[8.17] [Security Solution] Remove warning for rule filter (#201776) (#…

…204718)

# Backport

This will backport the following commits from `main` to `8.17`:
- [[Security Solution] Remove warning for rule filter
(#201776)](#201776)

<!--- Backport version: 9.6.2 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Jacek
Kolezynski","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-12-18T09:47:05Z","message":"[Security
Solution] Remove warning for rule filter (#201776)\n\n**Resolves:
#178908**\n\n## Summary\n\nThis PR fixes a warning displayed for the
rule when certain filter is\npresent.\nI followed the suggestion from
@nikitaindik in the original ticket and\npulled his fix and tested that
it works, but it also needed some\nmodification borrowed from QueryBar
component, namely to update the\nfilters before displaying the
FilterItems component.\n\nNote: This PR only covers the Rule Creation /
Rules Details page. Two\nnew tickets have been created to cover issues
found in other places:\n#203600 and #203615\n\n# BEFORE\n<img
width=\"899\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/62b300b4-bc70-481f-8042-dc9d7c4b3ff0\">\n\n#
AFTER\n<img width=\"901\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/6c2915f8-e2e1-477d-bf6c-4ededf1a6907\">\n\n\n###
Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers
should verify this PR satisfies this list as well.\n\n- [ ] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [ ] [Flaky
Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\nused on any tests changed\n\n---------\n\nCo-authored-by: Nikita
Indik
<[email protected]>","sha":"2e3a74829d953e3a968c75e0edaed21dce332c03","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:fix","v9.0.0","Team:Detections
and Resp","Team: SecuritySolution","Team:Detection Rule
Management","Feature:Rule Creation","Feature:Rule Details","Feature:Rule
Edit","backport:version","v8.18.0","v8.16.3","v8.17.1"],"title":"[Security
Solution] Remove warning for rule
filter","number":201776,"url":"https://github.com/elastic/kibana/pull/201776","mergeCommit":{"message":"[Security
Solution] Remove warning for rule filter (#201776)\n\n**Resolves:
#178908**\n\n## Summary\n\nThis PR fixes a warning displayed for the
rule when certain filter is\npresent.\nI followed the suggestion from
@nikitaindik in the original ticket and\npulled his fix and tested that
it works, but it also needed some\nmodification borrowed from QueryBar
component, namely to update the\nfilters before displaying the
FilterItems component.\n\nNote: This PR only covers the Rule Creation /
Rules Details page. Two\nnew tickets have been created to cover issues
found in other places:\n#203600 and #203615\n\n# BEFORE\n<img
width=\"899\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/62b300b4-bc70-481f-8042-dc9d7c4b3ff0\">\n\n#
AFTER\n<img width=\"901\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/6c2915f8-e2e1-477d-bf6c-4ededf1a6907\">\n\n\n###
Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers
should verify this PR satisfies this list as well.\n\n- [ ] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [ ] [Flaky
Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\nused on any tests changed\n\n---------\n\nCo-authored-by: Nikita
Indik
<[email protected]>","sha":"2e3a74829d953e3a968c75e0edaed21dce332c03"}},"sourceBranch":"main","suggestedTargetBranches":["8.16","8.17"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/201776","number":201776,"mergeCommit":{"message":"[Security
Solution] Remove warning for rule filter (#201776)\n\n**Resolves:
#178908**\n\n## Summary\n\nThis PR fixes a warning displayed for the
rule when certain filter is\npresent.\nI followed the suggestion from
@nikitaindik in the original ticket and\npulled his fix and tested that
it works, but it also needed some\nmodification borrowed from QueryBar
component, namely to update the\nfilters before displaying the
FilterItems component.\n\nNote: This PR only covers the Rule Creation /
Rules Details page. Two\nnew tickets have been created to cover issues
found in other places:\n#203600 and #203615\n\n# BEFORE\n<img
width=\"899\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/62b300b4-bc70-481f-8042-dc9d7c4b3ff0\">\n\n#
AFTER\n<img width=\"901\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/6c2915f8-e2e1-477d-bf6c-4ededf1a6907\">\n\n\n###
Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers
should verify this PR satisfies this list as well.\n\n- [ ] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [ ] [Flaky
Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\nused on any tests changed\n\n---------\n\nCo-authored-by: Nikita
Indik
<[email protected]>","sha":"2e3a74829d953e3a968c75e0edaed21dce332c03"}},{"branch":"8.x","label":"v8.18.0","branchLabelMappingKey":"^v8.18.0$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/204704","number":204704,"state":"OPEN"},{"branch":"8.16","label":"v8.16.3","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.17","label":"v8.17.1","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/rule_definition_section.tsx

@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import React from 'react';
+import React, { useMemo } from 'react';
 import { isEmpty } from 'lodash/fp';
 import {
   EuiDescriptionList,
@@ -23,8 +23,8 @@ import type {
 import type { Filter } from '@kbn/es-query';
 import type { SavedQuery } from '@kbn/data-plugin/public';
 import { mapAndFlattenFilters } from '@kbn/data-plugin/public';
-import type { DataView } from '@kbn/data-views-plugin/public';
 import { FilterItems } from '@kbn/unified-search-plugin/public';
+import { isDataView } from '../../../../common/components/query_bar';
 import type {
   AlertSuppressionMissingFieldsStrategy,
   RequiredFieldArray,
@@ -39,8 +39,6 @@ import { AlertSuppressionLabel } from '../../../rule_creation_ui/components/desc
 import { useGetSavedQuery } from '../../../../detections/pages/detection_engine/rules/use_get_saved_query';
 import * as threatMatchI18n from '../../../../common/components/threat_match/translations';
 import * as timelinesI18n from '../../../../timelines/components/timeline/translations';
-import { useRuleIndexPattern } from '../../../rule_creation_ui/pages/form';
-import { DataSourceType } from '../../../../detections/pages/detection_engine/rules/types';
 import type { Duration } from '../../../../detections/pages/detection_engine/rules/types';
 import { convertHistoryStartToSize } from '../../../../detections/pages/detection_engine/rules/helpers';
 import { MlJobsDescription } from '../../../rule_creation/components/ml_jobs_description/ml_jobs_description';
@@ -59,6 +57,7 @@ import {
 } from './rule_definition_section.styles';
 import { getQueryLanguageLabel } from './helpers';
 import { useDefaultIndexPattern } from '../../hooks/use_default_index_pattern';
+import { useDataView } from './three_way_diff/final_edit/fields/hooks/use_data_view';
 
 interface SavedQueryNameProps {
   savedQueryName: string;
@@ -83,16 +82,34 @@ export const Filters = ({
   index,
   'data-test-subj': dataTestSubj,
 }: FiltersProps) => {
-  const flattenedFilters = mapAndFlattenFilters(filters);
-
   const defaultIndexPattern = useDefaultIndexPattern();
+  const useDataViewParams = dataViewId
+    ? { dataViewId }
+    : { indexPatterns: index ?? defaultIndexPattern };
+  const { dataView } = useDataView(useDataViewParams);
+  const isEsql = filters.some((filter) => filter?.query?.language === 'esql');
+  const searchBarFilters = useMemo(() => {
+    if (!index || isDataView(index) || isEsql) {
+      return filters;
+    }
+    const filtersWithUpdatedMetaIndex = filters.map((filter) => {
+      return {
+        ...filter,
+        meta: {
+          ...filter.meta,
+          index: index.join(','),
+        },
+      };
+    });
 
-  const { indexPattern } = useRuleIndexPattern({
-    dataSourceType: dataViewId ? DataSourceType.DataView : DataSourceType.IndexPatterns,
-    index: index ?? defaultIndexPattern,
-    dataViewId,
-  });
+    return filtersWithUpdatedMetaIndex;
+  }, [filters, index, isEsql]);
+
+  if (!dataView) {
+    return null;
+  }
 
+  const flattenedFilters = mapAndFlattenFilters(searchBarFilters);
   const styles = filtersStyles;
 
   return (
@@ -103,7 +120,7 @@ export const Filters = ({
       responsive={false}
       gutterSize="xs"
     >
-      <FilterItems filters={flattenedFilters} indexPatterns={[indexPattern as DataView]} readOnly />
+      <FilterItems filters={flattenedFilters} indexPatterns={[dataView]} readOnly />
     </EuiFlexGroup>
   );
 };

x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/hooks/use_data_view.ts

@@ -9,7 +9,7 @@ import { useEffect, useState } from 'react';
 import type { DataView } from '@kbn/data-views-plugin/common';
 import { useKibana } from '../../../../../../../../common/lib/kibana';
 
-type UseDataViewParams =
+export type UseDataViewParams =
   | { indexPatterns: string[]; dataViewId?: never }
   | { indexPatterns?: never; dataViewId: string };
 
@@ -33,6 +33,7 @@ export function useDataView(indexPatternsOrDataViewId: UseDataViewParams): UseDa
         if (indexPatternsOrDataViewId.indexPatterns) {
           const indexPatternsDataView = await dataViewsService.create({
             title: indexPatternsOrDataViewId.indexPatterns.join(','),
+            id: indexPatternsOrDataViewId.indexPatterns.join(','),
             allowNoIndex: true,
           });