Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AlertClient.find returns an incorrect Type when the fields options is used #70696

Closed
gmmorris opened this issue Jul 3, 2020 · 3 comments
Closed

AlertClient.find returns an incorrect Type when the fields options is used #70696

gmmorris opened this issue Jul 3, 2020 · 3 comments
Labels
deprecation-blocked estimate:small Small Estimated Level of Effort Feature:Alerting/RulesFramework Issues related to the Alerting Rules Framework Feature:Alerting Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) technical debt Improvement of the software architecture and operational architecture

Comments

@gmmorris
Copy link
Contributor

gmmorris commented Jul 3, 2020
edited by mikecote
Loading

the find api claims to return SanitizedAlert types, but this is not true when the field options is used to narrow down the returned fields.

We should address as it could cause mistakes in getAlertFromRaw which could in theory break find when fields is used.
At the moment we're only aware of a use of fields in siem, but we don't know who might rely on this in their own implementations in the future.

This can be cleaned up when telemetry from #108716 shows usage is below 1% or deprecated for > 2.5 years after deprecating legacy terminology usage.
@gmmorris gmmorris added Feature:Alerting Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) labels Jul 3, 2020
@mikecote mikecote self-assigned this Dec 18, 2020
@mikecote mikecote mentioned this issue Dec 18, 2020
Closed
@mikecote mikecote removed their assignment Jan 19, 2021
@YulNaumenko YulNaumenko added the technical debt Improvement of the software architecture and operational architecture label Mar 11, 2021
@gmmorris gmmorris added Feature:Alerting/RulesFramework Issues related to the Alerting Rules Framework bug Fixes for quality problems that affect the customer experience labels Jul 1, 2021
@gmmorris
Copy link
Contributor Author

gmmorris commented Jul 1, 2021

@mikecote Should we bring #86527 back in 7.16?

@gmmorris gmmorris removed the bug Fixes for quality problems that affect the customer experience label Jul 1, 2021
@mikecote
Copy link
Contributor

mikecote commented Jul 5, 2021

@gmmorris yup, adding it to triage

@mikecote mikecote changed the title AlertClient.find returns an incorrect Type when the fields options is used [8.0 only] AlertClient.find returns an incorrect Type when the fields options is used Jul 7, 2021
@gmmorris gmmorris added the loe:medium Medium Level of Effort label Jul 14, 2021
@mikecote mikecote mentioned this issue Aug 16, 2021
Closed
@gmmorris gmmorris added the estimate:small Small Estimated Level of Effort label Aug 18, 2021
@mikecote mikecote changed the title [8.0 only] AlertClient.find returns an incorrect Type when the fields options is used AlertClient.find returns an incorrect Type when the fields options is used Aug 23, 2021
@gmmorris gmmorris removed the loe:medium Medium Level of Effort label Sep 2, 2021
@ymao1
Copy link
Contributor

ymao1 commented Nov 19, 2021

Closing as duplicate of #76527

@ymao1 ymao1 closed this as completed Nov 19, 2021
@kobelb kobelb added the needs-team Issues missing a team label label Jan 31, 2022
@botelastic botelastic bot removed the needs-team Issues missing a team label label Jan 31, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
deprecation-blocked estimate:small Small Estimated Level of Effort Feature:Alerting/RulesFramework Issues related to the Alerting Rules Framework Feature:Alerting Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) technical debt Improvement of the software architecture and operational architecture
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Remove capability of limiting fields returned by the alerts find API mikecote/kibana
5 participants
@gmmorris @kobelb @mikecote @ymao1 @YulNaumenko