-
Notifications
You must be signed in to change notification settings - Fork 8.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
…#81196) ### Summary This PR addresses the remaining query preview bugs. - it adds index, and request information to eql inspect - it seems that for some reason the eql search strategy response returns `null` for the `params.body` in complete responses, but not in partial responses and does not include index info. As a workaround, I set the inspect info on partial responses and manually add index info - added to-dos pointing this out in the code - updated eql sequence queries preview to use the last event timestamp of a sequence to display the hits within a histogram - it checks buckets length to determine noise warning for threshold rules, as opposed to total hit count - remove unused i18n text - fixes bug where threshold is being passed in for all rule types as it's always defined in the creation step, added a check to only pass through to `useMatrixHistogram` hook when rule type is threshold
- Loading branch information
Showing
19 changed files
with
1,191 additions
and
595 deletions.
There are no files selected for viewing
178 changes: 178 additions & 0 deletions
178
x-pack/plugins/security_solution/public/common/hooks/eql/eql_search_response.mock.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,178 @@ | ||
| /* | ||
| * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
| * or more contributor license agreements. Licensed under the Elastic License; | ||
| * you may not use this file except in compliance with the Elastic License. | ||
| */ | ||
|
|
||
| import { EqlSearchStrategyResponse } from '../../../../../data_enhanced/common'; | ||
| import { Source } from './types'; | ||
| import { EqlSearchResponse } from '../../../../common/detection_engine/types'; | ||
| import { Connection } from '@elastic/elasticsearch'; | ||
|
|
||
| export const getMockEqlResponse = (): EqlSearchStrategyResponse<EqlSearchResponse<Source>> => ({ | ||
| id: 'some-id', | ||
| rawResponse: { | ||
| body: { | ||
| hits: { | ||
| events: [ | ||
| { | ||
| _index: 'index', | ||
| _id: '1', | ||
| _source: { | ||
| '@timestamp': '2020-10-04T15:16:54.368707900Z', | ||
| }, | ||
| }, | ||
| { | ||
| _index: 'index', | ||
| _id: '2', | ||
| _source: { | ||
| '@timestamp': '2020-10-04T15:50:54.368707900Z', | ||
| }, | ||
| }, | ||
| { | ||
| _index: 'index', | ||
| _id: '3', | ||
| _source: { | ||
| '@timestamp': '2020-10-04T15:06:54.368707900Z', | ||
| }, | ||
| }, | ||
| { | ||
| _index: 'index', | ||
| _id: '4', | ||
| _source: { | ||
| '@timestamp': '2020-10-04T15:15:54.368707900Z', | ||
| }, | ||
| }, | ||
| ], | ||
| total: { | ||
| value: 4, | ||
| relation: '', | ||
| }, | ||
| }, | ||
| is_partial: false, | ||
| is_running: false, | ||
| took: 300, | ||
| timed_out: false, | ||
| }, | ||
| headers: {}, | ||
| warnings: [], | ||
| meta: { | ||
| aborted: false, | ||
| attempts: 0, | ||
| context: null, | ||
| name: 'elasticsearch-js', | ||
| connection: {} as Connection, | ||
| request: { | ||
| params: { | ||
| body: JSON.stringify({ | ||
| filter: { | ||
| range: { | ||
| '@timestamp': { | ||
| gte: '2020-10-07T00:46:12.414Z', | ||
| lte: '2020-10-07T01:46:12.414Z', | ||
| format: 'strict_date_optional_time', | ||
| }, | ||
| }, | ||
| }, | ||
| }), | ||
| method: 'GET', | ||
| path: '/_eql/search/', | ||
| querystring: 'some query string', | ||
| }, | ||
| options: {}, | ||
| id: '', | ||
| }, | ||
| }, | ||
| statusCode: 200, | ||
| }, | ||
| }); | ||
|
|
||
| export const getMockEqlSequenceResponse = (): EqlSearchStrategyResponse< | ||
| EqlSearchResponse<Source> | ||
| > => ({ | ||
| id: 'some-id', | ||
| rawResponse: { | ||
| body: { | ||
| hits: { | ||
| sequences: [ | ||
| { | ||
| join_keys: [], | ||
| events: [ | ||
| { | ||
| _index: 'index', | ||
| _id: '1', | ||
| _source: { | ||
| '@timestamp': '2020-10-04T15:16:54.368707900Z', | ||
| }, | ||
| }, | ||
| { | ||
| _index: 'index', | ||
| _id: '2', | ||
| _source: { | ||
| '@timestamp': '2020-10-04T15:50:54.368707900Z', | ||
| }, | ||
| }, | ||
| ], | ||
| }, | ||
| { | ||
| join_keys: [], | ||
| events: [ | ||
| { | ||
| _index: 'index', | ||
| _id: '3', | ||
| _source: { | ||
| '@timestamp': '2020-10-04T15:06:54.368707900Z', | ||
| }, | ||
| }, | ||
| { | ||
| _index: 'index', | ||
| _id: '4', | ||
| _source: { | ||
| '@timestamp': '2020-10-04T15:15:54.368707900Z', | ||
| }, | ||
| }, | ||
| ], | ||
| }, | ||
| ], | ||
| total: { | ||
| value: 4, | ||
| relation: '', | ||
| }, | ||
| }, | ||
| is_partial: false, | ||
| is_running: false, | ||
| took: 300, | ||
| timed_out: false, | ||
| }, | ||
| headers: {}, | ||
| warnings: [], | ||
| meta: { | ||
| aborted: false, | ||
| attempts: 0, | ||
| context: null, | ||
| name: 'elasticsearch-js', | ||
| connection: {} as Connection, | ||
| request: { | ||
| params: { | ||
| body: JSON.stringify({ | ||
| filter: { | ||
| range: { | ||
| '@timestamp': { | ||
| gte: '2020-10-07T00:46:12.414Z', | ||
| lte: '2020-10-07T01:46:12.414Z', | ||
| format: 'strict_date_optional_time', | ||
| }, | ||
| }, | ||
| }, | ||
| }), | ||
| method: 'GET', | ||
| path: '/_eql/search/', | ||
| querystring: 'some query string', | ||
| }, | ||
| options: {}, | ||
| id: '', | ||
| }, | ||
| }, | ||
| statusCode: 200, | ||
| }, | ||
| }); |
Oops, something went wrong.