Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SIEM] Error toasters when sorting by rule name on detections page #74180

Closed
FrankHassanabad opened this issue Aug 3, 2020 · 1 comment
Closed

[SIEM] Error toasters when sorting by rule name on detections page #74180

FrankHassanabad opened this issue Aug 3, 2020 · 1 comment
Labels
bug Fixes for quality problems that affect the customer experience Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:SIEM

Comments

@FrankHassanabad
Copy link
Contributor

FrankHassanabad commented Aug 3, 2020
edited
Loading

Kibana version:
7.9.0-BC6

This is related to this issue:
#74157

  • Go to the detections page.
  • Sort by rule name
  • Reload your page

Screen Shot 2020-08-03 at 3 42 18 PM

If you look at the error toaster you will see this:
Screen Shot 2020-08-03 at 3 42 30 PM

The root of the issue looks to be that when timeline mounts its self it is causing initial queries against the sime:defaultIndex and does not have the siem signals:
Screen Shot 2020-08-03 at 3 43 07 PM

Later queries will be the correct ones which will be just the siem-signals index and not include these extra indexes on page load. We really want to eliminate duplicate queries of timeline when it first mounts and want to eliminate it from querying the siem:defaultIndex on page load. You do run the risk of the second query taking longer than the first and possibly wrong data on your visualization:
Screen Shot 2020-08-03 at 3 54 25 PM
@elasticmachine
Copy link
Contributor

Pinging @elastic/siem (Team:SIEM)

@FrankHassanabad FrankHassanabad added the bug Fixes for quality problems that affect the customer experience label Aug 3, 2020
@FrankHassanabad FrankHassanabad mentioned this issue Aug 3, 2020
Closed
@XavierM XavierM mentioned this issue Aug 6, 2020
Merged
1 task
@MindyRS MindyRS added the Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. label Oct 27, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Fixes for quality problems that affect the customer experience Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:SIEM
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@FrankHassanabad @MindyRS @elasticmachine