-
Notifications
You must be signed in to change notification settings - Fork 187
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New search bar component #4312
Comments
Research about current SearchBar behaviorsequenceDiagram
WzSearchBar->>SuggestHandler: input query in string
SuggestHandler ->> QInterpreter: query string
loop
QInterpreter->>QInterpreter: PARSE and VALIDATE the query
end
QInterpreter->>SuggestHandler: response is VALID or INVALID
SuggestHandler->>WzSearchBadges: send VALID filters
Note right of WzSearchBadges: Add badges for each VALID filter
Query Filters routegraph TD;
UISearchBar-->ValidFiltersList-->filtersToObject-->WazuhManager(API)
|
The current search bar translates the input to the expected Wazuh query syntax. This has some problems related to the I think the easier approach is using directly the Wazuh query language without translations. The problem with this approach is that is more complicated for users that don't know the query language. IdeaI think we could offer multiple query languages. One of them, should be the Wazuh query language without translations, this would avoid any problems on our side. Moreover, we could add a user-friendly language/interface to the query that could be based on the current query syntax provided by the This approach is based on the search bar used to query to Elasticseach/Wazuh indexer in the |
POC - Search bar - Multiple query languagesI am working around the idea of a search bar that supports multiple query languages. The selection can be changed through a control. This base component expects the query language to be registered and has a specific interface to interact with. The base component only manages the input text, then this is passed to the selected query language to analyze the query and returns the properties that should use the base component. This enables to the extension of the functionality. The new search bar base component is based on a custom
The approach of this POC, let to decouple the business logic of each query language. For example, adding suggestions according to the input query or defining the action when a suggestion item is clicked. |
POC - Query language - API query languageTaking as the base the POC of the new search bar component that supports multiple query languages, I am working on a compatible interface that is based on a similar approach to the Wazuh API query language https://documentation.wazuh.com/current/user-manual/api/queries.html. The behavior is similar to the current The current implementation analyzes (through a custom analysis) the query and tokenizes it. Then, these tokens are used to get the suggestions that will be displayed in the search bar. I have added some tests with use cases to test the tokenizer and the suggestions handler. Features:
Screenshots:Open the query language informationThis contains information about the current query language and a selector to change the selected query language. Suggestions |
@wazuh/framework will complete an investigation on the reports done by @Desvelao and our current implementation of the q parameter. |
To prevent some differences between the expected queries by the Wazuh API and the implementation of the query language in the search bar, we must know the implementation and decomposition of the query through the |
POC - Search bar - Query Language custom behaviorI am working around the idea to allow each query language can define custom behaviors. As a POC, I added a prepend element to the search bar to indicate that there is a implicit filter. This is useful to display that there is a non-editable query that will be added to the user query. This case is in the search bar located in the Agents section, that negates the data related to the Wazuh managers ( Screenshots I need to refactor some logic in the POC of new search bar component. |
POC - Search bar - Multiple query languagesI uploaded a POC of this search bar to the branch https://github.com/wazuh/wazuh-kibana-app/tree/feat/4312-poc-search-bar-component-multiple-query-language-api-query-language-implementation. This POC contains:
|
The work in the POC will be on hold until the @wazuh/framework can give us details about the implementation and analysis of the query in the |
DiscussionIn today's meeting, it was decided the framework team will work to provide knowledge how the query decomposition works in the |
Decomposition of
|
Thank you so much for the I will work to enhance the current API query language implementation in the search bar. |
I would like to implement a validation of the query in the search bar to avoid or reduce and indicate to the user the query is invalid. @Selutario, is there some validation that the API is checking according to the schema? or validating if the group operators (opening and closing) are in the correct place or grouping level? Any more consideration? If yes, could you provide the information? Thank you so much! |
POC - Query language - API query languageIn a previous meeting related to the search query done in #5196, it was mentioned that the new search bar and AQL implementation could use this query when the user introduces a search term, searching in each used (table columns) through a like ( The current implementation of AQL doesn't support this functionality so the user should introduce the query manually. We should discuss if this feature should be allowed by the implementation or not. |
POC - Query language - API query language - Hidding the suggestions when using Search suggestion.The search bar displays a suggestion to run the search query. When clicking it, the suggestions popover disappeared for a short period of time and this appeared again. DiggingI was researching the cause of this. I reviewed the current WzSearchBar implementation that changes the visibility of the suggestions popover and blurs the input. This seems not to work as expected, and the suggestion popover appeared after using the Search suggestion, the same for the Apply filter suggestion of the WzSearchBar. Clicking in a suggestion item of the popover, ran a handler. This handler called the onSearch function and close the suggestion popover and blurred the input (same logic as the current WzSearchBar), then a focus event was triggered causing the visibility of the suggestion popover is on. I didn't understand the reason for this behavior so I researched the cause of this. I researched and tried multiple things without success. Finally, I asked for help and I had a meeting with @asteriscos, where I was explaining him the problem to review if I was missing something. We concluded that something unknown and not intentional by our side is firing the focus event in the input. So I researched the components used. One of them is coming from the |
POC - Query language - API query languageFixes
|
Answering these questions: Is there some validation that the API is checking according to the schema?Yes, there are multiple validations in addition to the regex. For each match ( 1. Check whether
|
This is useful to add minimal validation in the search bar and inform to the user of a problem with the input query. I will see to add the validation of At the moment, I have no more considerations. Thank you so much for the information @Selutario! |
POC - Search bar - Display input query errorThe new search bar component wraps the custom For the required query language implementations, they should validate the user input and returns the validation error when the input analysis is done. This property could be forwarded to the The validation of the input query could be useful to prevent the user can run an invalid query and inform that there is an error. |
Some options:
As I said in the quoted message, we should discuss if we want to implement this feature. |
POC - Search barChanges
|
DisccussionIn today's meeting, I was exposing the work done on this issue and the POC. The action items to do are:
|
POC - Search bar - HAQLI was working on a high-level implementation based on the Wazuh API Query Language. The syntax is similar to the current query language used by the current
I added the ability to define the values wrapped with quotes Moreover, the usage of whitespace to separate entities is optional. Features:
I added documentation related to this query language. I added tests to test some functionalities. |
ChangesI replaced the search bar and table component on some sections of the Wazuh plugin. Pull requests:
The pull requests are on draft due they need the enhancement of API endpoints. The work is paused until wazuh/wazuh#16552 is solved and merged, so I can develop with a Wazuh manager and get other potential requirements of all the implementation. Currently, potential problems to solve: I added the actions items: wazuh/wazuh#16902 (comment) The tables in the |
CheckI checked a problem happening in the previous search bar #4313 (comment). This issue could be closed once we replace the current search bar by the new one. |
UpdateThe development that was asked here has been completed:
We can continue to implement the missing features in the related pull requests. |
Changes
TODO
|
ProblemSome suggested values can not be used to search due a validation error SolutionAs a workaround, the values provided by the API responses are filtered. They should match the validation regular expression. This ensures the validation done by the search bar will not display a validation error when using a suggested value. This causes some possible value suggestions to be not displayed.
Current approach:
|
This was fixed here: 9e121ad |
ChangesA new mechanism was added to debounce the updating of the search bar state was added. This mitigates some problems related to the state changes that cause the UI to display data that should be incorrect regarding the input query. This lets to reduce the API request count if the user is typing in the search bar within the time interval. For another hand, the search bar seems to be less reactive due to the debounce time. |
All PRs successfully merged |
Summary
Our current SearchBar component is far from working properly, and it's being harder and harder to maintain over time.
We need to deprecate this component in favor of a better one, and use it consistently along the App.
This Epic will hold the issues of the current component to be used as functional requirements for the new component, and also will cover its design and development.
Functional requirements
and
andor
on their names, including the white spaces. Error searching vulnerabilities by the name indexed in the summary #4088Non-functional requirements
To be done.
Related issues
Design
There are several designs on the table at the moment. The most supported one is to use the Wazuh Query Language as is, with no translations, as was done on the previous search bar, which translated any
and
andor
in the query with;
and,
, respectively.Desirable tasks
The text was updated successfully, but these errors were encountered: