Address intermittent test failure (#89367)

After observing the conditions when this test fails, it appears that some (but not all) signals are available. As these signals are generated by a rule via a bulk create, the odds of us retrieving signals in the middle of that bulk creation is very slim (but not impossible). The crux of the error here was: we wait for signals to be generated, but not the ones that we need. Specifically, we are waiting for a single signal to be available, but since we are asserting on sequences of signals, we need several to be available to us. While not perfect (because the signals we receive are not technically guaranteed to be sequence signals), increasing the number of signals that we wait for before proceeding should be sufficient to prevent this failure state. In debugging, it was observed that every test returning 9-10 signals succeeded, while it was possible for the test to return only one signal and fail.
2025-04-24 09:48:58 -04:00 · 2021-01-27 13:08:53 -06:00 · 2021-01-27 13:08:53 -06:00 · 740155e214
commit 740155e214
parent 3c604438b8
1 changed files with 1 additions and 1 deletions
--- a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/generating_signals.ts
+++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/generating_signals.ts
@ -265,7 +265,7 @@ export default ({ getService }: FtrProviderContext) => {
          };
          const { id } = await createRule(supertest, rule);
          await waitForRuleSuccessOrStatus(supertest, id);
-          await waitForSignalsToBePresent(supertest, 1, [id]);
+          await waitForSignalsToBePresent(supertest, 10, [id]);
          const signalsOpen = await getSignalsByRuleIds(supertest, ['eql-rule']);
          const sequenceSignal = signalsOpen.hits.hits.find(
            (signal) => signal._source.signal.depth === 2