From 20ba694f2d345434d8910223d9056ed012c64743 Mon Sep 17 00:00:00 2001 From: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> Date: Wed, 27 Oct 2021 05:37:37 -0400 Subject: [PATCH] [Osquery] Fix live query search doesn't return relevant results for agents (#116332) (#116383) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Patryk KopyciƄski --- .../plugins/osquery/public/agents/use_all_agents.ts | 7 +++++-- .../packs/queries/ecs_mapping_editor_field.tsx | 2 +- .../server/routes/fleet_wrapper/get_agents.ts | 13 +++++++++---- 3 files changed, 15 insertions(+), 7 deletions(-) diff --git a/x-pack/plugins/osquery/public/agents/use_all_agents.ts b/x-pack/plugins/osquery/public/agents/use_all_agents.ts index 42e4954989c668..03660a970aeef9 100644 --- a/x-pack/plugins/osquery/public/agents/use_all_agents.ts +++ b/x-pack/plugins/osquery/public/agents/use_all_agents.ts @@ -35,7 +35,7 @@ export const useAllAgents = ( return useQuery( ['agents', osqueryPolicies, searchValue, perPage], () => { - let kuery = `${osqueryPolicies.map((p) => `policy_id:${p}`).join(' or ')}`; + let kuery = `(${osqueryPolicies.map((p) => `policy_id:${p}`).join(' or ')})`; if (searchValue) { kuery += ` and (local_metadata.host.hostname:*${searchValue}* or local_metadata.elastic.agent.id:*${searchValue}*)`; @@ -54,10 +54,13 @@ export const useAllAgents = ( enabled: !osqueryPoliciesLoading && osqueryPolicies.length > 0, onSuccess: () => setErrorToast(), onError: (error) => - setErrorToast(error as Error, { + // @ts-expect-error update types + setErrorToast(error?.body, { title: i18n.translate('xpack.osquery.agents.fetchError', { defaultMessage: 'Error while fetching agents', }), + // @ts-expect-error update types + toastMessage: error?.body?.error, }), } ); diff --git a/x-pack/plugins/osquery/public/packs/queries/ecs_mapping_editor_field.tsx b/x-pack/plugins/osquery/public/packs/queries/ecs_mapping_editor_field.tsx index f3301fffa6289f..f6967f26cfbc22 100644 --- a/x-pack/plugins/osquery/public/packs/queries/ecs_mapping_editor_field.tsx +++ b/x-pack/plugins/osquery/public/packs/queries/ecs_mapping_editor_field.tsx @@ -764,7 +764,7 @@ export const ECSMappingEditorField = ({ LIMIT 5; */ - if (selectItem.type === 'FunctionCall' && selectItem.hasAs) { + if (selectItem.hasAs && selectItem.alias) { return [ { label: selectItem.alias, diff --git a/x-pack/plugins/osquery/server/routes/fleet_wrapper/get_agents.ts b/x-pack/plugins/osquery/server/routes/fleet_wrapper/get_agents.ts index d45cb26e0d199c..f129e95fd9508c 100644 --- a/x-pack/plugins/osquery/server/routes/fleet_wrapper/get_agents.ts +++ b/x-pack/plugins/osquery/server/routes/fleet_wrapper/get_agents.ts @@ -22,10 +22,15 @@ export const getAgentsRoute = (router: IRouter, osqueryContext: OsqueryAppContex async (context, request, response) => { const esClient = context.core.elasticsearch.client.asInternalUser; - const agents = await osqueryContext.service - .getAgentService() - // @ts-expect-error update types - ?.listAgents(esClient, request.query); + let agents; + try { + agents = await osqueryContext.service + .getAgentService() + // @ts-expect-error update types + ?.listAgents(esClient, request.query); + } catch (error) { + return response.badRequest({ body: error }); + } return response.ok({ body: agents }); }