From 015578b81c26a5843747ba53b2fd92d40f0453cb Mon Sep 17 00:00:00 2001 From: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> Date: Wed, 23 Feb 2022 20:58:30 -0500 Subject: [PATCH] [Security Solution] Use search strategy error in timeline (#125178) (#125422) (cherry picked from commit 4fe96b799efea5bc052d5d50a4d10b56a0dec947) Co-authored-by: Steph Milovic --- .../common/components/events_viewer/index.tsx | 2 ++ .../timeline/eql_tab_content/index.tsx | 8 +++++--- .../timeline/pinned_tab_content/index.tsx | 2 ++ .../timeline/query_tab_content/index.tsx | 8 +++++--- .../public/timelines/containers/index.test.tsx | 1 + .../public/timelines/containers/index.tsx | 18 ++++++++++++------ .../timelines/containers/translations.ts | 7 ------- .../components/t_grid/integrated/index.tsx | 3 +++ .../components/t_grid/standalone/index.tsx | 3 +++ .../timelines/public/container/index.tsx | 13 ++++++++----- .../timelines/public/container/translations.ts | 7 ------- .../plugins/timelines/public/mock/t_grid.tsx | 1 + .../translations/translations/ja-JP.json | 2 -- .../translations/translations/zh-CN.json | 2 -- 14 files changed, 42 insertions(+), 35 deletions(-) diff --git a/x-pack/plugins/security_solution/public/common/components/events_viewer/index.tsx b/x-pack/plugins/security_solution/public/common/components/events_viewer/index.tsx index 9fa91ed25c995..a9fd9a5d9d44f 100644 --- a/x-pack/plugins/security_solution/public/common/components/events_viewer/index.tsx +++ b/x-pack/plugins/security_solution/public/common/components/events_viewer/index.tsx @@ -112,6 +112,7 @@ const StatefulEventsViewerComponent: React.FC = ({ const { timelines: timelinesUi } = useKibana().services; const { browserFields, + dataViewId, docValueFields, indexPattern, runtimeMappings, @@ -189,6 +190,7 @@ const StatefulEventsViewerComponent: React.FC = ({ bulkActions, columns, dataProviders, + dataViewId, defaultCellActions, deletedEventIds, disabledCellActions: FIELDS_WITHOUT_CELL_ACTIONS, diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/eql_tab_content/index.tsx b/x-pack/plugins/security_solution/public/timelines/components/timeline/eql_tab_content/index.tsx index 70702bcb8c653..12f0d70bca37e 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/timeline/eql_tab_content/index.tsx +++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/eql_tab_content/index.tsx @@ -175,6 +175,7 @@ export const EqlTabContentComponent: React.FC = ({ const { setTimelineFullScreen, timelineFullScreen } = useTimelineFullScreen(); const { browserFields, + dataViewId, docValueFields, loading: loadingSourcerer, runtimeMappings, @@ -208,18 +209,19 @@ export const EqlTabContentComponent: React.FC = ({ const [isQueryLoading, { events, inspect, totalCount, pageInfo, loadPage, updatedAt, refetch }] = useTimelineEvents({ + dataViewId, docValueFields, endDate: end, eqlOptions: restEqlOption, + fields: getTimelineQueryFields(), + filterQuery: eqlQuery ?? '', id: timelineId, indexNames: selectedPatterns, - fields: getTimelineQueryFields(), language: 'eql', limit: itemsPerPage, - filterQuery: eqlQuery ?? '', runtimeMappings, - startDate: start, skip: !canQueryTimeline(), + startDate: start, timerangeKind, }); diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/pinned_tab_content/index.tsx b/x-pack/plugins/security_solution/public/timelines/components/timeline/pinned_tab_content/index.tsx index bf275ebbcb458..922ac652d141a 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/timeline/pinned_tab_content/index.tsx +++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/pinned_tab_content/index.tsx @@ -119,6 +119,7 @@ export const PinnedTabContentComponent: React.FC = ({ const { browserFields, docValueFields, + dataViewId, loading: loadingSourcerer, runtimeMappings, selectedPatterns, @@ -187,6 +188,7 @@ export const PinnedTabContentComponent: React.FC = ({ endDate: '', id: `pinned-${timelineId}`, indexNames: selectedPatterns, + dataViewId, fields: timelineQueryFields, limit: itemsPerPage, filterQuery, diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/query_tab_content/index.tsx b/x-pack/plugins/security_solution/public/timelines/components/timeline/query_tab_content/index.tsx index 7706e7f0611d4..d23d09280aaa9 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/timeline/query_tab_content/index.tsx +++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/query_tab_content/index.tsx @@ -191,6 +191,7 @@ export const QueryTabContentComponent: React.FC = ({ const { setTimelineFullScreen, timelineFullScreen } = useTimelineFullScreen(); const { browserFields, + dataViewId, docValueFields, loading: loadingSourcerer, indexPattern, @@ -282,18 +283,19 @@ export const QueryTabContentComponent: React.FC = ({ const [isQueryLoading, { events, inspect, totalCount, pageInfo, loadPage, updatedAt, refetch }] = useTimelineEvents({ + dataViewId, docValueFields, endDate: end, + fields: getTimelineQueryFields(), + filterQuery: combinedQueries?.filterQuery, id: timelineId, indexNames: selectedPatterns, - fields: getTimelineQueryFields(), language: kqlQuery.language, limit: itemsPerPage, - filterQuery: combinedQueries?.filterQuery, runtimeMappings, - startDate: start, skip: !canQueryTimeline, sort: timelineQuerySortField, + startDate: start, timerangeKind, }); diff --git a/x-pack/plugins/security_solution/public/timelines/containers/index.test.tsx b/x-pack/plugins/security_solution/public/timelines/containers/index.test.tsx index c6ae5d50abd37..dd032016088b6 100644 --- a/x-pack/plugins/security_solution/public/timelines/containers/index.test.tsx +++ b/x-pack/plugins/security_solution/public/timelines/containers/index.test.tsx @@ -105,6 +105,7 @@ describe('useTimelineEvents', () => { const startDate: string = '2020-07-07T08:20:18.966Z'; const endDate: string = '3000-01-01T00:00:00.000Z'; const props: UseTimelineEventsProps = { + dataViewId: 'data-view-id', docValueFields: [], endDate: '', id: TimelineId.active, diff --git a/x-pack/plugins/security_solution/public/timelines/containers/index.tsx b/x-pack/plugins/security_solution/public/timelines/containers/index.tsx index 1b0e42806df4f..3586aa186b020 100644 --- a/x-pack/plugins/security_solution/public/timelines/containers/index.tsx +++ b/x-pack/plugins/security_solution/public/timelines/containers/index.tsx @@ -13,7 +13,11 @@ import { Subscription } from 'rxjs'; import { MappingRuntimeFields } from '@elastic/elasticsearch/lib/api/typesWithBodyKey'; import { ESQuery } from '../../../common/typed_json'; -import { isCompleteResponse, isErrorResponse } from '../../../../../../src/plugins/data/common'; +import { + DataView, + isCompleteResponse, + isErrorResponse, +} from '../../../../../../src/plugins/data/common'; import { useIsExperimentalFeatureEnabled } from '../../common/hooks/use_experimental_features'; import { inputsModel } from '../../common/store'; @@ -75,6 +79,7 @@ type TimelineResponse = T extends 'kuery' : TimelineEventsAllStrategyResponse; export interface UseTimelineEventsProps { + dataViewId: string | null; docValueFields?: DocValueFields[]; endDate: string; eqlOptions?: EqlOptionsSelected; @@ -127,6 +132,7 @@ const deStructureEqlOptions = (eqlOptions?: EqlOptionsSelected) => ({ }); export const useTimelineEvents = ({ + dataViewId, docValueFields, endDate, eqlOptions = undefined, @@ -207,7 +213,7 @@ export const useTimelineEvents = ({ loadPage: wrappedLoadPage, updatedAt: 0, }); - const { addError, addWarning } = useAppToasts(); + const { addWarning } = useAppToasts(); // TODO: Once we are past experimental phase this code should be removed const ruleRegistryEnabled = useIsExperimentalFeatureEnabled('ruleRegistryEnabled'); @@ -227,6 +233,8 @@ export const useTimelineEvents = ({ strategy: request.language === 'eql' ? 'timelineEqlSearchStrategy' : 'timelineSearchStrategy', abortSignal: abortCtrl.current.signal, + // we only need the id to throw better errors + indexPattern: { id: dataViewId } as unknown as DataView, }) .subscribe({ next: (response) => { @@ -265,9 +273,7 @@ export const useTimelineEvents = ({ }, error: (msg) => { setLoading(false); - addError(msg, { - title: i18n.FAIL_TIMELINE_EVENTS, - }); + data.search.showError(msg); searchSubscription$.current.unsubscribe(); }, }); @@ -321,9 +327,9 @@ export const useTimelineEvents = ({ skip, id, data.search, + dataViewId, setUpdated, addWarning, - addError, refetchGrid, wrappedLoadPage, ] diff --git a/x-pack/plugins/security_solution/public/timelines/containers/translations.ts b/x-pack/plugins/security_solution/public/timelines/containers/translations.ts index 5a9d78991ce28..9a7ada5ae856b 100644 --- a/x-pack/plugins/security_solution/public/timelines/containers/translations.ts +++ b/x-pack/plugins/security_solution/public/timelines/containers/translations.ts @@ -13,10 +13,3 @@ export const ERROR_TIMELINE_EVENTS = i18n.translate( defaultMessage: `An error has occurred on timeline events search`, } ); - -export const FAIL_TIMELINE_EVENTS = i18n.translate( - 'xpack.securitySolution.timelineEvents.failSearchDescription', - { - defaultMessage: `Failed to run search on timeline events`, - } -); diff --git a/x-pack/plugins/timelines/public/components/t_grid/integrated/index.tsx b/x-pack/plugins/timelines/public/components/t_grid/integrated/index.tsx index a0d8434c6abb1..b97e4047d10e7 100644 --- a/x-pack/plugins/timelines/public/components/t_grid/integrated/index.tsx +++ b/x-pack/plugins/timelines/public/components/t_grid/integrated/index.tsx @@ -101,6 +101,7 @@ export interface TGridIntegratedProps { createFieldComponent?: CreateFieldComponentType; data?: DataPublicPluginStart; dataProviders: DataProvider[]; + dataViewId?: string | null; defaultCellActions?: TGridCellAction[]; deletedEventIds: Readonly; disabledCellActions: string[]; @@ -145,6 +146,7 @@ const TGridIntegratedComponent: React.FC = ({ columns, data, dataProviders, + dataViewId = null, defaultCellActions, deletedEventIds, disabledCellActions, @@ -236,6 +238,7 @@ const TGridIntegratedComponent: React.FC = ({ // We rely on entityType to determine Events vs Alerts alertConsumers: SECURITY_ALERTS_CONSUMERS, data, + dataViewId, docValueFields, endDate: end, entityType, diff --git a/x-pack/plugins/timelines/public/components/t_grid/standalone/index.tsx b/x-pack/plugins/timelines/public/components/t_grid/standalone/index.tsx index 0ee83bea1bc67..842de61966224 100644 --- a/x-pack/plugins/timelines/public/components/t_grid/standalone/index.tsx +++ b/x-pack/plugins/timelines/public/components/t_grid/standalone/index.tsx @@ -86,6 +86,7 @@ export interface TGridStandaloneProps { } | null; afterCaseSelection?: Function; columns: ColumnHeaderOptions[]; + dataViewId?: string | null; defaultCellActions?: TGridCellAction[]; deletedEventIds: Readonly; disabledCellActions: string[]; @@ -130,6 +131,7 @@ const TGridStandaloneComponent: React.FC = ({ casesOwner, casePermissions, columns, + dataViewId = null, defaultCellActions, deletedEventIds, disabledCellActions, @@ -224,6 +226,7 @@ const TGridStandaloneComponent: React.FC = ({ loading, { consumers, events, updatedAt, loadPage, pageInfo, refetch, totalCount = 0, inspect }, ] = useTimelineEvents({ + dataViewId, docValueFields: [], entityType, excludeEcsData: true, diff --git a/x-pack/plugins/timelines/public/container/index.tsx b/x-pack/plugins/timelines/public/container/index.tsx index 2c4be5c7bc23a..06316739fa307 100644 --- a/x-pack/plugins/timelines/public/container/index.tsx +++ b/x-pack/plugins/timelines/public/container/index.tsx @@ -12,6 +12,7 @@ import { useCallback, useEffect, useRef, useState } from 'react'; import { useDispatch } from 'react-redux'; import { Subscription } from 'rxjs'; import { MappingRuntimeFields } from '@elastic/elasticsearch/lib/api/typesWithBodyKey'; +import type { DataView } from '../../../../../src/plugins/data_views/public'; import { clearEventsLoading, clearEventsDeleted, @@ -73,6 +74,7 @@ type TimelineResponse = TimelineEventsAllStrateg export interface UseTimelineEventsProps { alertConsumers?: AlertConsumers[]; data?: DataPublicPluginStart; + dataViewId: string | null; docValueFields?: DocValueFields[]; endDate: string; entityType: EntityType; @@ -117,6 +119,7 @@ export const initSortDefault = [ const NO_CONSUMERS: AlertConsumers[] = []; export const useTimelineEvents = ({ alertConsumers = NO_CONSUMERS, + dataViewId, docValueFields, endDate, entityType, @@ -191,7 +194,7 @@ export const useTimelineEvents = ({ loadPage: wrappedLoadPage, updatedAt: 0, }); - const { addError, addWarning } = useAppToasts(); + const { addWarning } = useAppToasts(); const timelineSearch = useCallback( (request: TimelineRequest | null) => { @@ -213,6 +216,8 @@ export const useTimelineEvents = ({ ? 'timelineEqlSearchStrategy' : 'timelineSearchStrategy', abortSignal: abortCtrl.current.signal, + // we only need the id to throw better errors + indexPattern: { id: dataViewId } as unknown as DataView, } ) .subscribe({ @@ -242,9 +247,7 @@ export const useTimelineEvents = ({ }, error: (msg) => { setLoading(false); - addError(msg, { - title: i18n.FAIL_TIMELINE_EVENTS, - }); + data.search.showError(msg); searchSubscription$.current.unsubscribe(); }, }); @@ -256,7 +259,7 @@ export const useTimelineEvents = ({ asyncSearch(); refetch.current = asyncSearch; }, - [skip, data, entityType, setUpdated, addWarning, addError] + [skip, data, entityType, dataViewId, setUpdated, addWarning] ); useEffect(() => { diff --git a/x-pack/plugins/timelines/public/container/translations.ts b/x-pack/plugins/timelines/public/container/translations.ts index 4e159f6a5976f..757c936a93f72 100644 --- a/x-pack/plugins/timelines/public/container/translations.ts +++ b/x-pack/plugins/timelines/public/container/translations.ts @@ -13,10 +13,3 @@ export const ERROR_TIMELINE_EVENTS = i18n.translate( defaultMessage: `An error has occurred on timeline events search`, } ); - -export const FAIL_TIMELINE_EVENTS = i18n.translate( - 'xpack.timelines.timelineEvents.failSearchDescription', - { - defaultMessage: `Failed to run search on timeline events`, - } -); diff --git a/x-pack/plugins/timelines/public/mock/t_grid.tsx b/x-pack/plugins/timelines/public/mock/t_grid.tsx index 9de7a4cfb96e1..4d2ee5c7f8d67 100644 --- a/x-pack/plugins/timelines/public/mock/t_grid.tsx +++ b/x-pack/plugins/timelines/public/mock/t_grid.tsx @@ -92,6 +92,7 @@ export const tGridIntegratedProps: TGridIntegratedProps = { browserFields: mockBrowserFields, columns: columnHeaders, dataProviders: mockDataProviders, + dataViewId: 'data-view-id', deletedEventIds: [], disabledCellActions: [], docValueFields: mockDocValueFields, diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json index 6fda3e3d0547c..429c881e68cd4 100644 --- a/x-pack/plugins/translations/translations/ja-JP.json +++ b/x-pack/plugins/translations/translations/ja-JP.json @@ -25977,7 +25977,6 @@ "xpack.securitySolution.timeline.youAreInAnEventRendererScreenReaderOnly": "行 {row} のイベントレンダラーを表示しています。上矢印キーを押すと、終了して現在の行に戻ります。下矢印キーを押すと、終了して次の行に進みます。", "xpack.securitySolution.timeline.youAreInATableCellScreenReaderOnly": "表セルの行 {row}、列 {column} にいます", "xpack.securitySolution.timelineEvents.errorSearchDescription": "タイムラインイベント検索でエラーが発生しました", - "xpack.securitySolution.timelineEvents.failSearchDescription": "タイムラインイベントで検索を実行できませんでした", "xpack.securitySolution.timelines.allTimelines.errorFetchingTimelinesTitle": "すべてのタイムラインデータをクエリできませんでした", "xpack.securitySolution.timelines.allTimelines.importTimelineTitle": "インポート", "xpack.securitySolution.timelines.allTimelines.panelTitle": "すべてのタイムライン", @@ -27372,7 +27371,6 @@ "xpack.timelines.timeline.youAreInAnEventRendererScreenReaderOnly": "行 {row} のイベントレンダラーを表示しています。上矢印キーを押すと、終了して現在の行に戻ります。下矢印キーを押すと、終了して次の行に進みます。", "xpack.timelines.timeline.youAreInATableCellScreenReaderOnly": "表セルの行 {row}、列 {column} にいます", "xpack.timelines.timelineEvents.errorSearchDescription": "タイムラインイベント検索でエラーが発生しました", - "xpack.timelines.timelineEvents.failSearchDescription": "タイムラインイベントで検索を実行できませんでした", "xpack.timelines.toolbar.bulkActions.clearSelectionTitle": "選択した項目をクリア", "xpack.timelines.toolbar.bulkActions.selectAllAlertsTitle": "すべての{totalAlertsFormatted} {totalAlerts, plural, other {件のアラート}}を選択", "xpack.timelines.toolbar.bulkActions.selectedAlertsTitle": "Selected {selectedAlertsFormatted} {selectedAlerts, plural, other {件のアラート}}", diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json index f0335a48a15f2..38b419a336391 100644 --- a/x-pack/plugins/translations/translations/zh-CN.json +++ b/x-pack/plugins/translations/translations/zh-CN.json @@ -26008,7 +26008,6 @@ "xpack.securitySolution.timeline.youAreInAnEventRendererScreenReaderOnly": "您正处于第 {row} 行的事件呈现器中。按向上箭头键退出并返回当前行,或按向下箭头键退出并前进到下一行。", "xpack.securitySolution.timeline.youAreInATableCellScreenReaderOnly": "您处在表单元格中。行:{row},列:{column}", "xpack.securitySolution.timelineEvents.errorSearchDescription": "搜索时间线事件时发生错误", - "xpack.securitySolution.timelineEvents.failSearchDescription": "无法对时间线事件执行搜索", "xpack.securitySolution.timelines.allTimelines.errorFetchingTimelinesTitle": "无法查询所有时间线数据", "xpack.securitySolution.timelines.allTimelines.importTimelineTitle": "导入", "xpack.securitySolution.timelines.allTimelines.panelTitle": "所有时间线", @@ -27404,7 +27403,6 @@ "xpack.timelines.timeline.youAreInAnEventRendererScreenReaderOnly": "您正处于第 {row} 行的事件呈现器中。按向上箭头键退出并返回当前行,或按向下箭头键退出并前进到下一行。", "xpack.timelines.timeline.youAreInATableCellScreenReaderOnly": "您处在表单元格中。行:{row},列:{column}", "xpack.timelines.timelineEvents.errorSearchDescription": "搜索时间线事件时发生错误", - "xpack.timelines.timelineEvents.failSearchDescription": "无法对时间线事件执行搜索", "xpack.timelines.toolbar.bulkActions.clearSelectionTitle": "清除所选内容", "xpack.timelines.toolbar.bulkActions.selectAllAlertsTitle": "选择全部 {totalAlertsFormatted} 个{totalAlerts, plural, other {告警}}", "xpack.timelines.toolbar.bulkActions.selectedAlertsTitle": "已选择 {selectedAlertsFormatted} 个{selectedAlerts, plural, other {告警}}",