[Security Solution]ES|QL query tab resetting to discover tab. #168431
Comments
sukhwindersingh-qasource
added
bug
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
|
@manishgupta-qasource kindly review this |
|
Reviewed & assigned to @MadameSheema |
|
@sukhwindersingh-qasource - Is this happening after an upgrade with older data or is everything on a fresh instance of 8.11? @jamesspi has seen this behavior as well, but following the steps you outlined, I've been unable to reproduce it |
|
Hi @michaelolo24 We are also not able to reproduce this on the latest snapshot. Please find below the testing details Build Details: Screen Recording: Elastic.Mozilla.Firefox.2023-10-11.12-41-33.mp4Please do let us know if anything else is required from our end. |
|
@sukhwindersingh-qasource may you please share the credentials of the scenario where you can reproduce the issue? Thanks! :) |
MadameSheema
added
Team:Threat Hunting:Investigations
|
Pinging @elastic/security-threat-hunting (Team:Threat Hunting) |
## Summary Handles #168431 This PR fixes a race condition which was causing Discover ES|QL tab to revert to it KQL query bar. See demo below: | Before | After | |---|---| | <video src="https://github.com/elastic/kibana/assets/7485038/24ff8ca9-30ce-4581-94d7-52908a2c81fd" />|<video src="https://github.com/elastic/kibana/assets/7485038/746946ad-bd69-412f-bd38-d3d79b570c68" />|
|
this has been fixed with PR #168716 . Please test it in the next BC |
) ## Summary Handles elastic#168431 This PR fixes a race condition which was causing Discover ES|QL tab to revert to it KQL query bar. See demo below: | Before | After | |---|---| | <video src="https://github.com/elastic/kibana/assets/7485038/24ff8ca9-30ce-4581-94d7-52908a2c81fd" />|<video src="https://github.com/elastic/kibana/assets/7485038/746946ad-bd69-412f-bd38-d3d79b570c68" />| (cherry picked from commit 6fd6966)
) (#168784) # Backport This will backport the following commits from `main` to `8.11`: - [[Security Solution] Fixes ES|QL Tab resetting to KQL Bar (#168716)](#168716) <!--- Backport version: 8.9.7 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Jatin Kathuria","email":"[email protected]"},"sourceCommit":{"committedDate":"2023-10-13T06:22:06Z","message":"[Security Solution] Fixes ES|QL Tab resetting to KQL Bar (#168716)\n\n## Summary\r\n\r\nHandles #168431\r\n\r\nThis PR fixes a race condition which was causing Discover ES|QL tab to\r\nrevert to it KQL query bar. See demo below:\r\n\r\n| Before | After |\r\n|---|---|\r\n| <video\r\nsrc=\"https://github.com/elastic/kibana/assets/7485038/24ff8ca9-30ce-4581-94d7-52908a2c81fd\"\r\n/>|<video\r\nsrc=\"https://github.com/elastic/kibana/assets/7485038/746946ad-bd69-412f-bd38-d3d79b570c68\"\r\n/>|","sha":"6fd6966ed8225935feee247b04b4988424b47c88","branchLabelMapping":{"^v8.12.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Threat Hunting:Investigations","v8.11.0","v8.12.0"],"number":168716,"url":"https://github.com/elastic/kibana/pull/168716","mergeCommit":{"message":"[Security Solution] Fixes ES|QL Tab resetting to KQL Bar (#168716)\n\n## Summary\r\n\r\nHandles #168431\r\n\r\nThis PR fixes a race condition which was causing Discover ES|QL tab to\r\nrevert to it KQL query bar. See demo below:\r\n\r\n| Before | After |\r\n|---|---|\r\n| <video\r\nsrc=\"https://github.com/elastic/kibana/assets/7485038/24ff8ca9-30ce-4581-94d7-52908a2c81fd\"\r\n/>|<video\r\nsrc=\"https://github.com/elastic/kibana/assets/7485038/746946ad-bd69-412f-bd38-d3d79b570c68\"\r\n/>|","sha":"6fd6966ed8225935feee247b04b4988424b47c88"}},"sourceBranch":"main","suggestedTargetBranches":["8.11"],"targetPullRequestStates":[{"branch":"8.11","label":"v8.11.