Skip to content

Commit e0a7a1b

Browse files
semdkibanamachine
semd
and
kibanamachine
authored
[SecuritySolution] Fix topN histograms for custom fields (#123489)
* custom fields topN histograms fixed * add runtime_mappings to response inspect mock Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
1 parent 5aa26ed commit e0a7a1b

11 files changed

Lines changed: 64 additions & 1 deletion

File tree

x-pack/plugins/security_solution/common/search_strategy/security_solution/matrix_histogram/index.ts

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@
55
* 2.0.
66
*/
77

8+
import { MappingRuntimeFields } from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
89
import type { IEsSearchResponse } from '../../../../../../../src/plugins/data/common';
910
import { AuthenticationHit } from '../hosts';
1011
import { Inspect, Maybe, TimerangeInput } from '../../common';
@@ -64,6 +65,7 @@ export interface MatrixHistogramRequestOptions extends RequestBasicOptions {
6465
inspect?: Maybe<Inspect>;
6566
isPtrIncluded?: boolean;
6667
includeMissingData?: boolean;
68+
runtimeMappings?: MappingRuntimeFields;
6769
}
6870

6971
export interface MatrixHistogramStrategyResponse extends IEsSearchResponse {

x-pack/plugins/security_solution/public/common/components/matrix_histogram/index.test.tsx

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@ import { MatrixHistogram } from '.';
1212
import { useMatrixHistogramCombined } from '../../containers/matrix_histogram';
1313
import { MatrixHistogramType } from '../../../../common/search_strategy/security_solution';
1414
import { TestProviders } from '../../mock';
15+
import { mockRuntimeMappings } from '../../containers/source/mock';
1516

1617
jest.mock('../../lib/kibana');
1718

@@ -58,6 +59,7 @@ describe('Matrix Histogram Component', () => {
5859
subtitle: 'mockSubtitle',
5960
totalCount: -1,
6061
title: 'mockTitle',
62+
runtimeMappings: mockRuntimeMappings,
6163
};
6264

6365
beforeAll(() => {
@@ -75,6 +77,19 @@ describe('Matrix Histogram Component', () => {
7577
});
7678

7779
describe('on initial load', () => {
80+
test('it requests Matrix Histogram', () => {
81+
expect(useMatrixHistogramCombined).toHaveBeenCalledWith({
82+
endDate: mockMatrixOverTimeHistogramProps.endDate,
83+
errorMessage: mockMatrixOverTimeHistogramProps.errorMessage,
84+
histogramType: mockMatrixOverTimeHistogramProps.histogramType,
85+
indexNames: mockMatrixOverTimeHistogramProps.indexNames,
86+
startDate: mockMatrixOverTimeHistogramProps.startDate,
87+
stackByField: mockMatrixOverTimeHistogramProps.defaultStackByOption.value,
88+
runtimeMappings: mockMatrixOverTimeHistogramProps.runtimeMappings,
89+
isPtrIncluded: mockMatrixOverTimeHistogramProps.isPtrIncluded,
90+
skip: mockMatrixOverTimeHistogramProps.skip,
91+
});
92+
});
7893
test('it renders MatrixLoader', () => {
7994
expect(wrapper.find('MatrixLoader').exists()).toBe(true);
8095
});

x-pack/plugins/security_solution/public/common/components/matrix_histogram/index.tsx

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -75,6 +75,7 @@ export const MatrixHistogramComponent: React.FC<MatrixHistogramComponentProps> =
7575
hideHistogramIfEmpty = false,
7676
id,
7777
indexNames,
78+
runtimeMappings,
7879
isPtrIncluded,
7980
legendPosition,
8081
mapping,
@@ -145,6 +146,7 @@ export const MatrixHistogramComponent: React.FC<MatrixHistogramComponentProps> =
145146
onError,
146147
startDate,
147148
stackByField: selectedStackByOption.value,
149+
runtimeMappings,
148150
isPtrIncluded,
149151
docValueFields,
150152
skip,

x-pack/plugins/security_solution/public/common/components/matrix_histogram/types.ts

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@
88
import type React from 'react';
99
import { EuiTitleSize } from '@elastic/eui';
1010
import { ScaleType, Position, TickFormatter } from '@elastic/charts';
11+
import { MappingRuntimeFields } from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
1112
import { ActionCreator } from 'redux';
1213
import { ESQuery } from '../../../../common/typed_json';
1314
import { InputsModelId } from '../../store/inputs/constants';
@@ -81,6 +82,7 @@ export interface MatrixHistogramQueryProps {
8182
skip?: boolean;
8283
isPtrIncluded?: boolean;
8384
includeMissingData?: boolean;
85+
runtimeMappings?: MappingRuntimeFields;
8486
}
8587

