[Security Solution] fix page filters not working when newDataViewPickerEnabled ff is on

[PhilippeOberti]

Summary

This PR fixes a small issue introduced by the merge of this alerts page refactor PR and this other PR preparing for the newDataViewPickerEnabled to be turned on.

With the alerts page refactor, we were now checking for the dataView to be in pristine status, but we should have checked for ready status. I noticed that we can have a dataView in pristine status while still have its id, title and all its other fields being undefined...

Also, to avoid a split second of a error message being displayed, we're now checking both loading and pristine statuses to show the loading skeleton on the page.

Before fix	After fix

How to test

• generate some alerts
• turn on the newDataViewPickerEnabled feature flag

Checklist

• The PR description includes the appropriate Release Notes section, and the correct release_note:* label is applied per the guidelines
• Review the backport guidelines and apply applicable backport:* labels.

[elasticmachine]

Pinging @elastic/security-threat-hunting-investigations (Team:Threat Hunting:Investigations)

[Copilot]

Pull Request Overview

This PR fixes a bug where page filters were not working when the newDataViewPickerEnabled feature flag is enabled. The issue stemmed from incorrect status checks in the data view validation logic.

• Updated loading state check to include both 'loading' and 'pristine' statuses
• Fixed data view validation to check for 'ready' status instead of 'error' status
• Removed outdated TODO comment

[NicholasPeretti]

Looks great! Nice that you've taken the time to update the tests as well ☺️

[logeekal]

Okay i see a strange behavior. You can tell me if it correct or not. I tested this in different space and i see below screen.

This is expected because the .alert-* index does not exist or automatically created in a new space.

But in that case, shouldn't data view be invalid?

I see in the console output that it is matching below indices which is part of whole security solution data view.

But on the alert page, shoudn't it simply target to match only Alert index?

[PhilippeOberti]

Okay i see a strange behavior. You can tell me if it correct or not. I tested this in different space and i see below screen.

This is expected because the `.alert-*` index does not exist or automatically created in a new space.

But in that case, shouldn't data view be invalid?

I see in the console output that it is matching below indices which is part of whole security solution data view.

But on the alert page, shoudn't it simply target to match only Alert index?

We will be working on that soon, so as of right now, the behavior in this PR is expected. Thanks for the thorough review!

[elasticmachine]

💛 Build succeeded, but was flaky

• Buildkite Build
• Commit: 8f30663

Failed CI Steps

• FTR Configs #1
• FTR Configs #1

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
securitySolution	10.3MB	10.3MB	+55.0B

Saved Objects .kibana field count

Every field in each saved object type adds overhead to Elasticsearch. Kibana needs to keep the total field count below Elasticsearch's default limit of 1000 fields. Only specify field mappings for the fields you wish to search on or query. See https://www.elastic.co/guide/en/kibana/master/saved-objects-service.html#_mappings

id	before	after	diff
_data_stream_timestamp	1	-	-1
_doc_count	1	-	-1
_ignored_source	1	-	-1
_index_mode	1	-	-1
_inference_fields	1	-	-1
_tier	1	-	-1
apm-custom-dashboards	5	-	-5
apm-server-schema	2	-	-2
apm-service-group	5	-	-5
application_usage_daily	2	-	-2
config	2	-	-2
config-global	2	-	-2
coreMigrationVersion	1	-	-1
created_at	1	-	-1
created_by	1	-	-1
entity-definition	9	-	-9
entity-discovery-api-key	2	-	-2
event_loop_delays_daily	2	-	-2
favorites	4	-	-4
file	11	-	-11
file-upload-usage-collection-telemetry	3	-	-3
fileShare	5	-	-5
infra-custom-dashboards	4	-	-4
infrastructure-monitoring-log-view	2	-	-2
intercept_trigger_record	5	-	-5
legacy-url-alias	7	-	-7
managed	1	-	-1
ml-job	6	-	-6
ml-module	13	-	-13
ml-trained-model	7	-	-7
monitoring-telemetry	2	-	-2
namespace	1	-	-1
namespaces	1	-	-1
observability-onboarding-state	2	-	-2
originId	1	-	-1
product-doc-install-status	7	-	-7
references	4	-	-4
sample-data-telemetry	3	-	-3
security-ai-prompt	8	-	-8
slo	11	-	-11
space	5	-	-5
synthetics-monitor	34	-	-34
synthetics-monitor-multi-space	34	-	-34
tag	4	-	-4
type	1	-	-1
typeMigrationVersion	1	-	-1
ui-metric	2	-	-2
updated_at	1	-	-1
updated_by	1	-	-1
upgrade-assistant-ml-upgrade-operation	3	-	-3
upgrade-assistant-reindex-operation	3	-	-3
uptime-synthetics-api-key	2	-	-2
url	5	-	-5
usage-counters	2	-	-2
total			-246

History

[kibanamachine]

Friendly reminder: Looks like this PR hasn’t been backported yet.
To create automatically backports add a backport:* label or prevent reminders by adding the backport:skip label.
You can also create backports manually by running node scripts/backport --pr 234124 locally
cc: @PhilippeOberti

[kibanamachine]

Friendly reminder: Looks like this PR hasn’t been backported yet.
To create automatically backports add a backport:* label or prevent reminders by adding the backport:skip label.
You can also create backports manually by running node scripts/backport --pr 234124 locally
cc: @PhilippeOberti