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.12.0","labelRegex":"^v8.12.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/168716","number":168716,"mergeCommit":{"message":"[Security Solution] Fixes ES|QL Tab resetting to KQL Bar (#168716)\n\n## Summary\r\n\r\nHandles #168431\r\n\r\nThis PR fixes a race condition which was causing Discover ES|QL tab to\r\nrevert to it KQL query bar. See demo below:\r\n\r\n| Before | After |\r\n|---|---|\r\n| <video\r\nsrc=\"https://github.com/elastic/kibana/assets/7485038/24ff8ca9-30ce-4581-94d7-52908a2c81fd\"\r\n/>|<video\r\nsrc=\"https://github.com/elastic/kibana/assets/7485038/746946ad-bd69-412f-bd38-d3d79b570c68\"\r\n/>|","sha":"6fd6966ed8225935feee247b04b4988424b47c88"}}]}] BACKPORT--> Co-authored-by: Jatin Kathuria <[email protected]>
|
rechecked the issue on creating new 8.11.0 instance and now able to save the timeline but mentioned issue of query tab reset is still persistent. Build Details: Current Result: Cases.-.Security.-.Elastic.-.Google.Chrome.2023-10-16.15-51-22.mp4Expected Result:
|
|
Thanks @karanbirsingh-qasource , I forgot that BC3 is not yet build and will be available tomorrow. Since this issue was fixed after BC2 as mentioned here, could you please test it in BC3? |
) ## Summary Handles elastic#168431 This PR fixes a race condition which was causing Discover ES|QL tab to revert to it KQL query bar. See demo below: | Before | After | |---|---| | <video src="https://github.com/elastic/kibana/assets/7485038/24ff8ca9-30ce-4581-94d7-52908a2c81fd" />|<video src="https://github.com/elastic/kibana/assets/7485038/746946ad-bd69-412f-bd38-d3d79b570c68" />|
Tested in 8.11.0 BC9Build Details: Preconditions:
Describe the bug: Steps to reproduce:
Current behavior: Expected behavior: Observations:
Query 1 (provided when bug was first reported): Query 2 (a custom query I created for threat intel and malware investigations purposes): After execution of both queries and attaching to existing and new cases, the results displayed were that the ES|QL query tab did not reset to Discover tab and remained in the ES|QL Query tab in Timelines Screenshots of behavior:Query 1 using query reported in bug (results show after attaching an existing case): 
Query 2 generated to query threat indicator files from abuse.ch (results show after attaching a newly created case): 
Screen share recording:esql.bug.test.query.tab.reset.to.discover.extended.version.mp4Conclusion:
@MadameSheema @logeekal @michaelolo24 QA Validation Fixed ✅ per testing in |
Describe the bug:
ES|QL tab query reseting to discover.
Kibana/Elasticsearch Stack version
Version:8.11.0-SNAPSHOT
commit:b8dc9b47eabdacfd73dde39196f2311eb83d0240
build:67811
Browser and Browser OS Version:
Firefox for windows OS
Version: 118.0.1
Elastic Endpoint Version:
8.11.0
Original install method:
None
Functional Area:
ES|QL
Initial Setup:
Steps to reproduce
Additional Observation
Current behavior
Expected behavior:
Screen-Shot:
Create a timeline
Timelines.-.Kibana.Mozilla.Firefox.2023-10-10.12-20-17.mp4
Opened the saved timeline to check it is working correctly
Timelines.-.Kibana.Mozilla.Firefox.2023-10-10.12-18-59.mp4
Opening the timeline After Attaching it to case
Timelines.-.Kibana.Mozilla.Firefox.2023-10-10.13-00-52.mp4
Errors in browser console:
The text was updated successfully, but these errors were encountered: