github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-23 01:13:23 -04:00
Code Issues Projects Releases Packages Wiki Activity

[Security Solution] Add retrieve results to timeline search strategy (#189031)

Browse source 
## Summary

This fixes missing `hits.hits` array and related errors.
This commit is contained in:
Luke G 2024-07-24 19:54:52 +02:00 committed by GitHub
parent 556f7c9f38
commit f0c4cc367c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 7 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
x-pack/plugins/timelines/server/search_strategy/timeline/factory/events/all/index.ts
View file

@ -8,6 +8,7 @@
import { cloneDeep, getOr } from 'lodash/fp';
import type { IEsSearchResponse } from '@kbn/search-types';
import { buildAlertFieldsRequest as buildFieldsRequest } from '@kbn/alerts-as-data-utils';
import { SearchHit } from '@elastic/elasticsearch/lib/api/types';
import { TimelineEventsQueries } from '../../../../../../common/api/search_strategy';
import { DEFAULT_MAX_TABLE_QUERY_SIZE } from '../../../../../../common/constants';
import {
@ -46,7 +47,7 @@ export const timelineEventsAll: TimelineFactory<TimelineEventsQueries.all> = {
} = options;
const producerBuckets = getOr([], 'aggregations.producers.buckets', response.rawResponse);
const totalCount = response.rawResponse.hits.total || 0;
const hits = response.rawResponse.hits.hits;
const hits: SearchHit[] = getOr([], 'rawResponse.hits.hits', response);
if (fieldRequested.includes('*') && hits.length > 0) {
const fieldsReturned = hits.flatMap((hit) => Object.keys(hit.fields ?? {}));

5
x-pack/plugins/timelines/server/search_strategy/timeline/index.ts
View file

@ -83,6 +83,9 @@ const timelineSearchStrategy = <T extends TimelineFactoryQueryTypes>({
queryFactory: TimelineFactory<T>;
logger: Logger;
}) => {
// NOTE: without this parameter, .hits.hits can be empty
options.retrieveResults = true;
const dsl = queryFactory.buildDsl(request);
return es.search({ ...request, params: dsl }, options, deps).pipe(
map((response) => {
@ -108,6 +111,8 @@ const timelineSessionsSearchStrategy = <T extends TimelineFactoryQueryTypes>({
deps: SearchStrategyDependencies;
queryFactory: TimelineFactory<T>;
}) => {
// NOTE: without this parameter, .hits.hits can be empty
options.retrieveResults = true;
const indices = request.defaultIndex ?? request.indexType;
const requestSessionLeaders = {