diff --git a/x-pack/plugins/infra/server/lib/log_analysis/log_entry_anomalies.ts b/x-pack/plugins/infra/server/lib/log_analysis/log_entry_anomalies.ts index f6d8a4a807e95..08ec954fd2968 100644 --- a/x-pack/plugins/infra/server/lib/log_analysis/log_entry_anomalies.ts +++ b/x-pack/plugins/infra/server/lib/log_analysis/log_entry_anomalies.ts @@ -262,18 +262,18 @@ async function fetchLogEntryAnomalies( bucket_span: duration, timestamp: anomalyStartTime, by_field_value: categoryId, - } = result._source; + } = result.fields; return { id: result._id, - anomalyScore, - dataset, + anomalyScore: anomalyScore[0], + dataset: dataset[0], typical: typical[0], actual: actual[0], - jobId: job_id, - startTime: anomalyStartTime, - duration: duration * 1000, - categoryId, + jobId: job_id[0], + startTime: parseInt(anomalyStartTime[0], 10), + duration: duration[0] * 1000, + categoryId: categoryId?.[0], }; }); diff --git a/x-pack/plugins/infra/server/lib/log_analysis/queries/log_entry_anomalies.ts b/x-pack/plugins/infra/server/lib/log_analysis/queries/log_entry_anomalies.ts index c722544c509aa..e692ed019cf86 100644 --- a/x-pack/plugins/infra/server/lib/log_analysis/queries/log_entry_anomalies.ts +++ b/x-pack/plugins/infra/server/lib/log_analysis/queries/log_entry_anomalies.ts @@ -46,13 +46,16 @@ export const createLogEntryAnomaliesQuery = ( ...createDatasetsFilters(datasets), ]; - const sourceFields = [ + const fields = [ 'job_id', 'record_score', 'typical', 'actual', 'partition_field_value', - 'timestamp', + { + field: 'timestamp', + format: 'epoch_millis', + }, 'bucket_span', 'by_field_value', ]; @@ -75,7 +78,8 @@ export const createLogEntryAnomaliesQuery = ( search_after: queryCursor, sort: sortOptions, size: pageSize, - _source: sourceFields, + _source: false, + fields, }, }; @@ -84,18 +88,18 @@ export const createLogEntryAnomaliesQuery = ( export const logEntryAnomalyHitRT = rt.type({ _id: rt.string, - _source: rt.intersection([ + fields: rt.intersection([ rt.type({ - job_id: rt.string, - record_score: rt.number, + job_id: rt.array(rt.string), + record_score: rt.array(rt.number), typical: rt.array(rt.number), actual: rt.array(rt.number), - partition_field_value: rt.string, - bucket_span: rt.number, - timestamp: rt.number, + partition_field_value: rt.array(rt.string), + bucket_span: rt.array(rt.number), + timestamp: rt.array(rt.string), }), rt.partial({ - by_field_value: rt.string, + by_field_value: rt.array(rt.string), }), ]), sort: rt.tuple([rt.union([rt.string, rt.number]), rt.union([rt.string, rt.number])]),