Skip to content

Commit

Permalink
[Security Solution] Use search strategy error in timeline (elastic#12…
Browse files Browse the repository at this point in the history
…5178)

(cherry picked from commit 4fe96b7)
  • Loading branch information
stephmilovic authored and kibanamachine committed Feb 11, 2022
1 parent b41b7ce commit cae9386
Show file tree
Hide file tree
Showing 14 changed files with 42 additions and 35 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -113,6 +113,7 @@ const StatefulEventsViewerComponent: React.FC<Props> = ({
const { timelines: timelinesUi } = useKibana().services;
const {
browserFields,
dataViewId,
docValueFields,
indexPattern,
runtimeMappings,
Expand Down Expand Up @@ -190,6 +191,7 @@ const StatefulEventsViewerComponent: React.FC<Props> = ({
bulkActions,
columns,
dataProviders,
dataViewId,
defaultCellActions,
deletedEventIds,
disabledCellActions: FIELDS_WITHOUT_CELL_ACTIONS,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -175,6 +175,7 @@ export const EqlTabContentComponent: React.FC<Props> = ({
const { setTimelineFullScreen, timelineFullScreen } = useTimelineFullScreen();
const {
browserFields,
dataViewId,
docValueFields,
loading: loadingSourcerer,
runtimeMappings,
Expand Down Expand Up @@ -208,18 +209,19 @@ export const EqlTabContentComponent: React.FC<Props> = ({

const [isQueryLoading, { events, inspect, totalCount, pageInfo, loadPage, updatedAt, refetch }] =
useTimelineEvents({
dataViewId,
docValueFields,
endDate: end,
eqlOptions: restEqlOption,
fields: getTimelineQueryFields(),
filterQuery: eqlQuery ?? '',
id: timelineId,
indexNames: selectedPatterns,
fields: getTimelineQueryFields(),
language: 'eql',
limit: itemsPerPage,
filterQuery: eqlQuery ?? '',
runtimeMappings,
startDate: start,
skip: !canQueryTimeline(),
startDate: start,
timerangeKind,
});

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -119,6 +119,7 @@ export const PinnedTabContentComponent: React.FC<Props> = ({
const {
browserFields,
docValueFields,
dataViewId,
loading: loadingSourcerer,
runtimeMappings,
selectedPatterns,
Expand Down Expand Up @@ -187,6 +188,7 @@ export const PinnedTabContentComponent: React.FC<Props> = ({
endDate: '',
id: `pinned-${timelineId}`,
indexNames: selectedPatterns,
dataViewId,
fields: timelineQueryFields,
limit: itemsPerPage,
filterQuery,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -191,6 +191,7 @@ export const QueryTabContentComponent: React.FC<Props> = ({
const { setTimelineFullScreen, timelineFullScreen } = useTimelineFullScreen();
const {
browserFields,
dataViewId,
docValueFields,
loading: loadingSourcerer,
indexPattern,
Expand Down Expand Up @@ -282,18 +283,19 @@ export const QueryTabContentComponent: React.FC<Props> = ({

const [isQueryLoading, { events, inspect, totalCount, pageInfo, loadPage, updatedAt, refetch }] =
useTimelineEvents({
dataViewId,
docValueFields,
endDate: end,
fields: getTimelineQueryFields(),
filterQuery: combinedQueries?.filterQuery,
id: timelineId,
indexNames: selectedPatterns,
fields: getTimelineQueryFields(),
language: kqlQuery.language,
limit: itemsPerPage,
filterQuery: combinedQueries?.filterQuery,
runtimeMappings,
startDate: start,
skip: !canQueryTimeline,
sort: timelineQuerySortField,
startDate: start,
timerangeKind,
});

