[Osquery] Fix live query search doesn't return relevant results for agents (#116332)

2025-04-24 01:38:56 -04:00 · 2021-10-27 02:04:26 +02:00 · 2021-10-27 02:04:26 +02:00 · 82caede4fa
commit 82caede4fa
parent 5666bd79fd
3 changed files with 15 additions and 7 deletions
--- a/x-pack/plugins/osquery/public/agents/use_all_agents.ts
+++ b/x-pack/plugins/osquery/public/agents/use_all_agents.ts
@ -35,7 +35,7 @@ export const useAllAgents = (
  return useQuery<GetAgentsResponse>(
    ['agents', osqueryPolicies, searchValue, perPage],
    () => {
-      let kuery = `${osqueryPolicies.map((p) => `policy_id:${p}`).join(' or ')}`;
+      let kuery = `(${osqueryPolicies.map((p) => `policy_id:${p}`).join(' or ')})`;

      if (searchValue) {
        kuery += ` and (local_metadata.host.hostname:*${searchValue}* or local_metadata.elastic.agent.id:*${searchValue}*)`;
@ -54,10 +54,13 @@ export const useAllAgents = (
      enabled: !osqueryPoliciesLoading && osqueryPolicies.length > 0,
      onSuccess: () => setErrorToast(),
      onError: (error) =>
-        setErrorToast(error as Error, {
+        // @ts-expect-error update types
+        setErrorToast(error?.body, {
          title: i18n.translate('xpack.osquery.agents.fetchError', {
            defaultMessage: 'Error while fetching agents',
          }),
+          // @ts-expect-error update types
+          toastMessage: error?.body?.error,
        }),
    }
  );
--- a/x-pack/plugins/osquery/public/packs/queries/ecs_mapping_editor_field.tsx
+++ b/x-pack/plugins/osquery/public/packs/queries/ecs_mapping_editor_field.tsx
@ -764,7 +764,7 @@ export const ECSMappingEditorField = ({
              LIMIT 5;
            */

-            if (selectItem.type === 'FunctionCall' && selectItem.hasAs) {
+            if (selectItem.hasAs && selectItem.alias) {
              return [
                {
                  label: selectItem.alias,
--- a/x-pack/plugins/osquery/server/routes/fleet_wrapper/get_agents.ts
+++ b/x-pack/plugins/osquery/server/routes/fleet_wrapper/get_agents.ts
@ -22,10 +22,15 @@ export const getAgentsRoute = (router: IRouter, osqueryContext: OsqueryAppContex
    async (context, request, response) => {
      const esClient = context.core.elasticsearch.client.asInternalUser;

-      const agents = await osqueryContext.service
-        .getAgentService()
-        // @ts-expect-error update types
-        ?.listAgents(esClient, request.query);
+      let agents;
+      try {
+        agents = await osqueryContext.service
+          .getAgentService()
+          // @ts-expect-error update types
+          ?.listAgents(esClient, request.query);
+      } catch (error) {
+        return response.badRequest({ body: error });
+      }

      return response.ok({ body: agents });
    }