[Security Solution] fix alerts page infinite loading state due to data view error#256983
Merged
PhilippeOberti merged 1 commit intoelastic:mainfrom Mar 11, 2026
Merged
Conversation
PhilippeOberti
commented
Mar 10, 2026
...ity/plugins/security_solution/public/data_view_manager/redux/listeners/data_view_selected.ts
Outdated
Show resolved
Hide resolved
PhilippeOberti
commented
Mar 10, 2026
...ity/plugins/security_solution/public/data_view_manager/redux/listeners/data_view_selected.ts
Show resolved
Hide resolved
3d2515b to
8045d8a
Compare
Contributor
|
Pinging @elastic/security-threat-hunting-investigations (Team:Threat Hunting:Investigations) |
2 tasks
kelvtanv
approved these changes
Mar 10, 2026
8045d8a to
6db9ebc
Compare
Contributor
💛 Build succeeded, but was flaky
Failed CI Steps
Test Failures
Metrics [docs]Async chunks
History |
Contributor
|
Starting backport for target branches: 9.2, 9.3 |
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Mar 11, 2026
…a view error (elastic#256983) ## Summary This PR fixed an issue that we've had for a while now with the new data view manager logic. > [!WARNING] > This PR should not introduce any logic changes or visual changes (other than the added toast when we encounter errors ### Reason Some customer see an issue with the alerts page stuck in an infinite loading state. The issue happens because something is failing within the platform dataview service, which we rely on. In our code, we were wrapping the entire logic of data view initialization within a `try/catch`. When the error was happening in the dataview service, we would not complete the initialization of all dataview, and some of them were staying in a `pristine` status, instead of being changed to `error` or `ready`, which is what the different pages (including the alerts page) is expecting ### Fix We're performing 2 types of fixes: - we're not using the `getAllDataViewLazy` function dataview service anymore as it has some code that communicates with the saved object client, and we noticed some of our customers having errors with conflicting ids in their saved objects, which triggered the flow mentioned above. Instead we're leveraging the `getAllDataViewLazy` function from the dataview service, which returns from the cache. - we're wrapping everywhere we use the `get` function from the dataview service with a `try/catch` to prevent other potential issue - we're adding a UI toast to all those places to let the user know about the error, which will facilitate debugging for us if this was to happen again > [!NOTE] > We're trying to make this available in `9.2.7`, we'll be doing a follow up PR shortly for other try catches we found in the `detection_engine` folder ## What/How to test - add data to a local instance and navigate through the app - make sure the happy path works - load main the Security Solution pages - alerts page - timeline - analyzer - verify interaction with new spaces ### Checklist - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [x] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. (cherry picked from commit 9b762ae)
Contributor
💔 Some backports could not be created
Note: Successful backport PRs will be merged automatically after passing CI. Manual backportTo create the backport manually run: Questions ?Please refer to the Backport tool documentation |
Contributor
Author
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
PhilippeOberti
added a commit
to PhilippeOberti/kibana
that referenced
this pull request
Mar 11, 2026
…a view error (elastic#256983) ## Summary This PR fixed an issue that we've had for a while now with the new data view manager logic. > [!WARNING] > This PR should not introduce any logic changes or visual changes (other than the added toast when we encounter errors ### Reason Some customer see an issue with the alerts page stuck in an infinite loading state. The issue happens because something is failing within the platform dataview service, which we rely on. In our code, we were wrapping the entire logic of data view initialization within a `try/catch`. When the error was happening in the dataview service, we would not complete the initialization of all dataview, and some of them were staying in a `pristine` status, instead of being changed to `error` or `ready`, which is what the different pages (including the alerts page) is expecting ### Fix We're performing 2 types of fixes: - we're not using the `getAllDataViewLazy` function dataview service anymore as it has some code that communicates with the saved object client, and we noticed some of our customers having errors with conflicting ids in their saved objects, which triggered the flow mentioned above. Instead we're leveraging the `getAllDataViewLazy` function from the dataview service, which returns from the cache. - we're wrapping everywhere we use the `get` function from the dataview service with a `try/catch` to prevent other potential issue - we're adding a UI toast to all those places to let the user know about the error, which will facilitate debugging for us if this was to happen again > [!NOTE] > We're trying to make this available in `9.2.7`, we'll be doing a follow up PR shortly for other try catches we found in the `detection_engine` folder ## What/How to test - add data to a local instance and navigate through the app - make sure the happy path works - load main the Security Solution pages - alerts page - timeline - analyzer - verify interaction with new spaces ### Checklist - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [x] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. (cherry picked from commit 9b762ae) # Conflicts: # x-pack/solutions/security/plugins/security_solution/public/data_view_manager/hooks/use_init_data_view_manager.ts # x-pack/solutions/security/plugins/security_solution/public/data_view_manager/redux/listeners/data_view_selected.test.ts # x-pack/solutions/security/plugins/security_solution/public/data_view_manager/redux/listeners/init_listener.test.ts # x-pack/solutions/security/plugins/security_solution/public/data_view_manager/redux/listeners/init_listener.ts