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,7 @@ describe('useTimelineEvents', () => {
const startDate: string = '2020-07-07T08:20:18.966Z';
const endDate: string = '3000-01-01T00:00:00.000Z';
const props: UseTimelineEventsProps = {
dataViewId: 'data-view-id',
docValueFields: [],
endDate: '',
id: TimelineId.active,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,11 @@ import { Subscription } from 'rxjs';

import { MappingRuntimeFields } from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
import { ESQuery } from '../../../common/typed_json';
import { isCompleteResponse, isErrorResponse } from '../../../../../../src/plugins/data/common';
import {
DataView,
isCompleteResponse,
isErrorResponse,
} from '../../../../../../src/plugins/data/common';

import { useIsExperimentalFeatureEnabled } from '../../common/hooks/use_experimental_features';
import { inputsModel } from '../../common/store';
Expand Down Expand Up @@ -75,6 +79,7 @@ type TimelineResponse<T extends KueryFilterQueryKind> = T extends 'kuery'
: TimelineEventsAllStrategyResponse;

export interface UseTimelineEventsProps {
dataViewId: string | null;
docValueFields?: DocValueFields[];
endDate: string;
eqlOptions?: EqlOptionsSelected;
Expand Down Expand Up @@ -127,6 +132,7 @@ const deStructureEqlOptions = (eqlOptions?: EqlOptionsSelected) => ({
});

export const useTimelineEvents = ({
dataViewId,
docValueFields,
endDate,
eqlOptions = undefined,
Expand Down Expand Up @@ -207,7 +213,7 @@ export const useTimelineEvents = ({
loadPage: wrappedLoadPage,
updatedAt: 0,
});
const { addError, addWarning } = useAppToasts();
const { addWarning } = useAppToasts();

// TODO: Once we are past experimental phase this code should be removed
const ruleRegistryEnabled = useIsExperimentalFeatureEnabled('ruleRegistryEnabled');
Expand All @@ -227,6 +233,8 @@ export const useTimelineEvents = ({
strategy:
request.language === 'eql' ? 'timelineEqlSearchStrategy' : 'timelineSearchStrategy',
abortSignal: abortCtrl.current.signal,
// we only need the id to throw better errors
indexPattern: { id: dataViewId } as unknown as DataView,
})
.subscribe({
next: (response) => {
Expand Down Expand Up @@ -265,9 +273,7 @@ export const useTimelineEvents = ({
},
error: (msg) => {
setLoading(false);
addError(msg, {
title: i18n.FAIL_TIMELINE_EVENTS,
});
data.search.showError(msg);
searchSubscription$.current.unsubscribe();
},
});
Expand Down Expand Up @@ -321,9 +327,9 @@ export const useTimelineEvents = ({
skip,
id,
data.search,
dataViewId,
setUpdated,
addWarning,
addError,
refetchGrid,
wrappedLoadPage,
]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -13,10 +13,3 @@ export const ERROR_TIMELINE_EVENTS = i18n.translate(
defaultMessage: `An error has occurred on timeline events search`,
}
);

