Fixes auto suggest in security solution #145924
Conversation
stephmilovic
added
release_note:skip
stephmilovic
changed the title
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
There was a problem hiding this comment.
Hmm, just from a quick check of the autocomplete logic it looks like we need to make sure the data view object has other fields as well, such as title and timeFieldName (and possibly others). What is the data view in security solution an instance of? Maybe for now we could at least check for title as well. @mattkime Any thoughts on how to verify that the object here is data view-like?
|
I’d prefer to move away from using data view like objects. Perhaps security solution could create an ad hoc data view and skip loading the field list. that said, I know that this need to ship quickly and I don’t want to slow this down |
@mattkime @lukasolson |
|
@lukasolson @mattkime I briefly mention some complexity issues here. I think there is definitely an interest in moving as much of sourcerer to use ad-hoc data views as possible, as is the case with the effort in this draft PR by @YulNaumenko . However, after spending some time investigating how we could implement in-memory data views in sourcerer before reaching out to @mattkime, it became apparent that we would not have the time to implement these changes in sourcerer. At this stage of the release process I am afraid the necessary changes to accomplish a move to in-memory data views for sourcerer will introduce too many changes to the security solution and we will not have the capacity and requisite time to cover all edge cases where code depending on properties from the SourcererDataView type will need to be migrated to corresponding properties on the DataView class. I think the ask here is if it is possible to reduce the partitioning logic such that it is only checking for properties the unified search bar requires to function? |
|
Just found/fixed this related bug. Thinking we should check for FWIW, from what I can tell value is not even on the DataView class that unified search is checking: |
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]Async chunks
Page load bundle
Unknown metric groupsESLint disabled in files
ESLint disabled line counts
Total ESLint disabled count
History
To update your PR or re-run it, just comment with: |
(cherry picked from commit 3a6825c)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
# Backport This will backport the following commits from `main` to `8.6`: - [Fixes auto suggest in security solution (#145924)](#145924) <!--- Backport version: 8.9.7 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Steph Milovic","email":"stephanie.milovic@elastic.co"},"sourceCommit":{"committedDate":"2022-11-28T16:52:03Z","message":"Fixes auto suggest in security solution (#145924)","sha":"3a6825cf47e80dab9aeae373a1a93ab740e733eb","branchLabelMapping":{"^v8.7.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team: SecuritySolution","Team:Security Solution Platform","v8.6.0","v8.7.0"],"number":145924,"url":"https://github.com/elastic/kibana/pull/145924","mergeCommit":{"message":"Fixes auto suggest in security solution (#145924)","sha":"3a6825cf47e80dab9aeae373a1a93ab740e733eb"}},"sourceBranch":"main","suggestedTargetBranches":["8.6"],"targetPullRequestStates":[{"branch":"8.6","label":"v8.6.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.7.0","labelRegex":"^v8.7.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/145924","number":145924,"mergeCommit":{"message":"Fixes auto suggest in security solution (#145924)","sha":"3a6825cf47e80dab9aeae373a1a93ab740e733eb"}}]}] BACKPORT--> Co-authored-by: Steph Milovic <stephanie.milovic@elastic.co>
Resolves #144229
Security solution does store the full
DataViewobject on the client side of the siem app for performance reasons. The addition of the linereturn indexPattern instance of DataViewto unified search breaks auto suggest kql query bar across all of security solution. By changing the check to only check for the necessary propertyindexPattern.fields, everything functions as expected again.