Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

skip query of detections page when we do not have .siem-signals index #74580

Merged
merged 2 commits into from
Aug 6, 2020
Merged

skip query of detections page when we do not have .siem-signals index #74580

merged 2 commits into from
Aug 6, 2020

Conversation

XavierM
Copy link
Contributor

@XavierM XavierM commented Aug 6, 2020
edited
Loading

Summary

This PR is to resolve this issue #74180

  • Go to the detections page.
  • Sort by rule name
  • Reload your page

Screen Shot 2020-08-03 at 3 42 18 PM

If you look at the error toaster you will see this:
Screen Shot 2020-08-03 at 3 42 30 PM

The root of the issue looks to be that when timeline mounts its self it is causing initial queries against the sime:defaultIndex and does not have the siem signals:
Screen Shot 2020-08-03 at 3 43 07 PM

Later queries will be the correct ones which will be just the siem-signals index and not include these extra indexes on page load. We really want to eliminate duplicate queries of timeline when it first mounts and want to eliminate it from querying the siem:defaultIndex on page load. You do run the risk of the second query taking longer than the first and possibly wrong data on your visualization:
Screen Shot 2020-08-03 at 3 54 25 PM

Checklist

@XavierM XavierM added bug Fixes for quality problems that affect the customer experience Team:SIEM v8.0.0 release_note:skip Skip the PR/issue when compiling release notes v7.10.0 v7.9.0 labels Aug 6, 2020
@XavierM XavierM requested review from a team as code owners August 6, 2020 18:32
@XavierM XavierM self-assigned this Aug 6, 2020
@elasticmachine
Copy link
Contributor

Pinging @elastic/siem (Team:SIEM)

@XavierM XavierM force-pushed the timeline-detections branch 2 times, most recently from f4ce231 to a925deb Compare August 6, 2020 20:12
spong
spong approved these changes Aug 6, 2020
View reviewed changes
Copy link
Member

@spong spong left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Checked out and tested locally and sorting is working without a toaster error on both the Detections and Rule Details pages. Also did a little regression testing around the timeline event type selector and all looked good there as well! 👍 Thanks for clearing this one up for our users @XavierM! LGTM! 🌈 🦋

@kibanamachine
Copy link
Contributor

💚 Build Succeeded

Build metrics

@kbn/optimizer bundle module count

id value diff baseline
securitySolution 2029 +1 2028

async chunks size

id value diff baseline
securitySolution 7.3MB +335.0B 7.3MB

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@XavierM XavierM merged commit fbd79ea into elastic:master Aug 6, 2020
XavierM added a commit to XavierM/kibana that referenced this pull request Aug 6, 2020
@XavierM
skip query of detections page when we do not have .siem-signals index (
3e2a7a0 
…elastic#74580)

* skip query of detections page when we do not have .siem-signals index

* review I
@XavierM XavierM mentioned this pull request Aug 6, 2020
Merged
XavierM added a commit to XavierM/kibana that referenced this pull request Aug 6, 2020
@XavierM
skip query of detections page when we do not have .siem-signals index (
db23a7e 
…elastic#74580)

* skip query of detections page when we do not have .siem-signals index

* review I
@XavierM XavierM mentioned this pull request Aug 6, 2020
Merged
XavierM added a commit that referenced this pull request Aug 7, 2020
@XavierM
skip query of detections page when we do not have .siem-signals index (
1341ccc 
…#74580) (#74610)

* skip query of detections page when we do not have .siem-signals index

* review I
XavierM added a commit that referenced this pull request Aug 7, 2020
@XavierM
skip query of detections page when we do not have .siem-signals index (
65357b2 
…#74580) (#74609)

* skip query of detections page when we do not have .siem-signals index

* review I
@angorayc angorayc mentioned this pull request Aug 19, 2020
Closed
@MindyRS MindyRS added the Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. label Sep 23, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rylnd rylnd rylnd left review comments

@spong spong spong approved these changes

Assignees

@XavierM XavierM

Labels
bug Fixes for quality problems that affect the customer experience release_note:skip Skip the PR/issue when compiling release notes Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:SIEM v7.9.0 v7.10.0 v8.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@XavierM @elasticmachine @kibanamachine @rylnd @spong @MindyRS