github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 01:38:56 -04:00
Code Issues Projects Releases Packages Wiki Activity

[8.6] [Security Solution][Alerts] Don't use maxSignals for topHits agg size (#146564) (#146712)

Browse source 
# Backport

This will backport the following commits from `main` to `8.6`:
- [[Security Solution][Alerts] Don't use maxSignals for topHits agg size
(#146564)](https://github.com/elastic/kibana/pull/146564)

<!--- Backport version: 8.9.7 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Marshall
Main","email":"55718608+marshallmain@users.noreply.github.com"},"sourceCommit":{"committedDate":"2022-11-30T15:50:16Z","message":"[Security
Solution][Alerts] Don't use maxSignals for topHits agg size
(#146564)\n\n## Summary\r\n\r\nAddresses
https://github.com/elastic/kibana/issues/146494\r\n\r\nWe only need the
first document from the bucket to create the alert, not\r\n`maxSignals`
documents. If `maxSignals` was greater than 100, this\r\ncaused an error
in the
search.","sha":"d659ee6f2eb04e81b240db137996aa2a4c4378b1","branchLabelMapping":{"^v8.7.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:
SecuritySolution","Team:Detection
Alerts","v8.6.0","v8.7.0"],"number":146564,"url":"https://github.com/elastic/kibana/pull/146564","mergeCommit":{"message":"[Security
Solution][Alerts] Don't use maxSignals for topHits agg size
(#146564)\n\n## Summary\r\n\r\nAddresses
https://github.com/elastic/kibana/issues/146494\r\n\r\nWe only need the
first document from the bucket to create the alert, not\r\n`maxSignals`
documents. If `maxSignals` was greater than 100, this\r\ncaused an error
in the
search.","sha":"d659ee6f2eb04e81b240db137996aa2a4c4378b1"}},"sourceBranch":"main","suggestedTargetBranches":["8.6"],"targetPullRequestStates":[{"branch":"8.6","label":"v8.6.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.7.0","labelRegex":"^v8.7.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/146564","number":146564,"mergeCommit":{"message":"[Security
Solution][Alerts] Don't use maxSignals for topHits agg size
(#146564)\n\n## Summary\r\n\r\nAddresses
https://github.com/elastic/kibana/issues/146494\r\n\r\nWe only need the
first document from the bucket to create the alert, not\r\n`maxSignals`
documents. If `maxSignals` was greater than 100, this\r\ncaused an error
in the search.","sha":"d659ee6f2eb04e81b240db137996aa2a4c4378b1"}}]}]
BACKPORT-->

Co-authored-by: Marshall Main <55718608+marshallmain@users.noreply.github.com>
This commit is contained in:
Kibana Machine 2022-11-30 14:38:01 -05:00 committed by GitHub
parent 582fed3615
commit 7747da8246
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
x-pack/plugins/security_solution/server/lib/detection_engine/signals/alert_suppression/__snapshots__/build_group_by_field_aggregation.test.ts.snap generated
View file

@ -16,7 +16,7 @@ Object {
},
"topHits": Object {
"top_hits": Object {
"size": 100,
"size": 1,
"sort": Array [
Object {
"kibana.combined_timestamp": Object {

2
x-pack/plugins/security_solution/server/lib/detection_engine/signals/alert_suppression/build_group_by_field_aggregation.ts
View file

@ -31,7 +31,7 @@ export const buildGroupByFieldAggregation = ({
aggs: {
topHits: {
top_hits: {
size: maxSignals,
size: 1,
sort: [
{
[aggregatableTimestampField]: {