From 08ecd74ea526c8dc2e1739f08849e8f16395cb79 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Patryk=20Kopyci=C5=84ski?= Date: Wed, 27 Oct 2021 02:04:26 +0200 Subject: [PATCH] [Osquery] Fix live query search doesn't return relevant results for agents (#116332) --- .../plugins/osquery/public/agents/use_all_agents.ts | 7 +++++-- .../queries/ecs_mapping_editor_field.tsx | 2 +- .../server/routes/fleet_wrapper/get_agents.ts | 13 +++++++++---- 3 files changed, 15 insertions(+), 7 deletions(-) diff --git a/x-pack/plugins/osquery/public/agents/use_all_agents.ts b/x-pack/plugins/osquery/public/agents/use_all_agents.ts index 42e4954989c66..03660a970aeef 100644 --- a/x-pack/plugins/osquery/public/agents/use_all_agents.ts +++ b/x-pack/plugins/osquery/public/agents/use_all_agents.ts @@ -35,7 +35,7 @@ export const useAllAgents = ( return useQuery( ['agents', osqueryPolicies, searchValue, perPage], () => { - let kuery = `${osqueryPolicies.map((p) => `policy_id:${p}`).join(' or ')}`; + let kuery = `(${osqueryPolicies.map((p) => `policy_id:${p}`).join(' or ')})`; if (searchValue) { kuery += ` and (local_metadata.host.hostname:*${searchValue}* or local_metadata.elastic.agent.id:*${searchValue}*)`; @@ -54,10 +54,13 @@ export const useAllAgents = ( enabled: !osqueryPoliciesLoading && osqueryPolicies.length > 0, onSuccess: () => setErrorToast(), onError: (error) => - setErrorToast(error as Error, { + // @ts-expect-error update types + setErrorToast(error?.body, { title: i18n.translate('xpack.osquery.agents.fetchError', { defaultMessage: 'Error while fetching agents', }), + // @ts-expect-error update types + toastMessage: error?.body?.error, }), } ); diff --git a/x-pack/plugins/osquery/public/scheduled_query_groups/queries/ecs_mapping_editor_field.tsx b/x-pack/plugins/osquery/public/scheduled_query_groups/queries/ecs_mapping_editor_field.tsx index cfd2712bafbfa..c226f81a3fa5c 100644 --- a/x-pack/plugins/osquery/public/scheduled_query_groups/queries/ecs_mapping_editor_field.tsx +++ b/x-pack/plugins/osquery/public/scheduled_query_groups/queries/ecs_mapping_editor_field.tsx @@ -765,7 +765,7 @@ export const ECSMappingEditorField = ({ field, query, fieldRef }: ECSMappingEdit LIMIT 5; */ - if (selectItem.type === 'FunctionCall' && selectItem.hasAs) { + if (selectItem.hasAs && selectItem.alias) { return [ { label: selectItem.alias, diff --git a/x-pack/plugins/osquery/server/routes/fleet_wrapper/get_agents.ts b/x-pack/plugins/osquery/server/routes/fleet_wrapper/get_agents.ts index d45cb26e0d199..f129e95fd9508 100644 --- a/x-pack/plugins/osquery/server/routes/fleet_wrapper/get_agents.ts +++ b/x-pack/plugins/osquery/server/routes/fleet_wrapper/get_agents.ts @@ -22,10 +22,15 @@ export const getAgentsRoute = (router: IRouter, osqueryContext: OsqueryAppContex async (context, request, response) => { const esClient = context.core.elasticsearch.client.asInternalUser; - const agents = await osqueryContext.service - .getAgentService() - // @ts-expect-error update types - ?.listAgents(esClient, request.query); + let agents; + try { + agents = await osqueryContext.service + .getAgentService() + // @ts-expect-error update types + ?.listAgents(esClient, request.query); + } catch (error) { + return response.badRequest({ body: error }); + } return response.ok({ body: agents }); }