github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-23 17:28:26 -04:00
Code Issues Projects Releases Packages Wiki Activity

[Security Solution][Detection Engine] fixes showing all the fields for all indices when trying to edit filters in a rule (#194678)

Browse source 
## Summary

 - addresses https://github.com/elastic/kibana/issues/179468
 - fixes issue when rule configured with Data view
 
**Steps to reproduce:**

1. Create a minimal new index and corresponding data view
    ```JSON
    PUT fields_index
    PUT fields_index/_mapping
    {
      "properties": {
        "@timestamp": {
          "type": "date"
        },
        "field-1": {
          "type": "keyword"
        },
        "field-2": {
          "type": "keyword"
        },
        "field-3": {
          "type": "keyword"
        }
      }
    }
    
    POST fields_index/_doc
    {
     "@timestamp": "2024-10-01T09:26:30.425Z",
     "field-1": "test-0"
    }
    ```
2. Create a security rule with that data view
3. Edit the rule and try to add a filter
4. Fields for all indices show up instead of the fields from the rule
index
5. Switching to indices and back to data view on rule form fixes issue

<details>
<summary>video with the bug</summary>



https://github.com/user-attachments/assets/fc83356d-d727-4662-856e-a4f0b386b71f


</details>

### Additional benefit of fixing the issue.

Previously, there would be 2 additional field_caps requests, querying
ALL indices in ES, when rule edit page loads and rule configured with
data view.

```
http://localhost:5601/kbn/internal/data_views/fields?pattern=&meta_fields=_source&meta_fields=_id&meta_fields=_index&meta_fields=_score&meta_fields=_ignored&allow_no_index=true&apiVersion=1
```
Notice, there is `pattern=` query value, which results in querying all
existing indices
Now, these requests eliminated.


#### Before
<img width="2551" alt="Screenshot 2024-10-02 at 18 21 04"
src="https://github.com/user-attachments/assets/aa2b6acb-897d-488f-9ddd-409379c6b54a">


#### After

<img width="2557" alt="Screenshot 2024-10-02 at 18 22 41"
src="https://github.com/user-attachments/assets/baeeecda-bf16-4d37-ae07-3cdc136d18b4">
This commit is contained in:
Vitalii Dmyterko 2024-10-09 15:56:42 +01:00 committed by GitHub
parent 4b695fd40e
commit 5a71d8445d
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
x-pack/plugins/security_solution/public/common/components/query_bar/index.tsx
View file

@ -5,7 +5,7 @@
* 2.0.
*/
import { cloneDeep } from 'lodash';
import { cloneDeep, isEmpty } from 'lodash';
import React, { memo, useMemo, useCallback, useState, useEffect } from 'react';
import deepEqual from 'fast-deep-equal';
@ -125,7 +125,7 @@ export const QueryBar = memo<QueryBarComponentProps>(
let dv: DataView;
if (isDataView(indexPattern)) {
setDataView(indexPattern);
} else if (!isEsql) {
} else if (!isEsql && !isEmpty(indexPattern.title)) {
const createDataView = async () => {
dv = await data.dataViews.create({ id: indexPattern.title, title: indexPattern.title });
setDataView(dv);