[Security Solutions] Fixes bug with the filter query compatibility for transforms #104559
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FrankHassanabad
added
v8.0.0
v7.15.0
auto-backport
FrankHassanabad
added
the
Team:Detections and Resp
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
spong
reviewed
Jul 7, 2021
spong
reviewed
Jul 7, 2021
spong
reviewed
Jul 7, 2021
| filterQuery === '{"bool":{"must":[],"filter":[{"match_all":{}}],"should":[],"must_not":[]}}' | ||
| ); | ||
| try { | ||
| const filterQueryObject = JSON.parse(filterQuery); |
There was a problem hiding this comment.
This filterQuery will only ever be the filters from the main page-level KQL bar, correct? No need to worry about excessively large filters here?
There was a problem hiding this comment.
That is correct.
spong
approved these changes
Jul 7, 2021
There was a problem hiding this comment.
Checked out, verified fix locally, and reviewed code. Now seeing transforms activate with KQL filters like *:* when appropriately configured. Appreciate the fix and added tests/docs @FrankHassanabad -- thanks! LGTM! 👍
Note: Did see the following stack trace in testing, but was able to reproduce on master so doesn't look to be introduced here. Will follow-up with another ticket if not already being tracked.
Stack trace
server log [16:40:29.535] [info][plugins][reporting] Browser executable: /Users/garrettspong/dev/kibana-master/x-pack/plugins/reporting/chromium/headless_shell-darwin_x64/headless_shell
server log [16:41:00.733] [error][http] KbnServerError: index_not_found_exception: [index_not_found_exception] Reason: no such index [*elastic-cloud-logs-*]
at getKbnServerError (/Users/garrettspong/dev/kibana-master/src/plugins/kibana_utils/server/report_server_error.ts:27:10)
at /Users/garrettspong/dev/kibana-master/src/plugins/data/server/autocomplete/value_suggestions_route.ts:65:15
at runMicrotasks (<anonymous>)
at processTicksAndRejections (internal/process/task_queues.js:95:5)
at Router.handle (/Users/garrettspong/dev/kibana-master/src/core/server/http/router/router.ts:273:30)
at handler (/Users/garrettspong/dev/kibana-master/src/core/server/http/router/router.ts:228:11)
at exports.Manager.execute (/Users/garrettspong/dev/kibana-master/node_modules/@hapi/hapi/lib/toolkit.js:60:28)
at Object.internals.handler (/Users/garrettspong/dev/kibana-master/node_modules/@hapi/hapi/lib/handler.js:46:20)
at exports.execute (/Users/garrettspong/dev/kibana-master/node_modules/@hapi/hapi/lib/handler.js:31:20)
at Request._lifecycle (/Users/garrettspong/dev/kibana-master/node_modules/@hapi/hapi/lib/request.js:370:32)
at Request._execute (/Users/garrettspong/dev/kibana-master/node_modules/@hapi/hapi/lib/request.js:279:9) {
statusCode: 500,
errBody: undefined
}
server error [16:41:00.466] Error: Internal Server Error
at HapiResponseAdapter.toInternalError (/Users/garrettspong/dev/kibana-master/src/core/server/http/router/response_adapter.ts:53:19)
at Router.handle (/Users/garrettspong/dev/kibana-master/src/core/server/http/router/router.ts:287:34)
at runMicrotasks (<anonymous>)
at processTicksAndRejections (internal/process/task_queues.js:95:5)
at handler (/Users/garrettspong/dev/kibana-master/src/core/server/http/router/router.ts:228:11)
at exports.Manager.execute (/Users/garrettspong/dev/kibana-master/node_modules/@hapi/hapi/lib/toolkit.js:60:28)
at Object.internals.handler (/Users/garrettspong/dev/kibana-master/node_modules/@hapi/hapi/lib/handler.js:46:20)
at exports.execute (/Users/garrettspong/dev/kibana-master/node_modules/@hapi/hapi/lib/handler.js:31:20)
at Request._lifecycle (/Users/garrettspong/dev/kibana-master/node_modules/@hapi/hapi/lib/request.js:370:32)
at Request._execute (/Users/garrettspong/dev/kibana-master/node_modules/@hapi/hapi/lib/request.js:279:9)
💚 Build Succeeded
Metrics [docs]Async chunks
History
To update your PR or re-run it, just comment with: |
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Jul 8, 2021
…r transforms (elastic#104559) ## Summary * Fixes bug with the filter query compatibility to allow multiple object types and match all * Adds unit tests for the file * Fixes up the README.md a bit * Adds more unit tests to the utils folder we didn't have before * Adds more JSDocs ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated
💚 Backport successful
This backport PR will be merged automatically after passing CI. |
jloleysens
added a commit
to jloleysens/kibana
that referenced
this pull request
Jul 8, 2021
…-of-max-results * 'master' of github.com:elastic/kibana: (36 commits) Lower Kibana app bundle limits (elastic#104688) [Security Solutions] Fixes bug with the filter query compatibility for transforms (elastic#104559) [RAC] Add mapping update logic to RuleDataClient (elastic#102586) Fix import workpad (elastic#104722) [canvas] Fix Storybook service decorator (elastic#104750) [Detection Rules] Add 7.14 rules (elastic#104772) [Enterprise Search] Fix beta notification in sidebar (elastic#104763) Fix engine routes that are meta engine or non-meta-engine specific (elastic#104757) [Fleet] Fix policy revision number getting bumped for no reason (elastic#104696) persistable state migrations (elastic#103680) [Fleet] Fix add agent in the package policy table (elastic#104749) [DOCS] Creates separate doc for security in production (elastic#103973) [SO Migration] fix reindex race on multi-instance mode (elastic#104516) [Security Solution] Update text in Endpoint Admin pages (elastic#104649) [package testing] Decrease timeout to 2 hours (elastic#104668) Fix background styling of waterfall chart sidebar tooltip. (elastic#103997) [Fleet + Integrations UI] Integrations UI Cleanup (elastic#104641) [Fleet] Link to download page of current stack version on Agent install instructions (elastic#104494) [Workplace Search] Fix Media Type field preview is unformatted bug (elastic#104684) [ML] add marker body (elastic#104672) ... # Conflicts: # x-pack/plugins/fleet/public/search_provider.test.ts
kibanamachine
added a commit
that referenced
this pull request
Jul 8, 2021
…r transforms (#104559) (#104798) ## Summary * Fixes bug with the filter query compatibility to allow multiple object types and match all * Adds unit tests for the file * Fixes up the README.md a bit * Adds more unit tests to the utils folder we didn't have before * Adds more JSDocs ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated Co-authored-by: Frank Hassanabad <frank.hassanabad@elastic.co>
1 task
FrankHassanabad
added a commit
that referenced
this pull request
Apr 11, 2022
## Summary Removes the `metrics_entities` plugin and POC. As a different direction will be taken and people can look back at the git history for it as they see fit if they need to refer to it. Once it's re-added it it will be through an RFC process and re-discussed. Earlier PR's which added the POC: #96446 #104559 ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Checklist