[Security Solution] Saving is not working if hitting "favorites button" beforehand

[angorayc]

Summary

Issue description and how to reproduce:
#85403

Expected result:
#85403 (comment)

---

This PR also fixes event details not able to be loaded in notes tab after clicking on >

I found no data from serverside:

I am able to reproduce it with postman.

I logged the error message from server side:

It fails twice in my 30 trials:

Step to reproduce:

1. Open any of a timeline with events in it.
2. Leave an event note.
3. Go to notes tab and clicking on >
4. The failed to search error occurs

Expected result:
Event details should be loaded properly.

Checklist

• Unit or functional tests were updated or added to match the most common scenarios

[angorayc]

Closing the PR as we want to re-write this to REST

[angorayc]

@elasticmachine merge upstream

[angorayc]

@elasticmachine merge upstream

[angorayc]

@elasticmachine merge upstream

[angorayc]

@elasticmachine merge upstream

[angorayc]

@elasticmachine merge upstream

[angorayc]

The error happens when no data is coming back (as search is still running, see below example isRunning: true), and breaks getDataFromSourceHits
https://github.com/elastic/kibana/blob/master/x-pack/plugins/security_solution/server/search_strategy/timeline/factory/events/details/index.ts#L35

e.g.:

{
    "id": "FldRU0lTbl8xUlRlc1ZtSERsbktuQ1EfVW1GSWZEX2lRZmVwQmw2c1V5RWsyZzo4MjE1OTk3Mw==",
    "rawResponse": {
        "took": 144,
        "timed_out": false,
        "terminated_early": false,
        "_shards": {
            "total": 124,
            "successful": 64,
            "skipped": 0,
            "failed": 0
        },
        "hits": {
            "total": 0,
            "max_score": null,
            "hits": []
        }
    },
    "isPartial": true,
    "isRunning": true,
    "total": 124,
    "loaded": 64,
    "data": [],
    "inspect": {
        "dsl": [
            "{\n  \"allowNoIndices\": true,\n  \"index\": \"auditbeat-*,filebeat-*,logs-*,packetbeat-*,winlogbeat-*,.siem-signals-angelachuang-default\",\n  \"ignoreUnavailable\": true,\n  \"body\": {\n    \"docvalue_fields\": [],\n    \"query\": {\n      \"terms\": {\n        \"_id\": [\n          \"adr_XXcBX5UUcOOYL-EQ\"\n        ]\n      }\n    },\n    \"fields\": [\n      \"*\"\n    ],\n    \"_source\": [\n      \"signal.*\"\n    ]\n  },\n  \"size\": 1\n}"
        ]
    }
}

The fix is just skip those formatter and return straight away when data is not ready, and the subscriber on client side sees isRunning = true, it knows to wait up a bit for data to come back.

[kibanamachine]

💚 Build Succeeded

• continuous-integration/kibana-ci/pull-request
• Commit: f675aae

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
securitySolution	7.5MB	7.5MB	+2.1KB

History

• 💚 Build #102482 succeeded 36be805
• 💚 Build #101435 succeeded a8c42e9
• 💛 Build #101363 was flaky a8cfbe9
• 💛 Build #100588 was flaky e86c0e9
• 💛 Build #100358 was flaky 0cdc8b1

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

[cnasikas]

LGTM!