Pull source data index from kibana.alert.rule.indices to work with data views or index patterns (#137241)

2025-04-23 17:28:26 -04:00 · 2022-07-26 16:51:22 -07:00 · 2022-07-26 16:51:22 -07:00 · 98384afd36
commit 98384afd36
parent b1c7efff8a
1 changed files with 3 additions and 2 deletions
--- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.tsx
+++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.tsx
@ -36,6 +36,7 @@ import {
  ALERT_RULE_TIMELINE_ID,
  ALERT_THRESHOLD_RESULT,
  ALERT_NEW_TERMS,
+  ALERT_RULE_INDICES,
 } from '../../../../common/field_maps/field_names';
 import type { TimelineResult } from '../../../../common/types/timeline';
 import { TimelineId, TimelineStatus, TimelineType } from '../../../../common/types/timeline';
@ -444,7 +445,7 @@ const createThresholdTimeline = async (
    });
    const language = params.language ?? alertDoc.signal?.rule?.language ?? 'kuery';
    const query = params.query ?? alertDoc.signal?.rule?.query ?? '';
-    const indexNames = params.index ?? alertDoc.signal?.rule?.index ?? [];
+    const indexNames = getField(alertDoc, ALERT_RULE_INDICES) ?? alertDoc.signal?.rule?.index ?? [];

    const { thresholdFrom, thresholdTo, dataProviders } = getThresholdAggregationData(alertDoc);
    const exceptions = await getExceptions(ecsData);
@ -594,7 +595,7 @@ const createNewTermsTimeline = async (
    });
    const language = params.language ?? alertDoc.signal?.rule?.language ?? 'kuery';
    const query = params.query ?? alertDoc.signal?.rule?.query ?? '';
-    const indexNames = params.index ?? alertDoc.signal?.rule?.index ?? [];
+    const indexNames = getField(alertDoc, ALERT_RULE_INDICES) ?? alertDoc.signal?.rule?.index ?? [];

    const { from, to, dataProviders } = getNewTermsData(alertDoc);
    const exceptions = await getExceptions(ecsData);