Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] Alert Table Displays Dashes for geo_point Field with Object or Point Values #164677

Open
WafaaNasr opened this issue Aug 24, 2023 · 3 comments
Open

[Security Solution] Alert Table Displays Dashes for geo_point Field with Object or Point Values #164677

WafaaNasr opened this issue Aug 24, 2023 · 3 comments
Labels
bug Fixes for quality problems that affect the customer experience Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) Team:Threat Hunting:Investigations Security Solution Investigations Team

Comments

@WafaaNasr
Copy link
Contributor

Kibana version: 8.11

Describe the bug:
When a geo_point field containing either an object or a point with coordinates is presented in the alert table, the displayed values are shown as dashes ("-") instead of showing the actual values.

Steps to reproduce:

  1. Add the mapping for an index

     PUT my-index-00002
   {
       "mappings": {
         "properties": {
           "location": {
             "type": "geo_point"
           },
           "@timestamp": {
             "type": "date"
           },
          "text":{
             "type": "text"
           }
         }
       }
   }

  2. Index the two values

     POST /my-index-00002/_doc
   {
     "@timestamp": "2023-08-24T09:10:12.711Z",
       "text": "Geopoint as an object using GeoJSON format",
     "location": { 
       "type": "Point",
       "coordinates": [-71.34, 41.12]
     }
   }
 POST /my-index-00002/_doc
   {
     "@timestamp": "2023-08-24T09:10:12.711Z",
    "text": "Geopoint as an object with 'lat' and 'lon' keys",
      "location": {
       "lat": 41.12,
       "lon": -71.34
     }
 }

  3. Navigate to the alert table view.

  4. Ensure that the alert contains a location field with object or point values that include coordinates.

  5. Observe the values displayed in the location field column

Expected behavior:

These values should be displayed as they are supported values based on the (docs)[https://www.elastic.co/guide/en/elasticsearch/reference/current/geo-point.html#CO53-3]

Screenshots (if relevant):
image
@WafaaNasr WafaaNasr added the bug Fixes for quality problems that affect the customer experience label Aug 24, 2023
@botelastic botelastic bot added the needs-team Issues missing a team label label Aug 24, 2023
@WafaaNasr WafaaNasr changed the title Alert Table Displays Dashes for geo_point Field with Object or Point Values [Security Solution] [Alert Table] Alert Table Displays Dashes for geo_point Field with Object or Point Values Aug 24, 2023
@WafaaNasr WafaaNasr changed the title [Security Solution] [Alert Table] Alert Table Displays Dashes for geo_point Field with Object or Point Values [Security Solution] Alert Table Displays Dashes for geo_point Field with Object or Point Values Aug 24, 2023
@WafaaNasr WafaaNasr mentioned this issue Aug 24, 2023
Closed
@yctercero yctercero added the Team:Threat Hunting:Investigations Security Solution Investigations Team label Aug 25, 2023
@botelastic botelastic bot removed the needs-team Issues missing a team label label Aug 25, 2023
@yctercero
Copy link
Contributor

Hey @michaelolo24 ! I'm not sure if this would be your team or response ops. Please let us know if we can provide any further information.

@PhilippeOberti PhilippeOberti added the Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) label Nov 19, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/response-ops (Team:ResponseOps)

@cnasikas
Copy link
Member

@PhilippeOberti @yctercero Could you please investigate if this is a ResponseOps issue or a Security solution one?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Fixes for quality problems that affect the customer experience Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) Team:Threat Hunting:Investigations Security Solution Investigations Team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@cnasikas @yctercero @WafaaNasr @elasticmachine @michaelolo24 @PhilippeOberti