[Security Solution] Expandable flyout - Update index field in analyze…

…r preview (#165398) ## Summary This PR addresses a bug that when a rule is created using data view, analyzer preview is blank. This is due to a check on if index exists before rendering the analyzer preview. This PR updated the index field from `kibana.alert.rule.parameter.index` to 'kibana.alert.rule.indices`, the later is introduced in #130929 and is available when a rule is created using either index patterns or data view. **How to reproduce the bug** - Refer to bug report #164829 **How to test** - Create a rule using data view - Generate some alerts - Go to alerts page, expand a row in alerts table - Go to Visualization -> Analyzer preview, the analyzer preview tree should be present ![image](https://github.com/elastic/kibana/assets/18648970/cbe0668e-335d-436a-992c-8970e75a3635) ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
elastic · Sep 1, 2023 · 88c04e5 · 88c04e5
1 parent 4ba2955
commit 88c04e5
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 4 deletions.
diff --git a/x-pack/plugins/security_solution/public/flyout/right/components/analyzer_preview.test.tsx b/x-pack/plugins/security_solution/public/flyout/right/components/analyzer_preview.test.tsx
@@ -10,7 +10,7 @@ import React from 'react';
 import { TestProviders } from '../../../common/mock';
 import { useAlertPrevalenceFromProcessTree } from '../../../common/containers/alerts/use_alert_prevalence_from_process_tree';
 import { mockContextValue } from '../mocks/mock_right_panel_context';
-import { mockDataFormattedForFieldBrowser } from '../mocks/mock_context';
+import { mockDataFormattedForFieldBrowser } from '../../shared/mocks/mock_context';
 import { RightPanelContext } from '../context';
 import { AnalyzerPreview } from './analyzer_preview';
 import { ANALYZER_PREVIEW_TEST_ID } from './test_ids';
@@ -62,7 +62,7 @@ describe('<AnalyzerPreview />', () => {
     expect(mockUseAlertPrevalenceFromProcessTree).toHaveBeenCalledWith({
       isActiveTimeline: false,
       documentId: 'ancestors-id',
-      indices: ['rule-parameters-index'],
+      indices: ['rule-indices'],
     });
     expect(wrapper.getByTestId(ANALYZER_PREVIEW_TEST_ID)).toBeInTheDocument();
   });

diff --git a/x-pack/plugins/security_solution/public/flyout/right/components/analyzer_preview.tsx b/x-pack/plugins/security_solution/public/flyout/right/components/analyzer_preview.tsx
@@ -10,7 +10,7 @@ import { EuiTreeView } from '@elastic/eui';
 import { ANALYZER_PREVIEW_TEST_ID } from './test_ids';
 import { getTreeNodes } from '../utils/analyzer_helpers';
 import { ANALYZER_PREVIEW_TITLE } from './translations';
-import { ANCESTOR_ID, RULE_PARAMETERS_INDEX } from '../../shared/constants/field_names';
+import { ANCESTOR_ID, RULE_INDICES } from '../../shared/constants/field_names';
 import { useRightPanelContext } from '../context';
 import { useAlertPrevalenceFromProcessTree } from '../../../common/containers/alerts/use_alert_prevalence_from_process_tree';
 import type { StatsNode } from '../../../common/containers/alerts/use_alert_prevalence_from_process_tree';
@@ -38,7 +38,7 @@ export const AnalyzerPreview: React.FC = () => {
   const processDocumentId =
     documentId && Array.isArray(documentId.values) ? documentId.values[0] : '';
 
-  const index = find({ category: 'kibana', field: RULE_PARAMETERS_INDEX }, data);
+  const index = find({ category: 'kibana', field: RULE_INDICES }, data);
   const indices = index?.values ?? [];
 
   const { statsNodes } = useAlertPrevalenceFromProcessTree({

diff --git a/x-pack/plugins/security_solution/public/flyout/shared/constants/field_names.ts b/x-pack/plugins/security_solution/public/flyout/shared/constants/field_names.ts
@@ -7,6 +7,7 @@
 
 export const ANCESTOR_ID = 'kibana.alert.ancestors.id';
 export const RULE_PARAMETERS_INDEX = 'kibana.alert.rule.parameters.index';
+export const RULE_INDICES = 'kibana.alert.rule.indices';
 export const ORIGINAL_EVENT_ID = 'kibana.alert.original_event.id';
 export const ENTRY_LEADER_ENTITY_ID = 'process.entry_leader.entity_id';
 export const ENTRY_LEADER_START = 'process.entry_leader.start';

diff --git a/x-pack/plugins/security_solution/public/flyout/shared/mocks/mock_context.ts b/x-pack/plugins/security_solution/public/flyout/shared/mocks/mock_context.ts
@@ -81,6 +81,13 @@ export const mockDataFormattedForFieldBrowser = [
     originalValue: ['rule-parameters-index'],
     isObjectArray: false,
   },
+  {
+    category: 'kibana',
+    field: 'kibana.alert.rule.indices',
+    values: ['rule-indices'],
+    originalValue: ['rule-indices'],
+    isObjectArray: false,
+  },
   {
     category: 'process',
     field: 'process.entity_id',