-
Notifications
You must be signed in to change notification settings - Fork 8.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[SIEM] Fix custom date time mapping bug #70713
Conversation
1f191c1
to
a91e33e
Compare
5decd1d
to
763ee02
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the comprehensive fix! 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@elasticmachine merge upstream |
x-pack/plugins/security_solution/public/common/components/events_viewer/events_viewer.test.tsx
Show resolved
Hide resolved
...ck/plugins/security_solution/public/common/components/ml/anomaly/use_anomalies_table_data.ts
Show resolved
Hide resolved
x-pack/plugins/security_solution/public/common/containers/source/index.tsx
Show resolved
Hide resolved
x-pack/plugins/security_solution/public/timelines/store/timeline/helpers.ts
Show resolved
Hide resolved
ok same thing happens on master, not your PR. we'll make a new ticket for this bug |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Manual review (woof) passes, just a few nits but do not block over them. Manual testing was all good besides the bug mentioned, but it's also on master so I'd say go ahead and merge this and we can fix the bug in a follow up. Great work, a lot of heavy lifting here. LGTM 🚀
💚 Build SucceededBuild metrics@kbn/optimizer bundle module count
History
To update your PR or re-run it, just comment with: |
Co-authored-by: Xavier Mouligneau <[email protected]> Co-authored-by: Xavier Mouligneau <[email protected]> Co-authored-by: Elastic Machine <[email protected]> # Conflicts: # x-pack/plugins/security_solution/public/timelines/components/open_timeline/helpers.test.ts # x-pack/plugins/security_solution/public/timelines/store/timeline/defaults.ts
Co-authored-by: Xavier Mouligneau <[email protected]> Co-authored-by: Xavier Mouligneau <[email protected]> Co-authored-by: Elastic Machine <[email protected]> # Conflicts: # x-pack/plugins/security_solution/public/timelines/components/open_timeline/helpers.test.ts # x-pack/plugins/security_solution/public/timelines/store/timeline/defaults.ts
…te_optional_time (#74211) ## Summary Related closed issues: #58965 #70713 If you add a custom mapping and go to the hosts details page you will get an error toaster: <img width="838" alt="Screen Shot 2020-08-03 at 7 53 16 PM" src="https://user-images.githubusercontent.com/1151048/89244409-a7df7500-d5c3-11ea-933c-99d96bffc589.png"> If running local host you can configure your index patterns to use a custom one I setup with custom date time formats and a single record which can cause this: <img width="1223" alt="Screen Shot 2020-08-03 at 7 50 12 PM" src="https://user-images.githubusercontent.com/1151048/89243967-8fbb2600-d5c2-11ea-8de2-4422e870f9f0.png"> Then visit this URL and set your date time to go backwards by 1 year ```ts http://localhost:5601/app/security/hosts/app/security/hosts/MacBook-Pro.local/alerts ``` And with the fix you no longer get the error toaster.
…te_optional_time (elastic#74211) ## Summary Related closed issues: elastic#58965 elastic#70713 If you add a custom mapping and go to the hosts details page you will get an error toaster: <img width="838" alt="Screen Shot 2020-08-03 at 7 53 16 PM" src="https://user-images.githubusercontent.com/1151048/89244409-a7df7500-d5c3-11ea-933c-99d96bffc589.png"> If running local host you can configure your index patterns to use a custom one I setup with custom date time formats and a single record which can cause this: <img width="1223" alt="Screen Shot 2020-08-03 at 7 50 12 PM" src="https://user-images.githubusercontent.com/1151048/89243967-8fbb2600-d5c2-11ea-8de2-4422e870f9f0.png"> Then visit this URL and set your date time to go backwards by 1 year ```ts http://localhost:5601/app/security/hosts/app/security/hosts/MacBook-Pro.local/alerts ``` And with the fix you no longer get the error toaster.
…te_optional_time (elastic#74211) ## Summary Related closed issues: elastic#58965 elastic#70713 If you add a custom mapping and go to the hosts details page you will get an error toaster: <img width="838" alt="Screen Shot 2020-08-03 at 7 53 16 PM" src="https://user-images.githubusercontent.com/1151048/89244409-a7df7500-d5c3-11ea-933c-99d96bffc589.png"> If running local host you can configure your index patterns to use a custom one I setup with custom date time formats and a single record which can cause this: <img width="1223" alt="Screen Shot 2020-08-03 at 7 50 12 PM" src="https://user-images.githubusercontent.com/1151048/89243967-8fbb2600-d5c2-11ea-8de2-4422e870f9f0.png"> Then visit this URL and set your date time to go backwards by 1 year ```ts http://localhost:5601/app/security/hosts/app/security/hosts/MacBook-Pro.local/alerts ``` And with the fix you no longer get the error toaster.
…te_optional_time (#74211) (#74245) ## Summary Related closed issues: #58965 #70713 If you add a custom mapping and go to the hosts details page you will get an error toaster: <img width="838" alt="Screen Shot 2020-08-03 at 7 53 16 PM" src="https://user-images.githubusercontent.com/1151048/89244409-a7df7500-d5c3-11ea-933c-99d96bffc589.png"> If running local host you can configure your index patterns to use a custom one I setup with custom date time formats and a single record which can cause this: <img width="1223" alt="Screen Shot 2020-08-03 at 7 50 12 PM" src="https://user-images.githubusercontent.com/1151048/89243967-8fbb2600-d5c2-11ea-8de2-4422e870f9f0.png"> Then visit this URL and set your date time to go backwards by 1 year ```ts http://localhost:5601/app/security/hosts/app/security/hosts/MacBook-Pro.local/alerts ``` And with the fix you no longer get the error toaster.
…te_optional_time (#74211) (#74244) ## Summary Related closed issues: #58965 #70713 If you add a custom mapping and go to the hosts details page you will get an error toaster: <img width="838" alt="Screen Shot 2020-08-03 at 7 53 16 PM" src="https://user-images.githubusercontent.com/1151048/89244409-a7df7500-d5c3-11ea-933c-99d96bffc589.png"> If running local host you can configure your index patterns to use a custom one I setup with custom date time formats and a single record which can cause this: <img width="1223" alt="Screen Shot 2020-08-03 at 7 50 12 PM" src="https://user-images.githubusercontent.com/1151048/89243967-8fbb2600-d5c2-11ea-8de2-4422e870f9f0.png"> Then visit this URL and set your date time to go backwards by 1 year ```ts http://localhost:5601/app/security/hosts/app/security/hosts/MacBook-Pro.local/alerts ``` And with the fix you no longer get the error toaster.
Pinging @elastic/security-solution (Team: SecuritySolution) |
Summary
This PR addresses various date time bugs.
Changes:
number
tostring
.filtersQuery
.docValuesFields
are being passed to Elasticsearch.source
orindexPatter
is loading no timeline queries are being made.Compatibility:
dateRange
as timestamps are loaded correctly.Reference: #58965, #57649, https://discuss.elastic.co/t/siem-app-doesnt-use-timezone-setting/216906/12, https://github.com/elastic/sdh-siem/issues/26
Manual testing:
Out of scope:
typeof value === 'string
then the value is converted toNaN
and you get a parsing error. Example:value = '1521848183232'
Checklist
Delete any items that are not applicable to this PR.
For maintainers