PhilippeOberti
added a commit
to PhilippeOberti/kibana
that referenced
this pull request
Mar 11, 2026
…a view error (elastic#256983) ## Summary This PR fixed an issue that we've had for a while now with the new data view manager logic. > [!WARNING] > This PR should not introduce any logic changes or visual changes (other than the added toast when we encounter errors ### Reason Some customer see an issue with the alerts page stuck in an infinite loading state. The issue happens because something is failing within the platform dataview service, which we rely on. In our code, we were wrapping the entire logic of data view initialization within a `try/catch`. When the error was happening in the dataview service, we would not complete the initialization of all dataview, and some of them were staying in a `pristine` status, instead of being changed to `error` or `ready`, which is what the different pages (including the alerts page) is expecting ### Fix We're performing 2 types of fixes: - we're not using the `getAllDataViewLazy` function dataview service anymore as it has some code that communicates with the saved object client, and we noticed some of our customers having errors with conflicting ids in their saved objects, which triggered the flow mentioned above. Instead we're leveraging the `getAllDataViewLazy` function from the dataview service, which returns from the cache. - we're wrapping everywhere we use the `get` function from the dataview service with a `try/catch` to prevent other potential issue - we're adding a UI toast to all those places to let the user know about the error, which will facilitate debugging for us if this was to happen again > [!NOTE] > We're trying to make this available in `9.2.7`, we'll be doing a follow up PR shortly for other try catches we found in the `detection_engine` folder ## What/How to test - add data to a local instance and navigate through the app - make sure the happy path works - load main the Security Solution pages - alerts page - timeline - analyzer - verify interaction with new spaces ### Checklist - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [x] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. (cherry picked from commit 9b762ae) # Conflicts: # x-pack/solutions/security/plugins/security_solution/public/data_view_manager/hooks/use_init_data_view_manager.ts # x-pack/solutions/security/plugins/security_solution/public/data_view_manager/redux/listeners/data_view_selected.test.ts # x-pack/solutions/security/plugins/security_solution/public/data_view_manager/redux/listeners/init_listener.test.ts # x-pack/solutions/security/plugins/security_solution/public/data_view_manager/redux/listeners/init_listener.ts
kibanamachine
added a commit
that referenced
this pull request
Mar 11, 2026
…to data view error (#256983) (#257020) # Backport This will backport the following commits from `main` to `9.3`: - [[Security Solution] fix alerts page infinite loading state due to data view error (#256983)](#256983) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Philippe Oberti","email":"philippe.oberti@elastic.co"},"sourceCommit":{"committedDate":"2026-03-11T02:41:54Z","message":"[Security Solution] fix alerts page infinite loading state due to data view error (#256983)\n\n## Summary\n\nThis PR fixed an issue that we've had for a while now with the new data\nview manager logic.\n\n> [!WARNING]\n> This PR should not introduce any logic changes or visual changes\n(other than the added toast when we encounter errors\n\n### Reason\n\nSome customer see an issue with the alerts page stuck in an infinite\nloading state. The issue happens because something is failing within the\nplatform dataview service, which we rely on. In our code, we were\nwrapping the entire logic of data view initialization within a\n`try/catch`. When the error was happening in the dataview service, we\nwould not complete the initialization of all dataview, and some of them\nwere staying in a `pristine` status, instead of being changed to `error`\nor `ready`, which is what the different pages (including the alerts\npage) is expecting\n\n### Fix\n\nWe're performing 2 types of fixes:\n- we're not using the `getAllDataViewLazy` function dataview service\nanymore as it has some code that communicates with the saved object\nclient, and we noticed some of our customers having errors with\nconflicting ids in their saved objects, which triggered the flow\nmentioned above. Instead we're leveraging the `getAllDataViewLazy`\nfunction from the dataview service, which returns from the cache.