Skip to content

[FR][DAC] Update Handling Data Views from Kibana #3697

New issue
New issue
Closed
#3857
Closed
[FR][DAC] Update Handling Data Views from Kibana#3697
#3857
Assignees
eric-forte-elastic
Labels
Team: TRADEdetections-as-codeenhancementNew feature or requestpythonInternal python for the repository
@eric-forte-elastic

Description

@eric-forte-elastic
eric-forte-elastic
opened on May 21, 2024

dependent on #3817

Summary

This issue is to update how we handle Data Views from Kibana stemming from some feedback Justin had in this comment here.

Within QueryRuleData, we can add a new property index_or_dataview -> list[str] which returns whichever is set. The reason for making it a list even though dataview is a string is because we always iterate, so it saves us from doing a type check every time.

Then, we will need to search for every use of data.index (or rule.contents.data.index and all variations) and replace them with this new property where it makes sense.

To ensure this works properly, the bug in #3817 should be merged first, and backported

Metadata

Metadata

Assignees

Labels

Team: TRADEdetections-as-codeenhancementNew feature or requestpythonInternal python for the repository

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions