[8.16] [Entity Store] Bugfix: Double nested arrays (#197589) (#197682)

# Backport

This will backport the following commits from `main` to `8.16`:
- [[Entity Store] Bugfix: Double nested arrays
(#197589)](https://github.com/elastic/kibana/pull/197589)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Mark
Hopkin","email":"mark.hopkin@elastic.co"},"sourceCommit":{"committedDate":"2024-10-24T16:05:09Z","message":"[Entity
Store] Bugfix: Double nested arrays (#197589)\n\n##
Summary\r\n\r\nEntities were appearing in the entity store with double
nested arrays\r\nlike below.\r\n\r\nThe issue was that the arrays
changed from `List` to `Set` type and the\r\ncode only checked for
lists. Using `Collection` has fixed this.\r\n\r\n```\r\n \"_index\":
\".entities.v1.latest.security_host_default\",\r\n \"_id\":
\"c03w7AZsMkm_obWF2HZEirgAAAAAAAAA\",\r\n \"_score\": 1,\r\n
\"_source\": {\r\n \"host\": {\r\n \"hostname\": [\r\n [\r\n
\"small-host-1.example.small.com\"\r\n ]\r\n ],\r\n \"domain\": [\r\n
[\r\n \"example.small.com\"\r\n ]\r\n ],\r\n \"ip\": [\r\n [\r\n
\"192.168.1.1\",\r\n \"192.168.1.0\",\r\n \"192.168.1.3\",\r\n
\"192.168.1.2\",\r\n \"192.168.1.9\",\r\n \"192.168.1.8\",\r\n
\"192.168.1.5\",\r\n \"192.168.1.4\",\r\n \"192.168.1.7\",\r\n
\"192.168.1.6\"\r\n ]\r\n ],\r\n
```\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"855456b3bf26204c9a32008a1bc538d9c63b5190","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:skip","v9.0.0","Team:
SecuritySolution","Team:Entity
Analytics","v8.16.0","backport:version","v8.17.0"],"title":"[Entity
Store] Bugfix: Double nested
arrays","number":197589,"url":"https://github.com/elastic/kibana/pull/197589","mergeCommit":{"message":"[Entity
Store] Bugfix: Double nested arrays (#197589)\n\n##
Summary\r\n\r\nEntities were appearing in the entity store with double
nested arrays\r\nlike below.\r\n\r\nThe issue was that the arrays
changed from `List` to `Set` type and the\r\ncode only checked for
lists. Using `Collection` has fixed this.\r\n\r\n```\r\n \"_index\":
\".entities.v1.latest.security_host_default\",\r\n \"_id\":
\"c03w7AZsMkm_obWF2HZEirgAAAAAAAAA\",\r\n \"_score\": 1,\r\n
\"_source\": {\r\n \"host\": {\r\n \"hostname\": [\r\n [\r\n
\"small-host-1.example.small.com\"\r\n ]\r\n ],\r\n \"domain\": [\r\n
[\r\n \"example.small.com\"\r\n ]\r\n ],\r\n \"ip\": [\r\n [\r\n
\"192.168.1.1\",\r\n \"192.168.1.0\",\r\n \"192.168.1.3\",\r\n
\"192.168.1.2\",\r\n \"192.168.1.9\",\r\n \"192.168.1.8\",\r\n
\"192.168.1.5\",\r\n \"192.168.1.4\",\r\n \"192.168.1.7\",\r\n
\"192.168.1.6\"\r\n ]\r\n ],\r\n
```\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"855456b3bf26204c9a32008a1bc538d9c63b5190"}},"sourceBranch":"main","suggestedTargetBranches":["8.16","8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/197589","number":197589,"mergeCommit":{"message":"[Entity
Store] Bugfix: Double nested arrays (#197589)\n\n##
Summary\r\n\r\nEntities were appearing in the entity store with double
nested arrays\r\nlike below.\r\n\r\nThe issue was that the arrays
changed from `List` to `Set` type and the\r\ncode only checked for
lists. Using `Collection` has fixed this.\r\n\r\n```\r\n \"_index\":
\".entities.v1.latest.security_host_default\",\r\n \"_id\":
\"c03w7AZsMkm_obWF2HZEirgAAAAAAAAA\",\r\n \"_score\": 1,\r\n
\"_source\": {\r\n \"host\": {\r\n \"hostname\": [\r\n [\r\n
\"small-host-1.example.small.com\"\r\n ]\r\n ],\r\n \"domain\": [\r\n
[\r\n \"example.small.com\"\r\n ]\r\n ],\r\n \"ip\": [\r\n [\r\n
\"192.168.1.1\",\r\n \"192.168.1.0\",\r\n \"192.168.1.3\",\r\n
\"192.168.1.2\",\r\n \"192.168.1.9\",\r\n \"192.168.1.8\",\r\n
\"192.168.1.5\",\r\n \"192.168.1.4\",\r\n \"192.168.1.7\",\r\n
\"192.168.1.6\"\r\n ]\r\n ],\r\n
```\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"855456b3bf26204c9a32008a1bc538d9c63b5190"}},{"branch":"8.16","label":"v8.16.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.x","label":"v8.17.0","branchLabelMappingKey":"^v8.17.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Mark Hopkin <mark.hopkin@elastic.co>

x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/entity_store_data_client.ts

@@ -153,7 +153,7 @@ export class EntityStoreDataClient {
       filter,
       pipelineDebugMode
     ).catch((error) => {
-      logger.error('There was an error during async setup of the Entity Store', error);
+      logger.error(`There was an error during async setup of the Entity Store: ${error}`);
     });
 
     return descriptor;

x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/field_retention_definition/collect_values.ts

@@ -30,7 +30,7 @@ export const collectValuesProcessor: FieldRetentionOperatorBuilder<CollectValues
   Set uniqueVals = new HashSet();
   
   if (!(${isFieldMissingOrEmpty(ctxField)})) {
-    if(${ctxField} instanceof List) {
+    if(${ctxField} instanceof Collection) {
       uniqueVals.addAll(${ctxField});
     } else {
       uniqueVals.add(${ctxField});