From 2ea020542b5c30066b3728d8b718670c5732ca1e Mon Sep 17 00:00:00 2001 From: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> Date: Wed, 18 Dec 2024 22:41:38 +1100 Subject: [PATCH] [8.x] [Security Solution] Remove warning for rule filter (#201776) (#204704) # Backport This will backport the following commits from `main` to `8.x`: - [[Security Solution] Remove warning for rule filter (#201776)](https://github.com/elastic/kibana/pull/201776) ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) Co-authored-by: Jacek Kolezynski --- .../rule_details/rule_definition_section.tsx | 41 +++++++++++++------ .../final_edit/fields/hooks/use_data_view.ts | 3 +- 2 files changed, 31 insertions(+), 13 deletions(-) diff --git a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/rule_definition_section.tsx b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/rule_definition_section.tsx index 3e08f4ce3acc8..177ff4e18d426 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/rule_definition_section.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/rule_definition_section.tsx @@ -5,7 +5,7 @@ * 2.0. */ -import React from 'react'; +import React, { useMemo } from 'react'; import { isEmpty } from 'lodash/fp'; import { EuiDescriptionList, @@ -23,8 +23,8 @@ import type { import type { Filter } from '@kbn/es-query'; import type { SavedQuery } from '@kbn/data-plugin/public'; import { mapAndFlattenFilters } from '@kbn/data-plugin/public'; -import type { DataView } from '@kbn/data-views-plugin/public'; import { FilterItems } from '@kbn/unified-search-plugin/public'; +import { isDataView } from '../../../../common/components/query_bar'; import type { AlertSuppressionMissingFieldsStrategy, EqlOptionalFields, @@ -40,8 +40,6 @@ import { AlertSuppressionLabel } from '../../../rule_creation_ui/components/desc import { useGetSavedQuery } from '../../../../detections/pages/detection_engine/rules/use_get_saved_query'; import * as threatMatchI18n from '../../../../common/components/threat_match/translations'; import * as timelinesI18n from '../../../../timelines/components/timeline/translations'; -import { useRuleIndexPattern } from '../../../rule_creation_ui/pages/form'; -import { DataSourceType } from '../../../../detections/pages/detection_engine/rules/types'; import type { Duration } from '../../../../detections/pages/detection_engine/rules/types'; import { convertHistoryStartToSize } from '../../../../detections/pages/detection_engine/rules/helpers'; import { MlJobsDescription } from '../../../rule_creation/components/ml_jobs_description/ml_jobs_description'; @@ -65,6 +63,7 @@ import { EQL_OPTIONS_EVENT_TIEBREAKER_FIELD_LABEL, EQL_OPTIONS_EVENT_TIMESTAMP_FIELD_LABEL, } from '../../../rule_creation/components/eql_query_edit/translations'; +import { useDataView } from './three_way_diff/final_edit/fields/hooks/use_data_view'; interface SavedQueryNameProps { savedQueryName: string; @@ -89,16 +88,34 @@ export const Filters = ({ index, 'data-test-subj': dataTestSubj, }: FiltersProps) => { - const flattenedFilters = mapAndFlattenFilters(filters); - const defaultIndexPattern = useDefaultIndexPattern(); + const useDataViewParams = dataViewId + ? { dataViewId } + : { indexPatterns: index ?? defaultIndexPattern }; + const { dataView } = useDataView(useDataViewParams); + const isEsql = filters.some((filter) => filter?.query?.language === 'esql'); + const searchBarFilters = useMemo(() => { + if (!index || isDataView(index) || isEsql) { + return filters; + } + const filtersWithUpdatedMetaIndex = filters.map((filter) => { + return { + ...filter, + meta: { + ...filter.meta, + index: index.join(','), + }, + }; + }); - const { indexPattern } = useRuleIndexPattern({ - dataSourceType: dataViewId ? DataSourceType.DataView : DataSourceType.IndexPatterns, - index: index ?? defaultIndexPattern, - dataViewId, - }); + return filtersWithUpdatedMetaIndex; + }, [filters, index, isEsql]); + + if (!dataView) { + return null; + } + const flattenedFilters = mapAndFlattenFilters(searchBarFilters); const styles = filtersStyles; return ( @@ -109,7 +126,7 @@ export const Filters = ({ responsive={false} gutterSize="xs" > - + ); }; diff --git a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/hooks/use_data_view.ts b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/hooks/use_data_view.ts index 4cfb307665308..123a7b3cffb58 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/hooks/use_data_view.ts +++ b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/hooks/use_data_view.ts @@ -9,7 +9,7 @@ import { useEffect, useState } from 'react'; import type { DataView } from '@kbn/data-views-plugin/common'; import { useKibana } from '../../../../../../../../common/lib/kibana'; -type UseDataViewParams = +export type UseDataViewParams = | { indexPatterns: string[]; dataViewId?: never } | { indexPatterns?: never; dataViewId: string }; @@ -33,6 +33,7 @@ export function useDataView(indexPatternsOrDataViewId: UseDataViewParams): UseDa if (indexPatternsOrDataViewId.indexPatterns) { const indexPatternsDataView = await dataViewsService.create({ title: indexPatternsOrDataViewId.indexPatterns.join(','), + id: indexPatternsOrDataViewId.indexPatterns.join(','), allowNoIndex: true, });