\n- we're wrapping everywhere we use the `get` function from the dataview\nservice with a `try/catch` to prevent other potential issue\n- we're adding a UI toast to all those places to let the user know about\nthe error, which will facilitate debugging for us if this was to happen\nagain\n\n> [!NOTE]\n> We're trying to make this available in `9.2.7`, we'll be doing a\nfollow up PR shortly for other try catches we found in the\n`detection_engine` folder\n\n## What/How to test\n\n- add data to a local instance and navigate through the app\n- make sure the happy path works\n - load main the Security Solution pages\n - alerts page\n - timeline\n - analyzer\n- verify interaction with new spaces\n\n### Checklist\n- [x] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [x] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.","sha":"9b762ae3fa1a9bbf0e176b05ce0e78e1d0ca523f","branchLabelMapping":{"^v9.4.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Threat Hunting:Investigations","backport:version","v9.4.0","v9.2.7","v9.3.2"],"title":"[Security Solution] fix alerts page infinite loading state due to data view error","number":256983,"url":"https://github.com/elastic/kibana/pull/256983","mergeCommit":{"message":"[Security Solution] fix alerts page infinite loading state due to data view error (#256983)\n\n## Summary\n\nThis PR fixed an issue that we've had for a while now with the new data\nview manager logic.\n\n> [!WARNING]\n> This PR should not introduce any logic changes or visual changes\n(other than the added toast when we encounter errors\n\n### Reason\n\nSome customer see an issue with the alerts page stuck in an infinite\nloading state. The issue happens because something is failing within the\nplatform dataview service, which we rely on. In our code, we were\nwrapping the entire logic of data view initialization within a\n`try/catch`. When the error was happening in the dataview service, we\nwould not complete the initialization of all dataview, and some of them\nwere staying in a `pristine` status, instead of being changed to `error`\nor `ready`, which is what the different pages (including the alerts\npage) is expecting\n\n### Fix\n\nWe're performing 2 types of fixes:\n- we're not using the `getAllDataViewLazy` function dataview service\nanymore as it has some code that communicates with the saved object\nclient, and we noticed some of our customers having errors with\nconflicting ids in their saved objects, which triggered the flow\nmentioned above. Instead we're leveraging the `getAllDataViewLazy`\nfunction from the dataview service, which returns from the cache.\n- we're wrapping everywhere we use the `get` function from the dataview\nservice with a `try/catch` to prevent other potential issue\n- we're adding a UI toast to all those places to let the user know about\nthe error, which will facilitate debugging for us if this was to happen\nagain\n\n> [!NOTE]\n> We're trying to make this available in `9.2.7`, we'll be doing a\nfollow up PR shortly for other try catches we found in the\n`detection_engine` folder\n\n## What/How to test\n\n- add data to a local instance and navigate through the app\n- make sure the happy path works\n - load main the Security Solution pages\n - alerts page\n - timeline\n - analyzer\n- verify interaction with new spaces\n\n### Checklist\n- [x] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [x] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.","sha":"9b762ae3fa1a9bbf0e176b05ce0e78e1d0ca523f"}},"sourceBranch":"main","suggestedTargetBranches":["9.2","9.3"],"targetPullRequestStates":[{"branch":"main","label":"v9.4.0","branchLabelMappingKey":"^v9.4.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/256983","number":256983,"mergeCommit":{"message":"[Security Solution] fix alerts page infinite loading state due to data view error (#256983)\n\n## Summary\n\nThis PR fixed an issue that we've had for a while now with the new data\nview manager logic.\n\n> [!WARNING]\n> This PR should not introduce any logic changes or visual changes\n(other than the added toast when we encounter errors\n\n### Reason\n\nSome customer see an issue with the alerts page stuck in an infinite\nloading state. The issue happens because something is failing within the\nplatform dataview service, which we rely on. In our code, we were\nwrapping the entire logic of data view initialization within a\n`try/catch`. When the error was happening in the dataview service, we\nwould not complete the initialization of all dataview, and some of them\nwere staying in a `pristine` status, instead of being changed to `error`\nor `ready`, which is what the different pages (including the alerts\npage) is expecting\n\n### Fix\n\nWe're performing 2 types of fixes:\n- we're not using the `getAllDataViewLazy` function dataview service\nanymore as it has some code that communicates with the saved object\nclient, and we noticed some of our customers having errors with\nconflicting ids in their saved objects, which triggered the flow\nmentioned above. Instead we're leveraging the `getAllDataViewLazy`\nfunction from the dataview service, which returns from the cache.\n- we're wrapping everywhere we use the `get` function from the dataview\nservice with a `try/catch` to prevent other potential issue\n- we're adding a UI toast to all those places to let the user know about\nthe error, which will facilitate debugging for us if this was to happen\nagain\n\n> [!NOTE]\n> We're trying to make this available in `9.2.7`, we'll be doing a\nfollow up PR shortly for other try catches we found in the\n`detection_engine` folder\n\n## What/How to test\n\n- add data to a local instance and navigate through the app\n- make sure the happy path works\n - load main the Security Solution pages\n - alerts page\n - timeline\n - analyzer\n- verify interaction with new spaces\n\n### Checklist\n- [x] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [x] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.","sha":"9b762ae3fa1a9bbf0e176b05ce0e78e1d0ca523f"}},{"branch":"9.2","label":"v9.2.7","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"9.3","label":"v9.3.2","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Philippe Oberti <philippe.oberti@elastic.co>
PhilippeOberti
added a commit
that referenced
this pull request
Mar 11, 2026
…to data view error (#256983) (#257021) # Backport This will backport the following commits from `main` to `9.2`: - [[Security Solution] fix alerts page infinite loading state due to data view error (#256983)](#256983) <!--- Backport version: 10.2.0 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Philippe Oberti","email":"philippe.oberti@elastic.co"},"sourceCommit":{"committedDate":"2026-03-11T02:41:54Z","message":"[Security Solution] fix alerts page infinite loading state due to data view error (#256983)\n\n## Summary\n\nThis PR fixed an issue that we've had for a while now with the new data\nview manager logic.\n\n> [!WARNING]\n> This PR should not introduce any logic changes or visual changes\n(other than the added toast when we encounter errors\n\n### Reason\n\nSome customer see an issue with the alerts page stuck in an infinite\nloading state. The issue happens because something is failing within the\nplatform dataview service, which we rely on. In our code, we were\nwrapping the entire logic of data view initialization within a\n`try/catch`. When the error was happening in the dataview service, we\nwould not complete the initialization of all dataview, and some of them\nwere staying in a `pristine` status, instead of being changed to `error`\nor `ready`, which is what the different pages (including the alerts\npage) is expecting\n\n### Fix\n\nWe're performing 2 types of fixes:\n- we're not using the `getAllDataViewLazy` function dataview service\nanymore as it has some code that communicates with the saved object\nclient, and we noticed some of our customers having errors with\nconflicting ids in their saved objects, which triggered the flow\nmentioned above. Instead we're leveraging the `getAllDataViewLazy`\nfunction from the dataview service, which returns from the cache.\n- we're wrapping everywhere we use the `get` function from the dataview\nservice with a `try/catch` to prevent other potential issue\n- we're adding a UI toast to all those places to let the user know about\nthe error, which will facilitate debugging for us if this was to happen\nagain\n\n> [!NOTE]\n> We're trying to make this available in `9.2.7`, we'll be doing a\nfollow up PR shortly for other try catches we found in the\n`detection_engine` folder\n\n## What/How to test\n\n- add data to a local instance and navigate through the app\n- make sure the happy path works\n - load main the Security Solution pages\n - alerts page\n - timeline\n - analyzer\n- verify interaction with new spaces\n\n### Checklist\n- [x] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [x] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.","sha":"9b762ae3fa1a9bbf0e176b05ce0e78e1d0ca523f","branchLabelMapping":{"^v9.4.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Threat Hunting:Investigations","backport:version","v9.4.0","v9.2.7","v9.3.2"],"title":"[Security Solution] fix alerts page infinite loading state due to data view error","number":256983,"url":"https://github.com/elastic/kibana/pull/256983","mergeCommit":{"message":"[Security Solution] fix alerts page infinite loading state due to data view error (#256983)\n\n## Summary\n\nThis PR fixed an issue that we've had for a while now with the new data\nview manager logic.\n\n> [!WARNING]\n> This PR should not introduce any logic changes or visual changes\n(other than the added toast when we encounter errors\n\n### Reason\n\nSome customer see an issue with the alerts page stuck in an infinite\nloading state. The issue happens because something is failing within the\nplatform dataview service, which we rely on. In our code, we were\nwrapping the entire logic of data view initialization within a\n`try/catch`. When the error was happening in the dataview service, we\nwould not complete the initialization of all dataview, and some of them\nwere staying in a `pristine` status, instead of being changed to `error`\nor `ready`, which is what the different pages (including the alerts\npage) is expecting\n\n### Fix\n\nWe're performing 2 types of fixes:\n- we're not using the `getAllDataViewLazy` function dataview service\nanymore as it has some code that communicates with the saved object\nclient, and we noticed some of our customers having errors with\nconflicting ids in their saved objects, which triggered the flow\nmentioned above. Instead we're leveraging the `getAllDataViewLazy`\nfunction from the dataview service, which returns from the cache.\n- we're wrapping everywhere we use the `get` function from the dataview\nservice with a `try/catch` to prevent other potential issue\n- we're adding a UI toast to all those places to let the user know about\nthe error, which will facilitate debugging for us if this was to happen\nagain\n\n> [!NOTE]\n> We're trying to make this available in `9.2.7`, we'll be doing a\nfollow up PR shortly for other try catches we found in the\n`detection_engine` folder\n\n## What/How to test\n\n- add data to a local instance and navigate through the app\n- make sure the happy path works\n - load main the Security Solution pages\n - alerts page\n - timeline\n - analyzer\n- verify interaction with new spaces\n\n### Checklist\n- [x] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [x] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.","sha":"9b762ae3fa1a9bbf0e176b05ce0e78e1d0ca523f"}},"sourceBranch":"main","suggestedTargetBranches":["9.2"],"targetPullRequestStates":[{"branch":"main","label":"v9.4.0","branchLabelMappingKey":"^v9.4.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/256983","number":256983,"mergeCommit":{"message":"[Security Solution] fix alerts page infinite loading state due to data view error (#256983)\n\n## Summary\n\nThis PR fixed an issue that we've had for a while now with the new data\nview manager logic.\n\n> [!WARNING]\n> This PR should not introduce any logic changes or visual changes\n(other than the added toast when we encounter errors\n\n### Reason\n\nSome customer see an issue with the alerts page stuck in an infinite\nloading state. The issue happens because something is failing within the\nplatform dataview service, which we rely on. In our code, we were\nwrapping the entire logic of data view initialization within a\n`try/catch`. When the error was happening in the dataview service, we\nwould not complete the initialization of all dataview, and some of them\nwere staying in a `pristine` status, instead of being changed to `error`\nor `ready`, which is what the different pages (including the alerts\npage) is expecting\n\n### Fix\n\nWe're performing 2 types of fixes:\n- we're not using the `getAllDataViewLazy` function dataview service\nanymore as it has some code that communicates with the saved object\nclient, and we noticed some of our customers having errors with\nconflicting ids in their saved objects, which triggered the flow\nmentioned above. Instead we're leveraging the `getAllDataViewLazy`\nfunction from the dataview service, which returns from the cache.\n- we're wrapping everywhere we use the `get` function from the dataview\nservice with a `try/catch` to prevent other potential issue\n- we're adding a UI toast to all those places to let the user know about\nthe error, which will facilitate debugging for us if this was to happen\nagain\n\n> [!NOTE]\n> We're trying to make this available in `9.2.7`, we'll be doing a\nfollow up PR shortly for other try catches we found in the\n`detection_engine` folder\n\n## What/How to test\n\n- add data to a local instance and navigate through the app\n- make sure the happy path works\n - load main the Security Solution pages\n - alerts page\n - timeline\n - analyzer\n- verify interaction with new spaces\n\n### Checklist\n- [x] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [x] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.","sha":"9b762ae3fa1a9bbf0e176b05ce0e78e1d0ca523f"}},{"branch":"9.2","label":"v9.2.7","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"9.3","label":"v9.3.2","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/257020","number":257020,"state":"OPEN"}]}] BACKPORT-->
mbondyra
added a commit
to mbondyra/kibana
that referenced
this pull request
Mar 11, 2026
…e_fix * commit '565f7545c422192218b803874fbdf93e8d8f08ee': (27 commits) [Lens API] ESQL schema for XY separately for Agent and some small token optimizations (elastic#256885) Fix "Accessing resource attributes before async attributes settled" telemetry error (elastic#256880) [Security Solution][Attacks/Alerts][Attacks page][Table section] Preserver "Sort by" state on Attacks page (elastic#256717) (elastic#256795) [APM] Improve redirect with default date range guard (elastic#256887) [Security Solution][Attacks/Alerts][Attacks page][Table section] Add assignees avatars to the group component (elastic#250126) (elastic#256901) [Docs] add xpack.alerting.rules.maxScheduledPerMinute setting description (elastic#257041) [SO] Fix non-deterministic ordering in nested find API integration tests (elastic#256447) [Write-restricted dashboards] Update user profile retrieval for getShouldAddAccessControl (elastic#255065) [One Workflow] Add Scout API test scaffold and execution tests (elastic#256300) [Fleet] add use_apm if dynamic_signal_types are enabled (elastic#256429) [Fleet] ignore data streams starting with `.` in Fleet API (elastic#256625) [ES|QL] METRICS_INFO support: columns_after & summary (elastic#256758) [Agent Builder] Agent plugins: initial installation support (elastic#256478) [Streams] Add field descriptions and documentation-only field overrides (elastic#255136) [api-docs] 2026-03-11 Daily api_docs build (elastic#257023) [Security Solution] fix alerts page infinite loading state due to data view error (elastic#256983) [Logging] Add `service.*` global fields (elastic#256878) [Canvas] Apply embeddable transforms to embeddable elements (elastic#252191) [table_list_view_table] stabilize jest test (elastic#254991) [Obs AI] get_index_info: add unit tests (elastic#256802) ...
