Only show aggregatable fields for threshold rule grouping

madirey · Dec 3, 2020 · 539fa49 · 539fa49
1 parent a4cc0c8
commit 539fa49
Show file tree

Hide file tree

Showing 7 changed files with 20 additions and 8 deletions.
diff --git a/src/plugins/data/server/index_patterns/fetcher/index_patterns_fetcher.ts b/src/plugins/data/server/index_patterns/fetcher/index_patterns_fetcher.ts
@@ -65,14 +65,16 @@ export class IndexPatternsFetcher {
     pattern: string | string[];
     metaFields?: string[];
     fieldCapsOptions?: { allow_no_indices: boolean };
+    filters?: { aggregatable: boolean };
     type?: string;
     rollupIndex?: string;
   }): Promise<FieldDescriptor[]> {
-    const { pattern, metaFields, fieldCapsOptions, type, rollupIndex } = options;
+    const { pattern, metaFields, fieldCapsOptions, filters, type, rollupIndex } = options;
     const fieldCapsResponse = await getFieldCapabilities(
       this.elasticsearchClient,
       pattern,
       metaFields,
+      filters,
       {
         allow_no_indices: fieldCapsOptions
           ? fieldCapsOptions.allow_no_indices

diff --git a/src/plugins/data/server/index_patterns/fetcher/lib/field_capabilities/field_capabilities.ts b/src/plugins/data/server/index_patterns/fetcher/lib/field_capabilities/field_capabilities.ts
@@ -39,6 +39,7 @@ export async function getFieldCapabilities(
   callCluster: ElasticsearchClient,
   indices: string | string[] = [],
   metaFields: string[] = [],
+  filters?: { aggregatable: boolean },
   fieldCapsOptions?: { allow_no_indices: boolean }
 ) {
   const esFieldCaps = await callFieldCapsApi(callCluster, indices, fieldCapsOptions);
@@ -69,7 +70,8 @@ export async function getFieldCapabilities(
         readFromDocValues: false,
       })
     )
-    .map(mergeOverrides);
+    .map(mergeOverrides)
+    .filter((field) => (filters?.aggregatable ? field.aggregatable === true : true));
 
   return sortBy(allFieldsUnsorted, 'name');
 }
diff --git a/src/plugins/es_ui_shared/static/forms/hook_form_lib/hooks/use_field.ts b/src/plugins/es_ui_shared/static/forms/hook_form_lib/hooks/use_field.ts
@@ -42,7 +42,7 @@ export const useField = <T, FormType = FormData, I = T>(
 ) => {
   const {
     type = FIELD_TYPES.TEXT,
-    defaultValue = '', // The value to use a fallback mecanism when no initial value is passed
+    defaultValue = '', // The value to use a fallback mechanism when no initial value is passed
     initialValue = config.defaultValue ?? '', // The value explicitly passed
     isIncludedInOutput = true,
     label = '',

diff --git a/x-pack/plugins/security_solution/common/search_strategy/index_fields/index.ts b/x-pack/plugins/security_solution/common/search_strategy/index_fields/index.ts
@@ -51,6 +51,7 @@ export type BeatFields = Record<string, FieldInfo>;
 export interface IndexFieldsStrategyRequest extends IEsSearchRequest {
   indices: string[];
   onlyCheckIfIndicesExist: boolean;
+  filters?: { aggregatable: boolean };
 }
 
 export interface IndexFieldsStrategyResponse extends IEsSearchResponse {

diff --git a/x-pack/plugins/security_solution/public/common/containers/source/index.tsx b/x-pack/plugins/security_solution/public/common/containers/source/index.tsx
@@ -121,7 +121,8 @@ interface FetchIndexReturn {
 
 export const useFetchIndex = (
   indexNames: string[],
-  onlyCheckIfIndicesExist: boolean = false
+  onlyCheckIfIndicesExist: boolean = false,
+  filters?: { aggregatable: boolean }
 ): [boolean, FetchIndexReturn] => {
   const { data, notifications } = useKibana().services;
   const abortCtrl = useRef(new AbortController());
@@ -144,7 +145,7 @@ export const useFetchIndex = (
         setLoading(true);
         const searchSubscription$ = data.search
           .search<IndexFieldsStrategyRequest, IndexFieldsStrategyResponse>(
-            { indices: iNames, onlyCheckIfIndicesExist },
+            { indices: iNames, onlyCheckIfIndicesExist, filters },
             {
               abortSignal: abortCtrl.current.signal,
               strategy: 'securitySolutionIndexFields',
@@ -193,7 +194,7 @@ export const useFetchIndex = (
         abortCtrl.current.abort();
       };
     },
-    [data.search, notifications.toasts, onlyCheckIfIndicesExist]
+    [data.search, filters, notifications.toasts, onlyCheckIfIndicesExist]
   );
 
   useEffect(() => {

diff --git a/...k/plugins/security_solution/public/detections/components/rules/step_define_rule/index.tsx b/...k/plugins/security_solution/public/detections/components/rules/step_define_rule/index.tsx
@@ -167,7 +167,12 @@ const StepDefineRuleComponent: FC<StepDefineRuleProps> = ({
   const ruleType = formRuleType || initialState.ruleType;
   const queryBarQuery =
     formQuery != null ? formQuery.query.query : '' || initialState.queryBar.query.query;
-  const [indexPatternsLoading, { browserFields, indexPatterns }] = useFetchIndex(index);
+  const filters = isThresholdRule(ruleType) ? { aggregatable: true } : undefined;
+  const [indexPatternsLoading, { browserFields, indexPatterns }] = useFetchIndex(
+    index,
+    false,
+    filters
+  );
   const [
     threatIndexPatternsLoading,
     { browserFields: threatBrowserFields, indexPatterns: threatIndexPatterns },

diff --git a/x-pack/plugins/security_solution/server/search_strategy/index_fields/index.ts b/x-pack/plugins/security_solution/server/search_strategy/index_fields/index.ts
@@ -37,6 +37,7 @@ export const securitySolutionIndexFieldsProvider = (): ISearchStrategy<
               .map((index) =>
                 indexPatternsFetcher.getFieldsForWildcard({
                   pattern: index,
+                  filters: request.filters,
                 })
               )
               .map((p) => p.catch((e) => false))
@@ -118,7 +119,7 @@ const missingFields: FieldDescriptor[] = [
  * and should avoid any and all creation of new arrays, iterating over the arrays or performing
  * any n^2 operations.
  * @param indexesAlias The index alias
- * @param index The index its self
+ * @param index The index itself
  * @param indexesAliasIdx The index within the alias
  */
 export const createFieldItem = (