export const FAIL_TIMELINE_EVENTS = i18n.translate(
'xpack.securitySolution.timelineEvents.failSearchDescription',
{
defaultMessage: `Failed to run search on timeline events`,
}
);
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,7 @@ export interface TGridIntegratedProps {
createFieldComponent?: CreateFieldComponentType;
data?: DataPublicPluginStart;
dataProviders: DataProvider[];
dataViewId?: string | null;
defaultCellActions?: TGridCellAction[];
deletedEventIds: Readonly<string[]>;
disabledCellActions: string[];
Expand Down Expand Up @@ -145,6 +146,7 @@ const TGridIntegratedComponent: React.FC<TGridIntegratedProps> = ({
columns,
data,
dataProviders,
dataViewId = null,
defaultCellActions,
deletedEventIds,
disabledCellActions,
Expand Down Expand Up @@ -236,6 +238,7 @@ const TGridIntegratedComponent: React.FC<TGridIntegratedProps> = ({
// We rely on entityType to determine Events vs Alerts
alertConsumers: SECURITY_ALERTS_CONSUMERS,
data,
dataViewId,
docValueFields,
endDate: end,
entityType,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,7 @@ export interface TGridStandaloneProps {
} | null;
afterCaseSelection?: Function;
columns: ColumnHeaderOptions[];
dataViewId?: string | null;
defaultCellActions?: TGridCellAction[];
deletedEventIds: Readonly<string[]>;
disabledCellActions: string[];
Expand Down Expand Up @@ -127,6 +128,7 @@ const TGridStandaloneComponent: React.FC<TGridStandaloneProps> = ({
casesOwner,
casePermissions,
columns,
dataViewId = null,
defaultCellActions,
deletedEventIds,
disabledCellActions,
Expand Down Expand Up @@ -220,6 +222,7 @@ const TGridStandaloneComponent: React.FC<TGridStandaloneProps> = ({
loading,
{ consumers, events, updatedAt, loadPage, pageInfo, refetch, totalCount = 0, inspect },
] = useTimelineEvents({
dataViewId,
docValueFields: [],
entityType,
excludeEcsData: true,
Expand Down
13 changes: 8 additions & 5 deletions x-pack/plugins/timelines/public/container/index.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ import { useCallback, useEffect, useRef, useState } from 'react';
import { useDispatch } from 'react-redux';
import { Subscription } from 'rxjs';
import { MappingRuntimeFields } from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
import type { DataView } from '../../../../../src/plugins/data_views/public';
import {
clearEventsLoading,
clearEventsDeleted,
Expand Down Expand Up @@ -73,6 +74,7 @@ type TimelineResponse<T extends KueryFilterQueryKind> = TimelineEventsAllStrateg
export interface UseTimelineEventsProps {
alertConsumers?: AlertConsumers[];
data?: DataPublicPluginStart;
dataViewId: string | null;
docValueFields?: DocValueFields[];
endDate: string;
entityType: EntityType;
Expand Down Expand Up @@ -117,6 +119,7 @@ export const initSortDefault = [
const NO_CONSUMERS: AlertConsumers[] = [];
export const useTimelineEvents = ({
alertConsumers = NO_CONSUMERS,
dataViewId,
docValueFields,
endDate,
entityType,
Expand Down Expand Up @@ -191,7 +194,7 @@ export const useTimelineEvents = ({
loadPage: wrappedLoadPage,
updatedAt: 0,
});
const { addError, addWarning } = useAppToasts();
const { addWarning } = useAppToasts();

const timelineSearch = useCallback(
(request: TimelineRequest<typeof language> | null) => {
Expand All @@ -213,6 +216,8 @@ export const useTimelineEvents = ({
? 'timelineEqlSearchStrategy'
: 'timelineSearchStrategy',
abortSignal: abortCtrl.current.signal,
// we only need the id to throw better errors
indexPattern: { id: dataViewId } as unknown as DataView,
}
)
.subscribe({
Expand Down Expand Up @@ -242,9 +247,7 @@ export const useTimelineEvents = ({
},
error: (msg) => {
setLoading(false);
addError(msg, {
title: i18n.FAIL_TIMELINE_EVENTS,
});
data.search.showError(msg);
searchSubscription$.current.unsubscribe();
},
});
Expand All @@ -256,7 +259,7 @@ export const useTimelineEvents = ({
asyncSearch();
refetch.current = asyncSearch;
},
[skip, data, entityType, setUpdated, addWarning, addError]
[skip, data, entityType, dataViewId, setUpdated, addWarning]
);

useEffect(() => {
Expand Down
7 changes: 0 additions & 7 deletions x-pack/plugins/timelines/public/container/translations.ts
Original file line number Diff line number Diff line change
Expand Up @@ -13,10 +13,3 @@ export const ERROR_TIMELINE_EVENTS = i18n.translate(
defaultMessage: `An error has occurred on timeline events search`,
}
);

