Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[OSQuery] View in Discover links broken for results #194492

Open
nicpenning opened this issue Sep 30, 2024 · 2 comments
Open

[OSQuery] View in Discover links broken for results #194492

nicpenning opened this issue Sep 30, 2024 · 2 comments
Labels
bug Fixes for quality problems that affect the customer experience Feature:Osquery Security Solution Osquery feature Team:Defend Workflows “EDR Workflows” sub-team of Security Solution Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.

Comments

@nicpenning
Copy link

Kibana version:
8.15.2
Elasticsearch version:
8.15.2
Server OS version:
Windows Server 2019
Browser version:
Edge latest
Browser OS version:
Edge latest
Original install method (e.g. download page, yum, from source, etc.):
Download page
Describe the bug:
When clicking on the View In Discover button in OSQuery, it seems that the link is broken (see screenshots).

Steps to reproduce:

  1. Run an OSQuery
  2. Click either View in Discover button
  3. See error

Expected behavior:
I expect to open up in discover without issue.

Screenshots (if relevant):

Image
Image

Image

Any additional context:
I can't replicate this in a test environment. But I can share these links that seem to be very different:
https://kibanaURL/app/discover#/?_g=h@80ea007&_a=h@7ceab63 --> Doesn't work in production, I see the error above trying to navigate to it.

https://testKibanaURL/app/discover#/?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-undefineds,mode:absolute,to:now))&_a=(dataSource:(dataViewId:f01ed837-3008-4c5e-a5ab-bea7cf6edf4e,type:dataView),filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:f01ed837-3008-4c5e-a5ab-bea7cf6edf4e,key:action_id,negate:!f,params:(query:'09fe7951-2710-4ac2-9bd5-6039775e580a'),type:phrase),query:(match_phrase:(action_id:'09fe7951-2710-4ac2-9bd5-6039775e580a'))))) --> Works in test and is a very different URL

Both Data Views exist in both environments except in our Production environment they have different dataViewIds.
@nicpenning nicpenning added the bug Fixes for quality problems that affect the customer experience label Sep 30, 2024
@botelastic botelastic bot added the needs-team Issues missing a team label label Sep 30, 2024
@marius-dr marius-dr added Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Feature:Osquery Security Solution Osquery feature labels Oct 8, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@botelastic botelastic bot removed the needs-team Issues missing a team label label Oct 8, 2024
@ferullo ferullo added the Team:Defend Workflows “EDR Workflows” sub-team of Security Solution label Oct 9, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-defend-workflows (Team:Defend Workflows)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Fixes for quality problems that affect the customer experience Feature:Osquery Security Solution Osquery feature Team:Defend Workflows “EDR Workflows” sub-team of Security Solution Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@marius-dr @nicpenning @elasticmachine @ferullo