Bug: ES query returning no records for d-rule alerts. (#102160) (#102347

) # Conflicts: # x-pack/plugins/security_solution/server/usage/detections/detection_rule_helpers.ts
elastic · Jun 16, 2021 · df34b1b · df34b1b
1 parent e40ade0
commit df34b1b
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/x-pack/plugins/security_solution/server/usage/detections/detection_rule_helpers.ts b/x-pack/plugins/security_solution/server/usage/detections/detection_rule_helpers.ts
@@ -177,6 +177,8 @@ export const updateDetectionRuleUsage = (
   return updatedUsage;
 };
 
+const MAX_RESULTS_WINDOW = 10_000; // elasticsearch index.max_result_window default value
+
 export const getDetectionRuleMetrics = async (
   kibanaIndex: string,
   signalsIndex: string,
@@ -189,14 +191,14 @@ export const getDetectionRuleMetrics = async (
     filterPath: [],
     ignoreUnavailable: true,
     index: kibanaIndex,
-    size: 1,
+    size: MAX_RESULTS_WINDOW,
   };
 
   try {
     const { body: ruleResults } = await esClient.search<RuleSearchResult>(ruleSearchOptions);
     const { body: detectionAlertsResp } = (await esClient.search({
       index: `${signalsIndex}*`,
-      size: 0,
+      size: MAX_RESULTS_WINDOW,
       body: {
         aggs: {
           detectionAlerts: {
@@ -224,7 +226,7 @@ export const getDetectionRuleMetrics = async (
       type: 'cases-comments',
       fields: [],
       page: 1,
-      perPage: 10_000,
+      perPage: MAX_RESULTS_WINDOW,
       filter: 'cases-comments.attributes.type: alert',
     });