Flaky
Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\nused on any tests changed\n\n---------\n\nCo-authored-by: Nikita
Indik
<nikita.indik@elastic.co>","sha":"2e3a74829d953e3a968c75e0edaed21dce332c03"}},{"branch":"8.x","label":"v8.18.0","branchLabelMappingKey":"^v8.18.0$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/204704","number":204704,"state":"MERGED","mergeCommit":{"sha":"2ea020542b5c30066b3728d8b718670c5732ca1e","message":"[8.x]
[Security Solution] Remove warning for rule filter (#201776)
(#204704)\n\n# Backport\n\nThis will backport the following commits from
`main` to `8.x`:\n- [[Security Solution] Remove warning for rule
filter\n(#201776)](https://github.com/elastic/kibana/pull/201776)\n\n<!---
Backport version: 9.4.3 -->\n\n### Questions ?\nPlease refer to the
[Backport
tool\ndocumentation](https://github.com/sqren/backport)\n\n<!--BACKPORT
[{\"author\":{\"name\":\"Jacek\nKolezynski\",\"email\":\"jacek.kolezynski@elastic.co\"},\"sourceCommit\":{\"committedDate\":\"2024-12-18T09:47:05Z\",\"message\":\"[Security\nSolution]
Remove warning for rule filter
(#201776)\\n\\n**Resolves:\n#178908**\\n\\n## Summary\\n\\nThis PR fixes
a warning displayed for the\nrule when certain filter is\\npresent.\\nI
followed the suggestion from\n@nikitaindik in the original ticket
and\\npulled his fix and tested that\nit works, but it also needed
some\\nmodification borrowed from QueryBar\ncomponent, namely to update
the\\nfilters before displaying the\nFilterItems component.\\n\\nNote:
This PR only covers the Rule Creation /\nRules Details page. Two\\nnew
tickets have been created to cover issues\nfound in other
places:\\n#203600 and #203615\\n\\n#
BEFORE\\n<img\nwidth=\\\"899\\\"\nalt=\\\"image\\\"\\nsrc=\\\"https://github.com/user-attachments/assets/62b300b4-bc70-481f-8042-dc9d7c4b3ff0\\\">\\n\\n#\nAFTER\\n<img
width=\\\"901\\\"\nalt=\\\"image\\\"\\nsrc=\\\"https://github.com/user-attachments/assets/6c2915f8-e2e1-477d-bf6c-4ededf1a6907\\\">\\n\\n\\n###\nChecklist\\n\\nCheck
the PR satisfies following conditions. \\n\\nReviewers\nshould verify
this PR satisfies this list as well.\\n\\n- [ ] [Unit
or\nfunctional\\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\\nwere\nupdated
or added to match the most common scenarios\\n- [ ]
[Flaky\nTest\\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)\nwas\\nused
on any tests changed\\n\\n---------\\n\\nCo-authored-by:
Nikita\nIndik\n<nikita.indik@elastic.co>\",\"sha\":\"2e3a74829d953e3a968c75e0edaed21dce332c03\",\"branchLabelMapping\":{\"^v9.0.0$\":\"main\",\"^v8.18.0$\":\"8.x\",\"^v(\\\\d+).(\\\\d+).\\\\d+$\":\"$1.$2\"}},\"sourcePullRequest\":{\"labels\":[\"bug\",\"release_note:fix\",\"v9.0.0\",\"Team:Detections\nand
Resp\",\"Team: SecuritySolution\",\"Team:Detection
Rule\nManagement\",\"Feature:Rule Creation\",\"Feature:Rule
Details\",\"Feature:Rule\nEdit\",\"backport:version\",\"v8.18.0\",\"v8.16.3\",\"v8.17.1\"],\"title\":\"[Security\nSolution]
Remove warning for
rule\nfilter\",\"number\":201776,\"url\":\"https://github.com/elastic/kibana/pull/201776\",\"mergeCommit\":{\"message\":\"[Security\nSolution]
Remove warning for rule filter
(#201776)\\n\\n**Resolves:\n#178908**\\n\\n## Summary\\n\\nThis PR fixes
a warning displayed for the\nrule when certain filter is\\npresent.\\nI
followed the suggestion from\n@nikitaindik in the original ticket
and\\npulled his fix and tested that\nit works, but it also needed
some\\nmodification borrowed from QueryBar\ncomponent, namely to update
the\\nfilters before displaying the\nFilterItems component.\\n\\nNote:
This PR only covers the Rule Creation /\nRules Details page. Two\\nnew
tickets have been created to cover issues\nfound in other
places:\\n#203600 and #203615\\n\\n#
BEFORE\\n<img\nwidth=\\\"899\\\"\nalt=\\\"image\\\"\\nsrc=\\\"https://github.com/user-attachments/assets/62b300b4-bc70-481f-8042-dc9d7c4b3ff0\\\">\\n\\n#\nAFTER\\n<img
width=\\\"901\\\"\nalt=\\\"image\\\"\\nsrc=\\\"https://github.com/user-attachments/assets/6c2915f8-e2e1-477d-bf6c-4ededf1a6907\\\">\\n\\n\\n###\nChecklist\\n\\nCheck
the PR satisfies following conditions. \\n\\nReviewers\nshould verify
this PR satisfies this list as well.\\n\\n- [ ] [Unit
or\nfunctional\\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\\nwere\nupdated
or added to match the most common scenarios\\n- [ ]
[Flaky\nTest\\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)\nwas\\nused
on any tests changed\\n\\n---------\\n\\nCo-authored-by:
Nikita\nIndik\n<nikita.indik@elastic.co>\",\"sha\":\"2e3a74829d953e3a968c75e0edaed21dce332c03\"}},\"sourceBranch\":\"main\",\"suggestedTargetBranches\":[\"8.x\",\"8.16\",\"8.17\"],\"targetPullRequestStates\":[{\"branch\":\"main\",\"label\":\"v9.0.0\",\"branchLabelMappingKey\":\"^v9.0.0$\",\"isSourceBranch\":true,\"state\":\"MERGED\",\"url\":\"https://github.com/elastic/kibana/pull/201776\",\"number\":201776,\"mergeCommit\":{\"message\":\"[Security\nSolution]
Remove warning for rule filter
(#201776)\\n\\n**Resolves:\n#178908**\\n\\n## Summary\\n\\nThis PR fixes
a warning displayed for the\nrule when certain filter is\\npresent.\\nI
followed the suggestion from\n@nikitaindik in the original ticket
and\\npulled his fix and tested that\nit works, but it also needed
some\\nmodification borrowed from QueryBar\ncomponent, namely to update
the\\nfilters before displaying the\nFilterItems component.\\n\\nNote:
This PR only covers the Rule Creation /\nRules Details page. Two\\nnew
tickets have been created to cover issues\nfound in other
places:\\n#203600 and #203615\\n\\n#
BEFORE\\n<img\nwidth=\\\"899\\\"\nalt=\\\"image\\\"\\nsrc=\\\"https://github.com/user-attachments/assets/62b300b4-bc70-481f-8042-dc9d7c4b3ff0\\\">\\n\\n#\nAFTER\\n<img
width=\\\"901\\\"\nalt=\\\"image\\\"\\nsrc=\\\"https://github.com/user-attachments/assets/6c2915f8-e2e1-477d-bf6c-4ededf1a6907\\\">\\n\\n\\n###\nChecklist\\n\\nCheck
the PR satisfies following conditions. \\n\\nReviewers\nshould verify
this PR satisfies this list as well.\\n\\n- [ ] [Unit
or\nfunctional\\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\\nwere\nupdated
or added to match the most common scenarios\\n- [ ]
[Flaky\nTest\\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)\nwas\\nused
on any tests changed\\n\\n---------\\n\\nCo-authored-by:
Nikita\nIndik\n<nikita.indik@elastic.co>\",\"sha\":\"2e3a74829d953e3a968c75e0edaed21dce332c03\"}},{\"branch\":\"8.x\",\"label\":\"v8.18.0\",\"branchLabelMappingKey\":\"^v8.18.0$\",\"isSourceBranch\":false,\"state\":\"NOT_CREATED\"},{\"branch\":\"8.16\",\"label\":\"v8.16.3\",\"branchLabelMappingKey\":\"^v(\\\\d+).(\\\\d+).\\\\d+$\",\"isSourceBranch\":false,\"state\":\"NOT_CREATED\"},{\"branch\":\"8.17\",\"label\":\"v8.17.1\",\"branchLabelMappingKey\":\"^v(\\\\d+).(\\\\d+).\\\\d+$\",\"isSourceBranch\":false,\"state\":\"NOT_CREATED\"}]}]\nBACKPORT-->\n\nCo-authored-by:
Jacek Kolezynski
<jacek.kolezynski@elastic.co>"}},{"branch":"8.16","label":"v8.16.3","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.17","label":"v8.17.1","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/204718","number":204718,"state":"OPEN"}]}]
BACKPORT-->

x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/rule_definition_section.tsx

@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import React from 'react';
+import React, { useMemo } from 'react';
 import { isEmpty } from 'lodash/fp';
 import {
   EuiDescriptionList,
@@ -23,8 +23,8 @@ import type {
 import type { Filter } from '@kbn/es-query';
 import type { SavedQuery } from '@kbn/data-plugin/public';
 import { mapAndFlattenFilters } from '@kbn/data-plugin/public';
-import type { DataView } from '@kbn/data-views-plugin/public';
 import { FilterItems } from '@kbn/unified-search-plugin/public';
+import { isDataView } from '../../../../common/components/query_bar';
 import type {
   AlertSuppressionMissingFieldsStrategy,
   RequiredFieldArray,
@@ -39,8 +39,6 @@ import { AlertSuppressionLabel } from '../../../rule_creation_ui/components/desc
 import { useGetSavedQuery } from '../../../../detections/pages/detection_engine/rules/use_get_saved_query';
 import * as threatMatchI18n from '../../../../common/components/threat_match/translations';
 import * as timelinesI18n from '../../../../timelines/components/timeline/translations';
-import { useRuleIndexPattern } from '../../../rule_creation_ui/pages/form';
-import { DataSourceType } from '../../../../detections/pages/detection_engine/rules/types';
 import type { Duration } from '../../../../detections/pages/detection_engine/rules/types';
 import { convertHistoryStartToSize } from '../../../../detections/pages/detection_engine/rules/helpers';
 import { MlJobsDescription } from '../../../rule_creation/components/ml_jobs_description/ml_jobs_description';
@@ -59,6 +57,7 @@ import {
 } from './rule_definition_section.styles';
 import { getQueryLanguageLabel } from './helpers';
 import { useDefaultIndexPattern } from './use_default_index_pattern';
+import { useDataView } from './three_way_diff/final_edit/fields/hooks/use_data_view';
 
 interface SavedQueryNameProps {
   savedQueryName: string;
@@ -83,16 +82,34 @@ export const Filters = ({
   index,
   'data-test-subj': dataTestSubj,
 }: FiltersProps) => {
-  const flattenedFilters = mapAndFlattenFilters(filters);
-
   const defaultIndexPattern = useDefaultIndexPattern();
+  const useDataViewParams = dataViewId
+    ? { dataViewId }
+    : { indexPatterns: index ?? defaultIndexPattern };
+  const { dataView } = useDataView(useDataViewParams);
+  const isEsql = filters.some((filter) => filter?.query?.language === 'esql');
+  const searchBarFilters = useMemo(() => {
+    if (!index || isDataView(index) || isEsql) {
+      return filters;
+    }
+    const filtersWithUpdatedMetaIndex = filters.map((filter) => {
+      return {
+        ...filter,
+        meta: {
+          ...filter.meta,
+          index: index.join(','),
+        },
+      };
+    });
 
-  const { indexPattern } = useRuleIndexPattern({
-    dataSourceType: dataViewId ? DataSourceType.DataView : DataSourceType.IndexPatterns,
-    index: index ?? defaultIndexPattern,
-    dataViewId,
-  });
+    return filtersWithUpdatedMetaIndex;
+  }, [filters, index, isEsql]);
 
+  if (!dataView) {
+    return null;
+  }
+
+  const flattenedFilters = mapAndFlattenFilters(searchBarFilters);
   const styles = filtersStyles;
 
   return (
@@ -103,7 +120,7 @@ export const Filters = ({
       responsive={false}
       gutterSize="xs"
     >
-      <FilterItems filters={flattenedFilters} indexPatterns={[indexPattern as DataView]} readOnly />
+      <FilterItems filters={flattenedFilters} indexPatterns={[dataView]} readOnly />
     </EuiFlexGroup>
   );
 };

x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/hooks/use_data_view.ts

@@ -0,0 +1,60 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { useEffect, useState } from 'react';
+import type { DataView } from '@kbn/data-views-plugin/common';
+import { useKibana } from '../../../../../../../../common/lib/kibana';
+
+export type UseDataViewParams =
+  | { indexPatterns: string[]; dataViewId?: never }
+  | { indexPatterns?: never; dataViewId: string };
+
+interface UseDataViewResult {
+  dataView: DataView | undefined;
+  isLoading: boolean;
+}
+
+export function useDataView(indexPatternsOrDataViewId: UseDataViewParams): UseDataViewResult {
+  const {
+    data: { dataViews: dataViewsService },
+  } = useKibana().services;
+  const [dataView, setDataView] = useState<DataView | undefined>();
+  const [isLoading, setIsLoading] = useState(false);
+
+  useEffect(() => {
+    setIsLoading(true);
+
+    (async () => {
+      try {
+        if (indexPatternsOrDataViewId.indexPatterns) {
+          const indexPatternsDataView = await dataViewsService.create({
+            title: indexPatternsOrDataViewId.indexPatterns.join(','),
+            id: indexPatternsOrDataViewId.indexPatterns.join(','),
+            allowNoIndex: true,
+          });
+
+          setDataView(indexPatternsDataView);
+          return;
+        }
+
+        if (indexPatternsOrDataViewId.dataViewId) {
+          const ruleDataView = await dataViewsService.get(indexPatternsOrDataViewId.dataViewId);
+
+          setDataView(ruleDataView);
+        }
+      } finally {
+        setIsLoading(false);
+      }
+    })();
+  }, [
+    dataViewsService,
+    indexPatternsOrDataViewId.indexPatterns,
+    indexPatternsOrDataViewId.dataViewId,
+  ]);
+
+  return { dataView, isLoading };
+}