[Security Solution] Change default index pattern (elastic#70797)

* [Security Solution] Change default index pattern Add `logs-*` to the Security Solution default index pattern. This should allow the app to recognize events from the Elastic Endpoint.
oatkiller · Jul 7, 2020 · 945de5a · 945de5a
1 parent ee9bb7c
commit 945de5a
Show file tree

Hide file tree

Showing 12 changed files with 20 additions and 3 deletions.
diff --git a/x-pack/plugins/security_solution/common/constants.ts b/x-pack/plugins/security_solution/common/constants.ts
@@ -61,6 +61,7 @@ export const DEFAULT_INDEX_PATTERN = [
   'filebeat-*',
   'packetbeat-*',
   'winlogbeat-*',
+  'logs-*',
 ];
 
 /** This Kibana Advanced Setting enables the `Security news` feed widget */

diff --git a/...ty_solution/public/alerts/containers/detection_engine/rules/fetch_index_patterns.test.tsx b/...ty_solution/public/alerts/containers/detection_engine/rules/fetch_index_patterns.test.tsx
@@ -354,6 +354,7 @@ describe('useFetchIndexPatterns', () => {
                     'filebeat-*',
                     'packetbeat-*',
                     'winlogbeat-*',
+                    'logs-*',
                   ],
                   name: 'event.end',
                   searchable: true,
@@ -370,6 +371,7 @@ describe('useFetchIndexPatterns', () => {
             'filebeat-*',
             'packetbeat-*',
             'winlogbeat-*',
+            'logs-*',
           ],
           indicesExists: true,
           indexPatterns: {
@@ -415,7 +417,8 @@ describe('useFetchIndexPatterns', () => {
               { name: 'source.port', searchable: true, type: 'long', aggregatable: true },
               { name: 'event.end', searchable: true, type: 'date', aggregatable: true },
             ],
-            title: 'apm-*-transaction*,auditbeat-*,endgame-*,filebeat-*,packetbeat-*,winlogbeat-*',
+            title:
+              'apm-*-transaction*,auditbeat-*,endgame-*,filebeat-*,packetbeat-*,winlogbeat-*,logs-*',
           },
         },
         result.current[1],
@@ -449,6 +452,7 @@ describe('useFetchIndexPatterns', () => {
             'filebeat-*',
             'packetbeat-*',
             'winlogbeat-*',
+            'logs-*',
           ],
           indicesExists: false,
           isLoading: false,

diff --git a/...lic/common/components/drag_and_drop/__snapshots__/drag_drop_context_wrapper.test.tsx.snap b/...lic/common/components/drag_and_drop/__snapshots__/drag_drop_context_wrapper.test.tsx.snap
diff --git a/...solution/public/common/components/event_details/__snapshots__/event_details.test.tsx.snap b/...solution/public/common/components/event_details/__snapshots__/event_details.test.tsx.snap
diff --git a/x-pack/plugins/security_solution/public/common/containers/source/index.test.tsx b/x-pack/plugins/security_solution/public/common/containers/source/index.test.tsx
@@ -28,7 +28,8 @@ describe('Index Fields & Browser Fields', () => {
       errorMessage: null,
       indexPattern: {
         fields: [],
-        title: 'apm-*-transaction*,auditbeat-*,endgame-*,filebeat-*,packetbeat-*,winlogbeat-*',
+        title:
+          'apm-*-transaction*,auditbeat-*,endgame-*,filebeat-*,packetbeat-*,winlogbeat-*,logs-*',
       },
       indicesExist: true,
       loading: true,
@@ -57,7 +58,8 @@ describe('Index Fields & Browser Fields', () => {
         browserFields: mockBrowserFields,
         indexPattern: {
           fields: mockIndexFields,
-          title: 'apm-*-transaction*,auditbeat-*,endgame-*,filebeat-*,packetbeat-*,winlogbeat-*',
+          title:
+            'apm-*-transaction*,auditbeat-*,endgame-*,filebeat-*,packetbeat-*,winlogbeat-*,logs-*',
         },
         loading: false,
         errorMessage: null,

diff --git a/x-pack/plugins/security_solution/public/overview/components/overview_host/index.test.tsx b/x-pack/plugins/security_solution/public/overview/components/overview_host/index.test.tsx
@@ -60,6 +60,7 @@ const mockOpenTimelineQueryResults: MockedProvidedQuery[] = [
           'filebeat-*',
           'packetbeat-*',
           'winlogbeat-*',
+          'logs-*',
         ],
         inspect: false,
       },

diff --git a/x-pack/plugins/security_solution/public/overview/components/overview_network/index.test.tsx b/x-pack/plugins/security_solution/public/overview/components/overview_network/index.test.tsx
@@ -75,6 +75,7 @@ const mockOpenTimelineQueryResults: MockedProvidedQuery[] = [
           'filebeat-*',
           'packetbeat-*',
           'winlogbeat-*',
+          'logs-*',
         ],
         inspect: false,
       },

diff --git a/...curity_solution/public/timelines/components/timeline/__snapshots__/timeline.test.tsx.snap b/...curity_solution/public/timelines/components/timeline/__snapshots__/timeline.test.tsx.snap
diff --git a/...ublic/timelines/components/timeline/body/column_headers/__snapshots__/index.test.tsx.snap b/...ublic/timelines/components/timeline/body/column_headers/__snapshots__/index.test.tsx.snap
diff --git a/...onents/timeline/body/renderers/suricata/__snapshots__/suricata_row_renderer.test.tsx.snap b/...onents/timeline/body/renderers/suricata/__snapshots__/suricata_row_renderer.test.tsx.snap
diff --git a/...imelines/components/timeline/body/renderers/zeek/__snapshots__/zeek_details.test.tsx.snap b/...imelines/components/timeline/body/renderers/zeek/__snapshots__/zeek_details.test.tsx.snap
diff --git a/...nes/components/timeline/body/renderers/zeek/__snapshots__/zeek_row_renderer.test.tsx.snap b/...nes/components/timeline/body/renderers/zeek/__snapshots__/zeek_row_renderer.test.tsx.snap