re-arrange query order (#39858) (#39929)

2025-04-24 17:59:23 -04:00 · 2019-06-29 04:14:11 +08:00 · 2019-06-29 04:14:11 +08:00 · 860be24124
commit 860be24124
parent 2e86a4f963
2 changed files with 20 additions and 20 deletions
--- a/x-pack/legacy/plugins/siem/server/lib/kpi_hosts/elasticsearch_adapter.ts
+++ b/x-pack/legacy/plugins/siem/server/lib/kpi_hosts/elasticsearch_adapter.ts
@ -60,12 +60,12 @@ export class ElasticsearchKpiHostsAdapter implements KpiHostsAdapter {
      KpiHostsHostsHit | KpiHostsUniqueIpsHit | KpiHostsAuthHit,
      TermAggregation
    >(request, 'msearch', {
-      body: [...uniqueIpsQuery, ...authQuery, ...hostsQuery],
+      body: [...hostsQuery, ...authQuery, ...uniqueIpsQuery],
    });

    const hostsHistogram = getOr(
      null,
-      'responses.2.aggregations.hosts_histogram.buckets',
+      'responses.0.aggregations.hosts_histogram.buckets',
      response
    );
    const authSuccessHistogram = getOr(
@ -80,16 +80,16 @@ export class ElasticsearchKpiHostsAdapter implements KpiHostsAdapter {
    );
    const uniqueSourceIpsHistogram = getOr(
      null,
-      'responses.0.aggregations.unique_source_ips_histogram.buckets',
+      'responses.2.aggregations.unique_source_ips_histogram.buckets',
      response
    );
    const uniqueDestinationIpsHistogram = getOr(
      null,
-      'responses.0.aggregations.unique_destination_ips_histogram.buckets',
+      'responses.2.aggregations.unique_destination_ips_histogram.buckets',
      response
    );
    return {
-      hosts: getOr(null, 'responses.2.aggregations.hosts.value', response),
+      hosts: getOr(null, 'responses.0.aggregations.hosts.value', response),
      hostsHistogram: formatGeneralHistogramData(hostsHistogram),
      authSuccess: getOr(
        null,
@ -103,11 +103,11 @@ export class ElasticsearchKpiHostsAdapter implements KpiHostsAdapter {
        response
      ),
      authFailureHistogram: formatAuthHistogramData(authFailureHistogram),
-      uniqueSourceIps: getOr(null, 'responses.0.aggregations.unique_source_ips.value', response),
+      uniqueSourceIps: getOr(null, 'responses.2.aggregations.unique_source_ips.value', response),
      uniqueSourceIpsHistogram: formatGeneralHistogramData(uniqueSourceIpsHistogram),
      uniqueDestinationIps: getOr(
        null,
-        'responses.0.aggregations.unique_destination_ips.value',
+        'responses.2.aggregations.unique_destination_ips.value',
        response
      ),
      uniqueDestinationIpsHistogram: formatGeneralHistogramData(uniqueDestinationIpsHistogram),
@ -124,47 +124,47 @@ export class ElasticsearchKpiHostsAdapter implements KpiHostsAdapter {
      KpiHostsUniqueIpsHit | KpiHostsAuthHit,
      TermAggregation
    >(request, 'msearch', {
-      body: [...uniqueIpsQuery, ...authQuery],
+      body: [...authQuery, ...uniqueIpsQuery],
    });

    const authSuccessHistogram = getOr(
      null,
-      'responses.1.aggregations.authentication_success_histogram.buckets',
+      'responses.0.aggregations.authentication_success_histogram.buckets',
      response
    );
    const authFailureHistogram = getOr(
      null,
-      'responses.1.aggregations.authentication_failure_histogram.buckets',
+      'responses.0.aggregations.authentication_failure_histogram.buckets',
      response
    );
    const uniqueSourceIpsHistogram = getOr(
      null,
-      'responses.0.aggregations.unique_source_ips_histogram.buckets',
+      'responses.1.aggregations.unique_source_ips_histogram.buckets',
      response
    );
    const uniqueDestinationIpsHistogram = getOr(
      null,
-      'responses.0.aggregations.unique_destination_ips_histogram.buckets',
+      'responses.1.aggregations.unique_destination_ips_histogram.buckets',
      response
    );
    return {
      authSuccess: getOr(
        null,
-        'responses.1.aggregations.authentication_success.doc_count',
+        'responses.0.aggregations.authentication_success.doc_count',
        response
      ),
      authSuccessHistogram: formatAuthHistogramData(authSuccessHistogram),
      authFailure: getOr(
        null,
-        'responses.1.aggregations.authentication_failure.doc_count',
+        'responses.0.aggregations.authentication_failure.doc_count',
        response
      ),
      authFailureHistogram: formatAuthHistogramData(authFailureHistogram),
-      uniqueSourceIps: getOr(null, 'responses.0.aggregations.unique_source_ips.value', response),
+      uniqueSourceIps: getOr(null, 'responses.1.aggregations.unique_source_ips.value', response),
      uniqueSourceIpsHistogram: formatGeneralHistogramData(uniqueSourceIpsHistogram),
      uniqueDestinationIps: getOr(
        null,
-        'responses.0.aggregations.unique_destination_ips.value',
+        'responses.1.aggregations.unique_destination_ips.value',
        response
      ),
      uniqueDestinationIpsHistogram: formatGeneralHistogramData(uniqueDestinationIpsHistogram),
--- a/x-pack/legacy/plugins/siem/server/lib/kpi_hosts/mock.ts
+++ b/x-pack/legacy/plugins/siem/server/lib/kpi_hosts/mock.ts
@ -287,7 +287,7 @@ const mockHostsReponse = {

 export const mockKpiHostsResponse = {
  took: 4405,
-  responses: [mockUniqueIpsResponse, mockAuthResponse, mockHostsReponse],
+  responses: [mockHostsReponse, mockAuthResponse, mockUniqueIpsResponse],
 };

 export const mockKpiHostsResult = {
@ -370,7 +370,7 @@ export const mockKpiHostsResult = {

 export const mockKpiHostDetailsResponse = {
  took: 4405,
-  responses: [mockUniqueIpsResponse, mockAuthResponse],
+  responses: [mockAuthResponse, mockUniqueIpsResponse],
 };

 export const mockKpiHostDetailsResult = {
@ -554,9 +554,9 @@ export const mockKpiHostDetailsAuthQuery = [
 ];

 export const mockKpiHostsMsearchOptions = {
-  body: [...mockKpiHostsUniqueIpsQuery, ...mockKpiHostsAuthQuery, ...mockHostsQuery],
+  body: [...mockHostsQuery, ...mockKpiHostsAuthQuery, ...mockKpiHostsUniqueIpsQuery],
 };

 export const mockKpiHostDetailsMsearchOptions = {
-  body: [...mockKpiHostDetailsUniqueIpsQuery, ...mockKpiHostDetailsAuthQuery],
+  body: [...mockKpiHostDetailsAuthQuery, ...mockKpiHostDetailsUniqueIpsQuery],
 };