export const FAIL_TIMELINE_EVENTS = i18n.translate(
'xpack.timelines.timelineEvents.failSearchDescription',
{
defaultMessage: `Failed to run search on timeline events`,
}
);
1 change: 1 addition & 0 deletions x-pack/plugins/timelines/public/mock/t_grid.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,7 @@ export const tGridIntegratedProps: TGridIntegratedProps = {
browserFields: mockBrowserFields,
columns: columnHeaders,
dataProviders: mockDataProviders,
dataViewId: 'data-view-id',
deletedEventIds: [],
disabledCellActions: [],
docValueFields: mockDocValueFields,
Expand Down
2 changes: 0 additions & 2 deletions x-pack/plugins/translations/translations/ja-JP.json
Original file line number Diff line number Diff line change
Expand Up @@ -24870,7 +24870,6 @@
"xpack.securitySolution.timeline.youAreInAnEventRendererScreenReaderOnly": "行 {row} のイベントレンダラーを表示しています。上矢印キーを押すと、終了して現在の行に戻ります。下矢印キーを押すと、終了して次の行に進みます。",
"xpack.securitySolution.timeline.youAreInATableCellScreenReaderOnly": "表セルの行 {row}、列 {column} にいます",
"xpack.securitySolution.timelineEvents.errorSearchDescription": "タイムラインイベント検索でエラーが発生しました",
"xpack.securitySolution.timelineEvents.failSearchDescription": "タイムラインイベントで検索を実行できませんでした",
"xpack.securitySolution.timelines.allTimelines.errorFetchingTimelinesTitle": "すべてのタイムラインデータをクエリできませんでした",
"xpack.securitySolution.timelines.allTimelines.importTimelineTitle": "インポート",
"xpack.securitySolution.timelines.allTimelines.panelTitle": "すべてのタイムライン",
Expand Down Expand Up @@ -26222,7 +26221,6 @@
"xpack.timelines.timeline.youAreInAnEventRendererScreenReaderOnly": "行 {row} のイベントレンダラーを表示しています。上矢印キーを押すと、終了して現在の行に戻ります。下矢印キーを押すと、終了して次の行に進みます。",
"xpack.timelines.timeline.youAreInATableCellScreenReaderOnly": "表セルの行 {row}、列 {column} にいます",
"xpack.timelines.timelineEvents.errorSearchDescription": "タイムラインイベント検索でエラーが発生しました",
"xpack.timelines.timelineEvents.failSearchDescription": "タイムラインイベントで検索を実行できませんでした",
"xpack.timelines.toolbar.bulkActions.clearSelectionTitle": "選択した項目をクリア",
"xpack.transform.actionDeleteTransform.bulkDeleteDestDataViewTitle": "ディスティネーションデータビューの削除",
"xpack.transform.actionDeleteTransform.bulkDeleteDestinationIndexTitle": "ディスティネーションインデックスの削除",
Expand Down
2 changes: 0 additions & 2 deletions x-pack/plugins/translations/translations/zh-CN.json
Original file line number Diff line number Diff line change
Expand Up @@ -25281,7 +25281,6 @@
"xpack.securitySolution.timeline.youAreInAnEventRendererScreenReaderOnly": "您正处于第 {row} 行的事件呈现器中。按向上箭头键退出并返回当前行,或按向下箭头键退出并前进到下一行。",
"xpack.securitySolution.timeline.youAreInATableCellScreenReaderOnly": "您处在表单元格中。行:{row},列:{column}",
"xpack.securitySolution.timelineEvents.errorSearchDescription": "搜索时间线事件时发生错误",
"xpack.securitySolution.timelineEvents.failSearchDescription": "无法对时间线事件执行搜索",
"xpack.securitySolution.timelines.allTimelines.errorFetchingTimelinesTitle": "无法查询所有时间线数据",
"xpack.securitySolution.timelines.allTimelines.importTimelineTitle": "导入",
"xpack.securitySolution.timelines.allTimelines.panelTitle": "所有时间线",
Expand Down Expand Up @@ -26675,7 +26674,6 @@
"xpack.timelines.timeline.youAreInAnEventRendererScreenReaderOnly": "您正处于第 {row} 行的事件呈现器中。按向上箭头键退出并返回当前行,或按向下箭头键退出并前进到下一行。",
"xpack.timelines.timeline.youAreInATableCellScreenReaderOnly": "您处在表单元格中。行:{row},列:{column}",
"xpack.timelines.timelineEvents.errorSearchDescription": "搜索时间线事件时发生错误",
"xpack.timelines.timelineEvents.failSearchDescription": "无法对时间线事件执行搜索",
"xpack.timelines.toolbar.bulkActions.clearSelectionTitle": "清除所选内容",
"xpack.timelines.toolbar.bulkActions.selectAllAlertsTitle": "选择全部 {totalAlertsFormatted} 个{totalAlerts, plural, other {告警}}",
"xpack.timelines.toolbar.bulkActions.selectedAlertsTitle": "已选择 {selectedAlertsFormatted} 个{selectedAlerts, plural, other {告警}}",
Expand Down

0 comments on commit cae9386

Please sign in to comment.