Fix timeline query for threshold rules (#88217)

2025-04-24 01:38:56 -04:00 · 2021-01-13 15:29:14 -05:00 · 2021-01-13 15:29:14 -05:00 · 66129efc15
commit 66129efc15
parent 5ed91585a8
1 changed files with 2 additions and 17 deletions
--- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.tsx
+++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.tsx
@ -272,24 +272,9 @@ export const sendAlertToTimelineAction = async ({
      notes: null,
      timeline: {
        ...timelineDefaults,
-        kqlMode: 'search',
+        description: `_id: ${ecsData._id}`,
        filters: getFiltersFromRule(ecsData.signal?.rule?.filters as string[]),
-        dataProviders: [
-          {
-            and: [],
-            id: `send-alert-to-timeline-action-default-draggable-event-details-value-formatted-field-value-${TimelineId.active}-alert-id-${ecsData._id}`,
-            name: ecsData._id,
-            enabled: true,
-            excluded: false,
-            kqlQuery: '',
-            queryMatch: {
-              field: '_id',
-              value: ecsData._id,
-              operator: ':',
-            },
-          },
-          ...getThresholdAggregationDataProvider(ecsData, nonEcsData),
-        ],
+        dataProviders: [...getThresholdAggregationDataProvider(ecsData, nonEcsData)],
        id: TimelineId.active,
        indexNames: [],
        dateRange: {