From 69c826d5a63672dae60f4b27d2e8cee20c1473fa Mon Sep 17 00:00:00 2001 From: Marshall Main Date: Tue, 29 Nov 2022 07:17:49 -0800 Subject: [PATCH 1/3] Don't use maxSignals for topHits agg size --- .../__snapshots__/build_group_by_field_aggregation.test.ts.snap | 2 +- .../alert_suppression/build_group_by_field_aggregation.ts | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/alert_suppression/__snapshots__/build_group_by_field_aggregation.test.ts.snap b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/alert_suppression/__snapshots__/build_group_by_field_aggregation.test.ts.snap index c1b21b1de1db1..0952989be1040 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/alert_suppression/__snapshots__/build_group_by_field_aggregation.test.ts.snap +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/alert_suppression/__snapshots__/build_group_by_field_aggregation.test.ts.snap @@ -16,7 +16,7 @@ Object { }, "topHits": Object { "top_hits": Object { - "size": 100, + "size": 1, "sort": Array [ Object { "kibana.combined_timestamp": Object { diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/alert_suppression/build_group_by_field_aggregation.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/alert_suppression/build_group_by_field_aggregation.ts index 4df370d6bced9..2b0b74f8e2f01 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/alert_suppression/build_group_by_field_aggregation.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/alert_suppression/build_group_by_field_aggregation.ts @@ -30,7 +30,7 @@ export const buildGroupByFieldAggregation = ({ aggs: { topHits: { top_hits: { - size: maxSignals, + size: 1, sort: [ { [aggregatableTimestampField]: { From dbf0eb1c865e30770097d70c57adac40a94ca1cc Mon Sep 17 00:00:00 2001 From: Marshall Main Date: Tue, 29 Nov 2022 17:32:15 -0800 Subject: [PATCH 2/3] Skip test that keeps failing on multiple PRs --- .../all_exception_lists_read_only.cy.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/x-pack/plugins/security_solution/cypress/e2e/exceptions/exceptions_management_flow/all_exception_lists_read_only.cy.ts b/x-pack/plugins/security_solution/cypress/e2e/exceptions/exceptions_management_flow/all_exception_lists_read_only.cy.ts index c1c4fc18960e6..86d04ca9649fe 100644 --- a/x-pack/plugins/security_solution/cypress/e2e/exceptions/exceptions_management_flow/all_exception_lists_read_only.cy.ts +++ b/x-pack/plugins/security_solution/cypress/e2e/exceptions/exceptions_management_flow/all_exception_lists_read_only.cy.ts @@ -20,7 +20,7 @@ import { EXCEPTIONS_URL } from '../../../urls/navigation'; const MISSING_PRIVILEGES_CALLOUT = 'missing-user-privileges'; -describe('All exception lists - read only', () => { +describe.skip('All exception lists - read only', () => { before(() => { esArchiverResetKibana(); From 52c2e5d94b1fe6dc553060422c0a4a59727eb2d8 Mon Sep 17 00:00:00 2001 From: Marshall Main Date: Tue, 29 Nov 2022 17:35:20 -0800 Subject: [PATCH 3/3] Unskip test bc it requires codeowner review --- .../all_exception_lists_read_only.cy.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/x-pack/plugins/security_solution/cypress/e2e/exceptions/exceptions_management_flow/all_exception_lists_read_only.cy.ts b/x-pack/plugins/security_solution/cypress/e2e/exceptions/exceptions_management_flow/all_exception_lists_read_only.cy.ts index 86d04ca9649fe..c1c4fc18960e6 100644 --- a/x-pack/plugins/security_solution/cypress/e2e/exceptions/exceptions_management_flow/all_exception_lists_read_only.cy.ts +++ b/x-pack/plugins/security_solution/cypress/e2e/exceptions/exceptions_management_flow/all_exception_lists_read_only.cy.ts @@ -20,7 +20,7 @@ import { EXCEPTIONS_URL } from '../../../urls/navigation'; const MISSING_PRIVILEGES_CALLOUT = 'missing-user-privileges'; -describe.skip('All exception lists - read only', () => { +describe('All exception lists - read only', () => { before(() => { esArchiverResetKibana();