Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security solution] Grouping count bug #156206

Merged
merged 6 commits into from
May 1, 2023

Conversation

stephmilovic
Copy link
Contributor

@stephmilovic stephmilovic commented Apr 28, 2023

Summary

This PR fixes 2 bugs:

  1. Not sure when the justifyContent="center" was added to the Host name group renderer, but it shouldn't be there. Removed it to fix styling
  2. I was handling the events count + groups count in the UI, adding to these totals when a null group was included. This was a bad way to do it, because if the null group appears on page 2, the counts are inaccurate on page one. I fixed this by adjusting the query.
    • I first moved these aggs (unitsCount and groupsCount) from security solution into the grouping package, I think it should have been there in the first place since we seek these values in grouping.tsx.
    • Then I added the missing property to the unitsCount value_count aggregation. Unlike the terms agg, this does not overwrite the values of fields named the same value as our missing value (the count returned is accurate). I could not do the same with the groupsCount cardinality aggregation. So instead, I added a unitsCountWithoutNull aggregation. If there is a null group, unitsCount !== unitsCountWithoutNull. When this condition is true, I added 1 to the groupsCount value.

Before

bad.mov

After

good.mov

@stephmilovic stephmilovic added release_note:skip Skip the PR/issue when compiling release notes Team:Threat Hunting Security Solution Threat Hunting Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting:Explore v8.8.0 Feature:Alerts Grouping Security Solution Alerts Grouping feature v8.9.0 labels Apr 28, 2023
@stephmilovic stephmilovic requested review from a team as code owners April 28, 2023 17:07
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@@ -106,9 +99,6 @@ const GroupingComponent = <T,>({
const nullGroupMessage = isNullGroup
? NULL_GROUP(selectedGroup, unit(groupBucket.doc_count))
: undefined;
if (isNullGroup) {
setNullCount({ unit: groupBucket.doc_count, group: 1 });
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this was the dumb thing 🙄

groupByFields: { buckets: groupByFields },
groupsCount: {
value:
(aggs.unitsCount?.value !== aggs.unitsCountWithoutNull?.value
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if these are not equal, there is one extra group to add to the count

Copy link
Contributor

@YulNaumenko YulNaumenko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Works as expected after fix

@stephmilovic
Copy link
Contributor Author

@elasticmachine merge upstream

@michaelolo24
Copy link
Contributor

@elasticmachine merge upstream

@stephmilovic
Copy link
Contributor Author

@elasticmachine merge upstream

@stephmilovic stephmilovic merged commit 7a0620f into elastic:main May 1, 2023
@kibana-ci
Copy link
Collaborator

💚 Build Succeeded

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 9.1MB 9.1MB +137.0B
Unknown metric groups

ESLint disabled line counts

id before after diff
enterpriseSearch 19 21 +2
securitySolution 399 402 +3
total +5

Total ESLint disabled count

id before after diff
enterpriseSearch 20 22 +2
securitySolution 479 482 +3
total +5

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request May 1, 2023
@kibanamachine
Copy link
Contributor

💚 All backports created successfully

Status Branch Result
8.8

Note: Successful backport PRs will be merged automatically after passing CI.

Questions ?

Please refer to the Backport tool documentation

kibanamachine added a commit that referenced this pull request May 1, 2023
# Backport

This will backport the following commits from `main` to `8.8`:
- [[Security solution] Grouping count bug
(#156206)](#156206)

<!--- Backport version: 8.9.7 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Steph
Milovic","email":"[email protected]"},"sourceCommit":{"committedDate":"2023-05-01T21:58:23Z","message":"[Security
solution] Grouping count bug
(#156206)","sha":"7a0620f132fe34c03c5ffe70cc118d52b5ec4dbd","branchLabelMapping":{"^v8.9.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Threat
Hunting","Team: SecuritySolution","Team:Threat
Hunting:Explore","v8.8.0","Feature:Alerts
Grouping","v8.9.0"],"number":156206,"url":"https://github.com/elastic/kibana/pull/156206","mergeCommit":{"message":"[Security
solution] Grouping count bug
(#156206)","sha":"7a0620f132fe34c03c5ffe70cc118d52b5ec4dbd"}},"sourceBranch":"main","suggestedTargetBranches":["8.8"],"targetPullRequestStates":[{"branch":"8.8","label":"v8.8.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.9.0","labelRegex":"^v8.9.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/156206","number":156206,"mergeCommit":{"message":"[Security
solution] Grouping count bug
(#156206)","sha":"7a0620f132fe34c03c5ffe70cc118d52b5ec4dbd"}}]}]
BACKPORT-->

Co-authored-by: Steph Milovic <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Feature:Alerts Grouping Security Solution Alerts Grouping feature release_note:skip Skip the PR/issue when compiling release notes Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting:Explore Team:Threat Hunting Security Solution Threat Hunting Team v8.8.0 v8.9.0
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants