[Osquery] Fix live query search doesn't return relevant results for a…

…gents (elastic#116332)
kibanamachine · Oct 27, 2021 · 08ecd74 · 08ecd74
1 parent 91fda6a
commit 08ecd74
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 7 deletions.
diff --git a/x-pack/plugins/osquery/public/agents/use_all_agents.ts b/x-pack/plugins/osquery/public/agents/use_all_agents.ts
@@ -35,7 +35,7 @@ export const useAllAgents = (
   return useQuery<GetAgentsResponse>(
     ['agents', osqueryPolicies, searchValue, perPage],
     () => {
-      let kuery = `${osqueryPolicies.map((p) => `policy_id:${p}`).join(' or ')}`;
+      let kuery = `(${osqueryPolicies.map((p) => `policy_id:${p}`).join(' or ')})`;
 
       if (searchValue) {
         kuery += ` and (local_metadata.host.hostname:*${searchValue}* or local_metadata.elastic.agent.id:*${searchValue}*)`;
@@ -54,10 +54,13 @@ export const useAllAgents = (
       enabled: !osqueryPoliciesLoading && osqueryPolicies.length > 0,
       onSuccess: () => setErrorToast(),
       onError: (error) =>
-        setErrorToast(error as Error, {
+        // @ts-expect-error update types
+        setErrorToast(error?.body, {
           title: i18n.translate('xpack.osquery.agents.fetchError', {
             defaultMessage: 'Error while fetching agents',
           }),
+          // @ts-expect-error update types
+          toastMessage: error?.body?.error,
         }),
     }
   );

diff --git a/x-pack/plugins/osquery/public/scheduled_query_groups/queries/ecs_mapping_editor_field.tsx b/x-pack/plugins/osquery/public/scheduled_query_groups/queries/ecs_mapping_editor_field.tsx
@@ -765,7 +765,7 @@ export const ECSMappingEditorField = ({ field, query, fieldRef }: ECSMappingEdit
               LIMIT 5;
             */
 
-            if (selectItem.type === 'FunctionCall' && selectItem.hasAs) {
+            if (selectItem.hasAs && selectItem.alias) {
               return [
                 {
                   label: selectItem.alias,

diff --git a/x-pack/plugins/osquery/server/routes/fleet_wrapper/get_agents.ts b/x-pack/plugins/osquery/server/routes/fleet_wrapper/get_agents.ts
@@ -22,10 +22,15 @@ export const getAgentsRoute = (router: IRouter, osqueryContext: OsqueryAppContex
     async (context, request, response) => {
       const esClient = context.core.elasticsearch.client.asInternalUser;
 
-      const agents = await osqueryContext.service
-        .getAgentService()
-        // @ts-expect-error update types
-        ?.listAgents(esClient, request.query);
+      let agents;
+      try {
+        agents = await osqueryContext.service
+          .getAgentService()
+          // @ts-expect-error update types
+          ?.listAgents(esClient, request.query);
+      } catch (error) {
+        return response.badRequest({ body: error });
+      }
 
       return response.ok({ body: agents });
     }