[Security Solution] - Fail to create EQL rule when courier:maxConcurrentShardRequests is set #165090
Comments
fdartayre
added
bug
jsanz
added
the
Team: SecuritySolution
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
MadameSheema
added
triage_needed
Team:Detections and Resp
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
|
Hey @astefan ! Could you confirm that this is expected behavior? @fdartayre this seems more a product of the language implementation. If that's the case and not expected behavior (in other words, this should be supported) then I think we can assign this over to Elasticsearch. On our end we could provide a better error message indicating to the user that this advanced setting is not supported. |
|
@yctercero ES EQL doesn't support such a parameter. For the record, this is the list of request body parameters recognized by ES SQL: https://www.elastic.co/guide/en/elasticsearch/reference/7.17/eql-search-api.html |
|
@paulewing not sure how common this scenario is? If you think it's fairly common, we could look at providing a user with a warning that this setting is incompatible with EQL/ESQL rules. |
|
HI @paulewing 
|
|
@approksiu forwarding this one over to you, if that's ok. Could you take a look? #165090 (comment) |
yctercero
added
the
impact:low
Kibana version: 8.9.1
Describe the bug:
Creating an EQL rule after configuring
courier:maxConcurrentShardRequestsin the Advanced Settings of the Space results in the following error:{ "error": { "root_cause": [ { "type": "illegal_argument_exception", "reason": "request [/kibana_sample_data_logs/_eql/search] contains unrecognized parameter: [max_concurrent_shard_requests]" } ], "type": "illegal_argument_exception", "reason": "request [/kibana_sample_data_logs/_eql/search] contains unrecognized parameter: [max_concurrent_shard_requests]" }, "status": 400 }Steps to reproduce:
The text was updated successfully, but these errors were encountered: