[Infra] Running processes missing from processes table

x-pack/solutions/observability/plugins/infra/common/constants.ts

@@ -35,7 +35,7 @@ export const TIEBREAKER_FIELD = '_doc';
 export const HOST_NAME_FIELD = 'host.name';
 export const CONTAINER_ID_FIELD = 'container.id';
 export const KUBERNETES_POD_UID_FIELD = 'kubernetes.pod.uid';
-export const SYSTEM_PROCESS_CMDLINE_FIELD = 'system.process.cmdline';
+export const PROCESS_COMMANDLINE_FIELD = 'process.command_line';
 export const EVENT_MODULE = 'event.module';
 export const METRICSET_MODULE = 'metricset.module';
 export const METRICSET_NAME = 'metricset.name';

x-pack/solutions/observability/plugins/infra/common/http_api/host_details/process_list.ts

@@ -58,6 +58,7 @@ export const ProcessListAPIQueryAggregationRT = rt.type({
                   _source: rt.type({
                     process: rt.type({
                       pid: rt.number,
+                      command_line: rt.string,
                     }),
                     system: rt.type({
                       process: rt.type({

x-pack/solutions/observability/plugins/infra/public/components/asset_details/tabs/processes/parse_search_string.ts

@@ -5,6 +5,8 @@
  * 2.0.
  */
 
+import { PROCESS_COMMANDLINE_FIELD } from '../../../../../common/constants';
+
 export const parseSearchString = (query: string) => {
   if (query.trim() === '') {
     return [
@@ -22,7 +24,7 @@ export const parseSearchString = (query: string) => {
   return [
     ...cmdlineFilters.map((clause) => ({
       query_string: {
-        fields: ['system.process.cmdline'],
+        fields: [PROCESS_COMMANDLINE_FIELD],
         query: `*${escapeReservedCharacters(clause)}*`,
         minimum_should_match: 1,
       },

x-pack/solutions/observability/plugins/infra/public/components/asset_details/tabs/processes/process_row_charts.tsx

@@ -166,44 +166,40 @@ const ProcessChart = ({ timeseries, color, label }: ProcessChartProps) => {
     : { max: 0, min: 0 };
 
   return (
-    <div
-      css={css`
-         {
-          width: 100%;
-          height: 140px;
-        }
-      `}
+    <Chart
+      size={{
+        height: '140px',
+        width: '100%',
+      }}
     >
-      <Chart>
-        <MetricExplorerSeriesChart
-          type={MetricsExplorerChartType.area}
-          metric={chartMetric}
-          id="0"
-          series={timeseries}
-          stack={false}
-        />
-        <Axis
-          id={'timestamp'}
-          position={Position.Bottom}
-          showOverlappingTicks={true}
-          tickFormat={dateFormatter}
-        />
-        <Axis
-          id={'values'}
-          position={Position.Left}
-          tickFormat={yAxisFormatter}
-          domain={domain}
-          ticks={6}
-          gridLine={{ visible: true }}
-        />
-        <Tooltip headerFormatter={({ value }) => moment(value).format('Y-MM-DD HH:mm:ss.SSS')} />
-        <Settings
-          baseTheme={chartTheme.baseTheme}
-          theme={chartTheme.theme}
-          locale={i18n.getLocale()}
-        />
-      </Chart>
-    </div>
+      <MetricExplorerSeriesChart
+        type={MetricsExplorerChartType.area}
+        metric={chartMetric}
+        id="0"
+        series={timeseries}
+        stack={false}
+      />
+      <Axis
+        id={'timestamp'}
+        position={Position.Bottom}
+        showOverlappingTicks={true}
+        tickFormat={dateFormatter}
+      />
+      <Axis
+        id={'values'}
+        position={Position.Left}
+        tickFormat={yAxisFormatter}
+        domain={domain}
+        ticks={6}
+        gridLine={{ visible: true }}
+      />
+      <Tooltip headerFormatter={({ value }) => moment(value).format('Y-MM-DD HH:mm:ss.SSS')} />
+      <Settings
+        baseTheme={chartTheme.baseTheme}
+        theme={chartTheme.theme}
+        locale={i18n.getLocale()}
+      />
+    </Chart>
   );
 };
 

x-pack/solutions/observability/plugins/infra/server/lib/host_details/process_list.ts

@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import { TIMESTAMP_FIELD, SYSTEM_PROCESS_CMDLINE_FIELD } from '../../../common/constants';
+import { TIMESTAMP_FIELD, PROCESS_COMMANDLINE_FIELD } from '../../../common/constants';
 import type {
   ProcessListAPIRequest,
   ProcessListAPIQueryAggregation,
@@ -72,7 +72,7 @@ export const getProcessList = async (
         aggs: {
           filteredProcs: {
             terms: {
-              field: SYSTEM_PROCESS_CMDLINE_FIELD,
+              field: PROCESS_COMMANDLINE_FIELD,
               size: TOP_N,
               order: {
                 [sortBy.name]: sortBy.isAscending ? 'asc' : 'desc',
@@ -104,7 +104,12 @@ export const getProcessList = async (
                       },
                     },
                   ],
-                  _source: ['system.process.state', 'user.name', 'process.pid'],
+                  _source: [
+                    'system.process.state',
+                    'user.name',
+                    'process.pid',
+                    'process.command_line',
+                  ],
                 },
               },
             },

x-pack/solutions/observability/plugins/infra/server/lib/host_details/process_list_chart.ts

@@ -6,7 +6,7 @@
  */
 
 import { first } from 'lodash';
-import { TIMESTAMP_FIELD, SYSTEM_PROCESS_CMDLINE_FIELD } from '../../../common/constants';
+import { TIMESTAMP_FIELD, PROCESS_COMMANDLINE_FIELD } from '../../../common/constants';
 import type {
   ProcessListAPIChartRequest,
   ProcessListAPIChartQueryAggregation,
@@ -48,7 +48,7 @@ export const getProcessListChart = async (
             must: [
               {
                 match: {
-                  [SYSTEM_PROCESS_CMDLINE_FIELD]: command,
+                  [PROCESS_COMMANDLINE_FIELD]: command,
                 },
               },
             ],
@@ -57,7 +57,7 @@ export const getProcessListChart = async (
         aggs: {
           filteredProc: {
             terms: {
-              field: SYSTEM_PROCESS_CMDLINE_FIELD,
+              field: PROCESS_COMMANDLINE_FIELD,
               size: 1,
             },
             aggs: {

x-pack/test/api_integration/deployment_agnostic/apis/observability/infra/metrics_process_list.ts

@@ -21,15 +21,20 @@ export default function ({ getService }: DeploymentAgnosticFtrProviderContext) {
 
   describe('API /api/metrics/process_list', () => {
     let supertestWithAdminScope: SupertestWithRoleScopeType;
+
     before(async () => {
       supertestWithAdminScope = await roleScopedSupertest.getSupertestWithRoleScope('admin', {
         withInternalHeaders: true,
         useCookieHeader: true,
       });
-      await esArchiver.load('x-pack/test/functional/es_archives/infra/8.0.0/metrics_and_apm');
+      await esArchiver.load(
+        'x-pack/test/functional/es_archives/infra/8.0.0/metrics_hosts_processes'
+      );
     });
     after(async () => {
-      await esArchiver.unload('x-pack/test/functional/es_archives/infra/8.0.0/metrics_and_apm');
+      await esArchiver.unload(
+        'x-pack/test/functional/es_archives/infra/8.0.0/metrics_hosts_processes'
+      );
       await supertestWithAdminScope.destroy();
     });
 
@@ -42,7 +47,7 @@ export default function ({ getService }: DeploymentAgnosticFtrProviderContext) {
               'host.name': 'gke-observability-8--observability-8--bc1afd95-nhhw',
             },
             sourceId: 'default',
-            to: 1564432800000,
+            to: 1680027660000,
             sortBy: {
               name: 'cpu',
               isAscending: false,
@@ -59,7 +64,7 @@ export default function ({ getService }: DeploymentAgnosticFtrProviderContext) {
       const { processList, summary } = decodeOrThrow(ProcessListAPIResponseRT)(response.body);
 
       expect(processList.length).to.be(10);
-      expect(summary.total).to.be(178);
+      expect(summary.total).to.be(313);
     });
   });
 }

x-pack/test/api_integration/deployment_agnostic/apis/observability/infra/metrics_process_list_chart.ts

@@ -27,10 +27,14 @@ export default function ({ getService }: DeploymentAgnosticFtrProviderContext) {
         withInternalHeaders: true,
         useCookieHeader: true,
       });
-      await esArchiver.load('x-pack/test/functional/es_archives/infra/8.0.0/metrics_and_apm');
+      await esArchiver.load(
+        'x-pack/test/functional/es_archives/infra/8.0.0/metrics_hosts_processes'
+      );
     });
     after(async () => {
-      await esArchiver.unload('x-pack/test/functional/es_archives/infra/8.0.0/metrics_and_apm');
+      await esArchiver.unload(
+        'x-pack/test/functional/es_archives/infra/8.0.0/metrics_hosts_processes'
+      );
       await supertestWithAdminScope.destroy();
     });
 
@@ -43,8 +47,9 @@ export default function ({ getService }: DeploymentAgnosticFtrProviderContext) {
               'host.name': 'gke-observability-8--observability-8--bc1afd95-nhhw',
             },
             indexPattern: 'metrics-*,metricbeat-*',
-            to: 1564432800000,
-            command: '/usr/lib/systemd/systemd-journald',
+            to: 1680027660000,
+            command:
+              '/System/Library/CoreServices/NotificationCenter.app/Contents/MacOS/NotificationCenter',
           })
         )
         .expect(200);