[SecuritySolution][Investigations] Add message about missing index in data view in analyzer #122859
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
janmonschke
added
bug
| <EuiText size="s"> | ||
| {i18n.translate('xpack.securitySolution.resolver.noProcessEvents.dataView', { | ||
| defaultMessage: `In case you selected a different data view, | ||
| make sure your data view contains one of the inidices that are stored in the source event at "{field}".`, |
There was a problem hiding this comment.
instead of 1, should probably be "all" of the indices (spelling as well)
|
@elasticmachine merge upstream |
💚 Build SucceededMetrics [docs]Async chunks
History
To update your PR or re-run it, just comment with: cc @janmonschke |
kqualters-elastic
approved these changes
Jan 27, 2022
|
The following labels were identified as gaps in your version labels and will be added automatically:
If any of these should not be on your pull request, please manually remove them. |
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Jan 28, 2022
… data view in analyzer (elastic#122859) * chore: add message about missing index in data view * fix: typo Co-authored-by: Kibana Machine <[email protected]> (cherry picked from commit 9f6c781)
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Jan 28, 2022
… data view in analyzer (elastic#122859) * chore: add message about missing index in data view * fix: typo Co-authored-by: Kibana Machine <[email protected]> (cherry picked from commit 9f6c781)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
jloleysens
added a commit
to jloleysens/kibana
that referenced
this pull request
Jan 28, 2022
…fix-potential-race-condition-when-screenshotting * 'main' of github.com:elastic/kibana: (75 commits) [Reporting] Logging improvements while generating reports (elastic#123802) [Uptime] Default alert connectors email settings (elastic#123244) Update comparison series styles to match the main series (elastic#123858) [RAC][Uptime] remove extra dot from the uptime alert connector message (elastic#124000) [Exploratory view] Allow ability add extra actions in lens embeddable (elastic#123713) [SecuritySolution][Investigations] Add message about missing index in data view in analyzer (elastic#122859) [TSVB] Formatting in the left axis is not respected when I have two separate axis (elastic#123903) [Discover] Remove services from component dependencies (elastic#121691) Stop IM rule execution if there are no events (elastic#123811) [Security Solution][Endpoint] Update Fleet Trusted Apps and Host Isolation Exception cards to use exception list summary API (elastic#123900) [Security Solution][Exceptions] Switches modal to flyout component (elastic#123408) [Workplace Search] Fix bug where modal visible after deleting a group (elastic#123976) [Alerting] Remove state variables from action variable menu (elastic#123702) replace deprecated api usage (elastic#123970) Fix package policy merge logic for boolean values (elastic#123974) [Security Solution][Endpoint][Policy] Remove GET policy list api route (elastic#123873) Reenable alert_add test suite (elastic#123862) [Fleet] Remove usage of IFieldType in Fleet (elastic#123960) [Lists] Add an instance of `ExceptionListClient` with server extension points turned off to context object provided to callbacks (elastic#123885) [Maps] Add execution context (elastic#123651) ... # Conflicts: # x-pack/plugins/screenshotting/server/browsers/chromium/driver_factory/index.ts
|
Looks like this PR has backport PRs but they still haven't been merged. Please merge them ASAP to keep the branches relatively in sync. |
kibanamachine
added
the
backport missing
awahab07
pushed a commit
to awahab07/kibana
that referenced
this pull request
Jan 31, 2022
… data view in analyzer (elastic#122859) * chore: add message about missing index in data view * fix: typo Co-authored-by: Kibana Machine <[email protected]>
janmonschke
added a commit
that referenced
this pull request
Jan 31, 2022
… data view in analyzer (#122859) (#124002) * chore: add message about missing index in data view * fix: typo Co-authored-by: Kibana Machine <[email protected]> (cherry picked from commit 9f6c781) Co-authored-by: Jan Monschke <[email protected]>
janmonschke
added a commit
that referenced
this pull request
Jan 31, 2022
… data view in analyzer (#122859) (#124001) * chore: add message about missing index in data view * fix: typo Co-authored-by: Kibana Machine <[email protected]> (cherry picked from commit 9f6c781) Co-authored-by: Jan Monschke <[email protected]>
kibanamachine
removed
the
backport missing
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
When a data view is selected that does not contain the index of the source event for analyzer, we are not able to actually show analyzer. There is no easy automated way to fix this situation for the user so instead we are updating the copy to ask them to check for the correct indices in the selected data view. (original issue: #120885)