[SecuritySolution] Replace KPIs on Host, Network, and Users with Lens Embeddables #138369
Conversation
…to lensEmbeddables/hosts
…to lensEmbeddables/hosts
…to lensEmbeddables/hosts
…to lensEmbeddables/hosts
…to lensEmbeddables/hosts
…to lensEmbeddables/hosts
…to lensEmbeddables/hosts
|
Pinging @elastic/security-threat-hunting (Team:Threat Hunting) |
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
x-pack/plugins/security_solution/public/common/components/stat_items/stat_items.tsx
Outdated
Show resolved
Hide resolved
…to lensEmbeddables/hosts
x-pack/plugins/security_solution/public/common/components/stat_items/stat_items.tsx
Outdated
Show resolved
Hide resolved
x-pack/plugins/security_solution/public/common/components/page/use_refetch_by_session.test.tsx
Show resolved
Hide resolved
| deleteQuery, | ||
| inspect, | ||
| loading, | ||
| queryId: id, | ||
| refetch: isChartEmbeddablesEnabled ? refetchByRestartingSession : refetch ?? noop, // refetchByRestartingSession is for refetching Lens Embeddables |
There was a problem hiding this comment.
Why do we need to use this new refetchByRestartingSession function instead of the original refetch? Just to understand.
Also, manageQuery is used in many different places, some are not related to any lens visualizations, do we need to change the refetch to all those places?
There was a problem hiding this comment.
Lens Embeddables do not have a function we can call to refetch data like most of our components, it refetches when receiving a new search session ID. So in x-pack/plugins/security_solution/public/common/components/page/use_refetch_by_session.tsx Line 28 , we assign it the initial session ID, it's consumed in x-pack/plugins/security_solution/public/common/components/visualization_actions/lens_embeddable.tsx. It gets new session ID every time when refetching: x-pack/plugins/security_solution/public/common/components/page/use_refetch_by_session.tsx Line37
Yeah, and I think I should not have changed manage_query.
I put it in x-pack/plugins/security_solution/public/common/components/page/manage_query.tsx was trying not to repeat the implementation, but I think it makes more sense to be in the same place where each component gets their refetch function. Take KPI hosts as an example, I'm going to move useRefetchByRestartingSession to x-pack/plugins/security_solution/public/hosts/components/kpi_hosts/hosts/index.tsx
const [loading, { refetch, id, inspect, ...data }] = useHostsKpiHosts({
filterQuery,
endDate: to,
indexNames,
startDate: from,
skip: querySkip || isChartEmbeddablesEnabled,
});
const { searchSessionId, refetchByRestartingSession } = useRefetchByRestartingSession({
inputId: InputsModelId.global,
queryId: id,
});
return (
<KpiBaseComponentManage
data={data}
id={id}
inspect={inspect}
loading={loading}
fieldsMapping={fieldsMapping}
from={from}
to={to}
updateDateRange={updateDateRange}
refetch={isChartEmbeddablesEnabled ? refetchByRestartingSession : refetch}
setQuery={setQuery}
setQuerySkip={setQuerySkip}
searchSessionId={isChartEmbeddablesEnabled ? searchSessionId : undefined}
/>
);
There was a problem hiding this comment.
Yeah, that looks better 👍 Thanks for the explanation!
...plugins/security_solution/public/common/components/visualization_actions/lens_embeddable.tsx
Outdated
Show resolved
Hide resolved
x-pack/plugins/security_solution/public/common/components/visualization_actions/use_actions.ts
Outdated
Show resolved
Hide resolved
|
@angorayc I noticed some weird-looking UI. Let me know if it is a problem with my environment. When I open the host page I get an error and dark background behind the scroll bar and a black square in the header. When I open it on a smaller screen: |
|
Hey @machadoum , thanks for catching this. I think that's because source.ip and destination.ip both have conflict in their field. Lens doesn't seem to allow aggregation on a non keyword type, but our current charts are retrieving data from Elasticsearch api, which doesn't show error in this case. Guessing that's why we have the inconsistency between current charts and Lens Embeddables. I'm asking Lens' opinion on how to fix this https://elastic.slack.com/archives/C013C7Z2X8W/p1667905889860969
|
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]Module Count
Async chunks
Page load bundle
Unknown metric groupsESLint disabled in files
ESLint disabled line counts
Total ESLint disabled count
History
To update your PR or re-run it, just comment with: |
Summary
This is part of #136409
In this PR we replace KPIs on Host, Network, and Users with Lens Embeddables.
Feature flag: chartEmbeddablesEnabled
Please add xpack.securitySolution.enableExperimental: [chartEmbeddablesEnabled] to kibana.dev.yml to verify
There shouldn't be much difference between Lens Embeddables and Elastic Charts. This migration is more like a tech debt as Lens Embeddables have implemented the functionality we need from fetching data to UI display, there's no need for us to implement / maintain the same functionality again on our side.
From the UI side, users might find that some bar charts and area charts (e.g.: source and dest. IP, authentication success and failed) now have two requests and responses in the inspector. That's expected, it's just because they are query separately in Lens Embeddables.
Eventually we'd like to replace all the charts on Security Solution with Lens Embeddable. However, this scolp is too big to ship in a single release and we would like to have more testing before we're confident enough, we put it behind the feature flag for now.
To test:
...buttonScreen.Recording.2022-10-27.at.15.11.41.mov
Before
Checklist
Delete any items that are not applicable to this PR.