sorenlouv
pushed a commit
that referenced
this pull request
Mar 17, 2026
…a view error (#256983) ## Summary This PR fixed an issue that we've had for a while now with the new data view manager logic. > [!WARNING] > This PR should not introduce any logic changes or visual changes (other than the added toast when we encounter errors ### Reason Some customer see an issue with the alerts page stuck in an infinite loading state. The issue happens because something is failing within the platform dataview service, which we rely on. In our code, we were wrapping the entire logic of data view initialization within a `try/catch`. When the error was happening in the dataview service, we would not complete the initialization of all dataview, and some of them were staying in a `pristine` status, instead of being changed to `error` or `ready`, which is what the different pages (including the alerts page) is expecting ### Fix We're performing 2 types of fixes: - we're not using the `getAllDataViewLazy` function dataview service anymore as it has some code that communicates with the saved object client, and we noticed some of our customers having errors with conflicting ids in their saved objects, which triggered the flow mentioned above. Instead we're leveraging the `getAllDataViewLazy` function from the dataview service, which returns from the cache. - we're wrapping everywhere we use the `get` function from the dataview service with a `try/catch` to prevent other potential issue - we're adding a UI toast to all those places to let the user know about the error, which will facilitate debugging for us if this was to happen again > [!NOTE] > We're trying to make this available in `9.2.7`, we'll be doing a follow up PR shortly for other try catches we found in the `detection_engine` folder ## What/How to test - add data to a local instance and navigate through the app - make sure the happy path works - load main the Security Solution pages - alerts page - timeline - analyzer - verify interaction with new spaces ### Checklist - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [x] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels.
PhilippeOberti
added a commit
that referenced
this pull request
Mar 17, 2026
…etection engine (#256996) ## Summary A recent SDH made us realize that we have a potential issue in our code, when the platform dataview service throws errors. This previous [PR](#256983) fixes the issue in the @elastic/security-threat-hunting-investigations codebase and we want to merge it for `9.2.7`. This PR applies similar changes to the code owned by the @elastic/security-detection-engine team: - wrap the `dataview.get` calls within a `try/catch` and show a toast if an error happens This will facilitate debugging if we ever need. (more info in the PR mentioned above). ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [x] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels.
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Mar 17, 2026
…etection engine (elastic#256996) ## Summary A recent SDH made us realize that we have a potential issue in our code, when the platform dataview service throws errors. This previous [PR](elastic#256983) fixes the issue in the @elastic/security-threat-hunting-investigations codebase and we want to merge it for `9.2.7`. This PR applies similar changes to the code owned by the @elastic/security-detection-engine team: - wrap the `dataview.get` calls within a `try/catch` and show a toast if an error happens This will facilitate debugging if we ever need. (more info in the PR mentioned above). ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [x] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. (cherry picked from commit 243e138)
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Mar 17, 2026
…etection engine (elastic#256996) ## Summary A recent SDH made us realize that we have a potential issue in our code, when the platform dataview service throws errors. This previous [PR](elastic#256983) fixes the issue in the @elastic/security-threat-hunting-investigations codebase and we want to merge it for `9.2.7`. This PR applies similar changes to the code owned by the @elastic/security-detection-engine team: - wrap the `dataview.get` calls within a `try/catch` and show a toast if an error happens This will facilitate debugging if we ever need. (more info in the PR mentioned above). ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [x] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. (cherry picked from commit 243e138)
kibanamachine
added a commit
that referenced
this pull request
Mar 17, 2026