8688
export interface MatrixHistogramProps extends MatrixHistogramBasicProps {

x-pack/plugins/security_solution/public/common/components/top_n/top_n.tsx

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -89,7 +89,9 @@ const TopNComponent: React.FC<Props> = ({
8989
(value: string) => setView(value as TimelineEventsType),
9090
[setView]
9191
);
92-
const { selectedPatterns } = useSourcererDataView(getSourcererScopeName({ timelineId, view }));
92+
const { selectedPatterns, runtimeMappings } = useSourcererDataView(
93+
getSourcererScopeName({ timelineId, view })
94+
);
9395

9496
useEffect(() => {
9597
setView(defaultView);
@@ -134,6 +136,7 @@ const TopNComponent: React.FC<Props> = ({
134136
headerChildren={headerChildren}
135137
indexPattern={indexPattern}
136138
indexNames={selectedPatterns}
139+
runtimeMappings={runtimeMappings}
137140
onlyField={field}
138141
paddingSize={paddingSize}
139142
query={query}
@@ -156,6 +159,7 @@ const TopNComponent: React.FC<Props> = ({
156159
showLegend={showLegend}
157160
setAbsoluteRangeDatePickerTarget={setAbsoluteRangeDatePickerTarget}
158161
timelineId={timelineId}
162+
runtimeMappings={runtimeMappings}
159163
/>
160164
)}
161165
</TopNContent>

x-pack/plugins/security_solution/public/common/containers/matrix_histogram/index.ts

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -56,6 +56,7 @@ export const useMatrixHistogram = ({
5656
isPtrIncluded,
5757
onError,
5858
stackByField,
59+
runtimeMappings,
5960
startDate,
6061
threshold,
6162
skip = false,
@@ -97,6 +98,7 @@ export const useMatrixHistogram = ({
9798
histogramType: initialHistogramType ?? histogramType,
9899
timerange: initialTimerange,
99100
stackByField,
101+
runtimeMappings,
100102
threshold,
101103
...(isPtrIncluded != null ? { isPtrIncluded } : {}),
102104
...(!isEmpty(docValueFields) ? { docValueFields } : {}),

x-pack/plugins/security_solution/public/overview/components/events_by_dataset/index.tsx

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@
77

88
import { Position } from '@elastic/charts';
99
import numeral from '@elastic/numeral';
10+
import { MappingRuntimeFields } from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
1011
import React, { useEffect, useMemo, useCallback } from 'react';
1112
import uuid from 'uuid';
1213

@@ -44,6 +45,7 @@ interface Props extends Pick<GlobalTimeArgs, 'from' | 'to' | 'deleteQuery' | 'se
4445
headerChildren?: React.ReactNode;
4546
indexPattern: DataViewBase;
4647
indexNames: string[];
48+
runtimeMappings?: MappingRuntimeFields;
4749
onlyField?: string;
4850
paddingSize?: 's' | 'm' | 'l' | 'none';
4951
query: Query;
@@ -67,6 +69,7 @@ const EventsByDatasetComponent: React.FC<Props> = ({
6769
headerChildren,
6870
indexPattern,
6971
indexNames,
72+
runtimeMappings,
7073
onlyField,
7174
paddingSize,
7275
query,
@@ -176,6 +179,7 @@ const EventsByDatasetComponent: React.FC<Props> = ({
176179
headerChildren={headerContent}
177180
id={uniqueQueryId}
178181
indexNames={indexNames}
182+
runtimeMappings={runtimeMappings}
179183
onError={toggleTopN}
180184
paddingSize={paddingSize}
181185
setAbsoluteRangeDatePickerTarget={setAbsoluteRangeDatePickerTarget}

x-pack/plugins/security_solution/public/overview/components/signals_by_category/index.tsx

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@
88
import React, { useCallback } from 'react';
99
import { useDispatch } from 'react-redux';
1010
import { Filter, Query } from '@kbn/es-query';
11+
import { MappingRuntimeFields } from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
1112

1213
import { AlertsHistogramPanel } from '../../../detections/components/alerts_kpis/alerts_histogram_panel';
1314
import { useSignalIndex } from '../../../detections/containers/detection_engine/alerts/use_signal_index';
@@ -33,6 +34,7 @@ interface Props {
3334
setAbsoluteRangeDatePickerTarget?: InputsModelId;
3435
showLegend?: boolean;
3536
timelineId?: string;
37+
runtimeMappings?: MappingRuntimeFields;
3638
}
3739

