[SIEM] Fix custom date time mapping bug

[cnasikas]

Summary

This PR addresses various date time bugs.

Changes:

1. All time-related fields changed to ISO standard.
2. The type of time-related fields changed from number to string.
3. All URLs have ISO dates instead of Unix timestamps.
4. Timeline's time range removed from filtersQuery.
5. docValuesFields are being passed to Elasticsearch.
6. If source or indexPatter is loading no timeline queries are being made.

Compatibility:

1. Old URLs, with unix timestamps, are loaded correctly.
2. Timeline's saved objects that contain dateRange as timestamps are loaded correctly.

Reference: #58965, #57649, https://discuss.elastic.co/t/siem-app-doesnt-use-timezone-setting/216906/12, https://github.com/elastic/sdh-siem/issues/26

Manual testing:

1. Test with mapping:

PUT my-mapping
{
    "date_detection": true,
    "numeric_detection": false,
    "dynamic_date_formats": [
        "strict_date_optional_time",
        "yyyy/MM/dd HH:mm:ss Z||yyyy/MM/dd Z"
    ],
    "dynamic": "true",
    "properties": {
        "@timestamp": {
            "type": "date",
            "format": "strict_date_optional_time"
        }
    }
}

PUT my-mapping/_doc/1
{ "@timestamp": "2020-07-13T05:35:10.073Z" }

2. Test with mapping:

PUT timestamp-without-tz-designator
{
  "mappings": {
    "properties": {
      "@timestamp": {
        "type": "date",
        "format": "yyyy-MM-dd HH:mm:ss||yyyy-MM-dd||epoch_millis"
      }
    }
  }
}

PUT timestamp-without-tz-designator/_doc/1
{ "@timestamp": "2020-02-11 23:59:55" }

3. Test if old URLs behave as expected.
4. Navigate to all pages and see if an error is occurred (console and toaster).
5. Change the date range to each page and see if the returned documents respect the date range.
6. Test relative and absolute dates.
7. Test global time and timeline time.

Out of scope:

1. Fix a parsing bug. When you drag a timestamp to the timeline's query area and the value of that timestamp is a Unix timestamp but typeof value === 'string then the value is converted to NaN and you get a parsing error. Example: value = '1521848183232'

Checklist

Delete any items that are not applicable to this PR.

• Unit or functional tests were updated or added to match the most common scenarios

For maintainers

• This was checked for breaking API changes and was labeled appropriately

[FrankHassanabad]

Thanks for the comprehensive fix! 👍

[spong]

LGTM! Thank you soooo much @cnasikas and @XavierM -- our users are going to be so happy with these fixes! 🙂

[cnasikas]

@elasticmachine merge upstream

[stephmilovic]

ok idk that its because of this PR but i found this bug. ill check master now:

[stephmilovic]

ok same thing happens on master, not your PR. we'll make a new ticket for this bug

[stephmilovic]

Manual review (woof) passes, just a few nits but do not block over them. Manual testing was all good besides the bug mentioned, but it's also on master so I'd say go ahead and merge this and we can fix the bug in a follow up. Great work, a lot of heavy lifting here. LGTM 🚀

[kibanamachine]

💚 Build Succeeded

• continuous-integration/kibana-ci/pull-request
• Commit: 439ceec

Build metrics

@kbn/optimizer bundle module count

id	value	diff	baseline
securitySolution	763	+1	762

History

• 💚 Build #61609 succeeded 439ceec
• 💔 Build #61539 failed 7c4b903
• 💔 Build #61522 failed 5fe8948
• 💔 Build #61479 failed b24f604
• 💔 Build #61448 failed f21e4cd

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

[elasticmachine]

Pinging @elastic/security-solution (Team: SecuritySolution)