…s in detection engine (#256996) (#258236) # Backport This will backport the following commits from `main` to `9.3`: - [[Security Solution] fix potential issues with loading data views in detection engine (#256996)](#256996) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Philippe Oberti","email":"philippe.oberti@elastic.co"},"sourceCommit":{"committedDate":"2026-03-17T20:37:25Z","message":"[Security Solution] fix potential issues with loading data views in detection engine (#256996)\n\n## Summary\n\nA recent SDH made us realize that we have a potential issue in our code,\nwhen the platform dataview service throws errors.\nThis previous [PR](#256983) fixes\nthe issue in the @elastic/security-threat-hunting-investigations\ncodebase and we want to merge it for `9.2.7`.\n\nThis PR applies similar changes to the code owned by the\n@elastic/security-detection-engine team:\n- wrap the `dataview.get` calls within a `try/catch` and show a toast if\nan error happens\n\nThis will facilitate debugging if we ever need. (more info in the PR\nmentioned above).\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [x] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [x] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.","sha":"243e138188a1f2853af4999fd148215a3f3fe9f4","branchLabelMapping":{"^v9.4.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Threat Hunting:Investigations","backport:version","v9.4.0","v9.2.7","v9.3.2"],"title":"[Security Solution] fix potential issues with loading data views in detection engine","number":256996,"url":"https://github.com/elastic/kibana/pull/256996","mergeCommit":{"message":"[Security Solution] fix potential issues with loading data views in detection engine (#256996)\n\n## Summary\n\nA recent SDH made us realize that we have a potential issue in our code,\nwhen the platform dataview service throws errors.\nThis previous [PR](#256983) fixes\nthe issue in the @elastic/security-threat-hunting-investigations\ncodebase and we want to merge it for `9.2.7`.\n\nThis PR applies similar changes to the code owned by the\n@elastic/security-detection-engine team:\n- wrap the `dataview.get` calls within a `try/catch` and show a toast if\nan error happens\n\nThis will facilitate debugging if we ever need. (more info in the PR\nmentioned above).\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [x] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [x] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.","sha":"243e138188a1f2853af4999fd148215a3f3fe9f4"}},"sourceBranch":"main","suggestedTargetBranches":["9.2","9.3"],"targetPullRequestStates":[{"branch":"main","label":"v9.4.0","branchLabelMappingKey":"^v9.4.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/256996","number":256996,"mergeCommit":{"message":"[Security Solution] fix potential issues with loading data views in detection engine (#256996)\n\n## Summary\n\nA recent SDH made us realize that we have a potential issue in our code,\nwhen the platform dataview service throws errors.\nThis previous [PR](#256983) fixes\nthe issue in the @elastic/security-threat-hunting-investigations\ncodebase and we want to merge it for `9.2.7`.\n\nThis PR applies similar changes to the code owned by the\n@elastic/security-detection-engine team:\n- wrap the `dataview.get` calls within a `try/catch` and show a toast if\nan error happens\n\nThis will facilitate debugging if we ever need. (more info in the PR\nmentioned above).\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [x] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [x] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.","sha":"243e138188a1f2853af4999fd148215a3f3fe9f4"}},{"branch":"9.2","label":"v9.2.7","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"9.3","label":"v9.3.2","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Philippe Oberti <philippe.oberti@elastic.co>
kibanamachine
added a commit
that referenced
this pull request
Mar 17, 2026
…s in detection engine (#256996) (#258235) # Backport This will backport the following commits from `main` to `9.2`: - [[Security Solution] fix potential issues with loading data views in detection engine (#256996)](#256996) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Philippe Oberti","email":"philippe.oberti@elastic.co"},"sourceCommit":{"committedDate":"2026-03-17T20:37:25Z","message":"[Security Solution] fix potential issues with loading data views in detection engine (#256996)\n\n## Summary\n\nA recent SDH made us realize that we have a potential issue in our code,\nwhen the platform dataview service throws errors.\nThis previous [PR](#256983) fixes\nthe issue in the @elastic/security-threat-hunting-investigations\ncodebase and we want to merge it for `9.2.7`.\n\nThis PR applies similar changes to the code owned by the\n@elastic/security-detection-engine team:\n- wrap the `dataview.get` calls within a `try/catch` and show a toast if\nan error happens\n\nThis will facilitate debugging if we ever need. (more info in the PR\nmentioned above).\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [x] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [x] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.","sha":"243e138188a1f2853af4999fd148215a3f3fe9f4","branchLabelMapping":{"^v9.4.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Threat Hunting:Investigations","backport:version","v9.4.0","v9.2.7","v9.3.2"],"title":"[Security Solution] fix potential issues with loading data views in detection engine","number":256996,"url":"https://github.com/elastic/kibana/pull/256996","mergeCommit":{"message":"[Security Solution] fix potential issues with loading data views in detection engine (#256996)\n\n## Summary\n\nA recent SDH made us realize that we have a potential issue in our code,\nwhen the platform dataview service throws errors.