3840
const SignalsByCategoryComponent: React.FC<Props> = ({
@@ -45,6 +47,7 @@ const SignalsByCategoryComponent: React.FC<Props> = ({
4547
showLegend,
4648
setAbsoluteRangeDatePickerTarget = 'global',
4749
timelineId,
50+
runtimeMappings,
4851
}) => {
4952
const dispatch = useDispatch();
5053
const { signalIndexName } = useSignalIndex();
@@ -81,6 +84,7 @@ const SignalsByCategoryComponent: React.FC<Props> = ({
8184
showStackBy={onlyField == null}
8285
showTotalAlertsCount={true}
8386
signalIndexName={signalIndexName}
87+
runtimeMappings={runtimeMappings}
8488
timelineId={timelineId}
8589
title={i18n.ALERT_COUNT}
8690
titleSize={onlyField == null ? 'm' : 's'}

x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/__mocks__/index.ts

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -999,6 +999,14 @@ export const formattedEventsSearchStrategyResponse: MatrixHistogramStrategyRespo
999999
],
10001000
},
10011001
},
1002+
runtime_mappings: {
1003+
'@a.runtime.field': {
1004+
script: {
1005+
source: 'emit("Radically mocked dude: " + doc[\'host.name\'].value)',
1006+
},
1007+
type: 'keyword',
1008+
},
1009+
},
10021010
size: 0,
10031011
},
10041012
},

x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/events/__mocks__/index.ts

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,15 @@ import {
1111
MatrixHistogramType,
1212
} from '../../../../../../../common/search_strategy';
1313

14+
const runtimeMappings: MatrixHistogramRequestOptions['runtimeMappings'] = {
15+
'@a.runtime.field': {
16+
script: {
17+
source: 'emit("Radically mocked dude: " + doc[\'host.name\'].value)',
18+
},
19+
type: 'keyword',
20+
},
21+
};
22+
1423
export const mockOptions: MatrixHistogramRequestOptions = {
1524
defaultIndex: [
1625
'apm-*-transaction*',
@@ -27,6 +36,7 @@ export const mockOptions: MatrixHistogramRequestOptions = {
2736
histogramType: MatrixHistogramType.events,
2837
timerange: { interval: '12h', from: '2020-09-08T16:11:26.215Z', to: '2020-09-09T16:11:26.215Z' },
2938
stackByField: 'event.action',
39+
runtimeMappings,
3040
};
3141

3242
export const expectedDsl = {
@@ -80,6 +90,7 @@ export const expectedDsl = {
8090
],
8191
},
8292
},
93+
runtime_mappings: runtimeMappings,
8394
size: 0,
8495
},
8596
};
@@ -137,6 +148,7 @@ export const expectedThresholdDsl = {
137148
],
138149
},
139150
},
151+
runtime_mappings: runtimeMappings,
140152
size: 0,
141153
},
142154
};
@@ -192,6 +204,7 @@ export const expectedThresholdMissingFieldDsl = {
192204
],
193205
},
194206
},
207+
runtime_mappings: runtimeMappings,
195208
size: 0,
196209
},
197210
};
@@ -242,6 +255,7 @@ export const expectedThresholdWithCardinalityDsl = {
242255
],
243256
},
244257
},
258+
runtime_mappings: runtimeMappings,
245259
size: 0,
246260
},
247261
ignore_unavailable: true,
@@ -311,6 +325,7 @@ export const expectedThresholdWithGroupFieldsAndCardinalityDsl = {
311325
],
312326
},
313327
},
328+
runtime_mappings: runtimeMappings,
314329
size: 0,
315330
},
316331
};
@@ -363,6 +378,7 @@ export const expectedThresholdGroupWithCardinalityDsl = {
363378
],
364379
},
365380
},
381+
runtime_mappings: runtimeMappings,
366382
size: 0,
367383
},
368384
ignore_unavailable: true,
@@ -438,6 +454,7 @@ export const expectedIpIncludingMissingDataDsl = {
438454
],
439455
},
440456
},
457+
runtime_mappings: runtimeMappings,
441458
size: 0,
442459
},
443460
};
@@ -496,6 +513,7 @@ export const expectedIpNotIncludingMissingDataDsl = {
496513
],
497514
},
498515
},
516+
runtime_mappings: runtimeMappings,
499517
size: 0,
500518
},
501519
};

0 commit comments

Comments
 (0)