\nThis previous [PR](#256983) fixes\nthe issue in the @elastic/security-threat-hunting-investigations\ncodebase and we want to merge it for `9.2.7`.\n\nThis PR applies similar changes to the code owned by the\n@elastic/security-detection-engine team:\n- wrap the `dataview.get` calls within a `try/catch` and show a toast if\nan error happens\n\nThis will facilitate debugging if we ever need. (more info in the PR\nmentioned above).\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [x] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [x] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.","sha":"243e138188a1f2853af4999fd148215a3f3fe9f4"}},"sourceBranch":"main","suggestedTargetBranches":["9.2","9.3"],"targetPullRequestStates":[{"branch":"main","label":"v9.4.0","branchLabelMappingKey":"^v9.4.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/256996","number":256996,"mergeCommit":{"message":"[Security Solution] fix potential issues with loading data views in detection engine (#256996)\n\n## Summary\n\nA recent SDH made us realize that we have a potential issue in our code,\nwhen the platform dataview service throws errors.\nThis previous [PR](#256983) fixes\nthe issue in the @elastic/security-threat-hunting-investigations\ncodebase and we want to merge it for `9.2.7`.\n\nThis PR applies similar changes to the code owned by the\n@elastic/security-detection-engine team:\n- wrap the `dataview.get` calls within a `try/catch` and show a toast if\nan error happens\n\nThis will facilitate debugging if we ever need. (more info in the PR\nmentioned above).\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [x] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [x] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.","sha":"243e138188a1f2853af4999fd148215a3f3fe9f4"}},{"branch":"9.2","label":"v9.2.7","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"9.3","label":"v9.3.2","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Philippe Oberti <philippe.oberti@elastic.co>
qn895
pushed a commit
to qn895/kibana
that referenced
this pull request
Mar 18, 2026
…etection engine (elastic#256996) ## Summary A recent SDH made us realize that we have a potential issue in our code, when the platform dataview service throws errors. This previous [PR](elastic#256983) fixes the issue in the @elastic/security-threat-hunting-investigations codebase and we want to merge it for `9.2.7`. This PR applies similar changes to the code owned by the @elastic/security-detection-engine team: - wrap the `dataview.get` calls within a `try/catch` and show a toast if an error happens This will facilitate debugging if we ever need. (more info in the PR mentioned above). ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [x] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels.
jeramysoucy
pushed a commit
to jeramysoucy/kibana
that referenced
this pull request
Mar 26, 2026
…etection engine (elastic#256996) ## Summary A recent SDH made us realize that we have a potential issue in our code, when the platform dataview service throws errors. This previous [PR](elastic#256983) fixes the issue in the @elastic/security-threat-hunting-investigations codebase and we want to merge it for `9.2.7`. This PR applies similar changes to the code owned by the @elastic/security-detection-engine team: - wrap the `dataview.get` calls within a `try/catch` and show a toast if an error happens This will facilitate debugging if we ever need. (more info in the PR mentioned above). ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [x] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR fixed an issue that we've had for a while now with the new data view manager logic.
Warning
This PR should not introduce any logic changes or visual changes (other than the added toast when we encounter errors
Reason
Some customer see an issue with the alerts page stuck in an infinite loading state. The issue happens because something is failing within the platform dataview service, which we rely on. In our code, we were wrapping the entire logic of data view initialization within a
try/catch. When the error was happening in the dataview service, we would not complete the initialization of all dataview, and some of them were staying in apristinestatus, instead of being changed toerrororready, which is what the different pages (including the alerts page) is expectingFix
We're performing 2 types of fixes:
getAllDataViewLazyfunction dataview service anymore as it has some code that communicates with the saved object client, and we noticed some of our customers having errors with conflicting ids in their saved objects, which triggered the flow mentioned above. Instead we're leveraging thegetAllDataViewLazyfunction from the dataview service, which returns from the cache.getfunction from the dataview service with atry/catchto prevent other potential issueNote
We're trying to make this available in
9.2.7, we'll be doing a follow up PR shortly for other try catches we found in thedetection_enginefolderWhat/How to test
Checklist
release_note:*label is applied per the guidelinesbackport:*labels.