[Security Solution] Fix incorrect time for dns histogram (#83532)

* getSuitableUnit

* update dns histogram query

* update dns query

* update dns histogram query

* fix type error

* fix lint error

* remove unused comments

* fix histogram query size

* revert change

* fix unit test

* fix dns request options

* clean up

* cleanup types

* fix dependency

* review

* review

* revert

* restore docValueFields

* fix unit test

* cleanup

* restore docValueFields for dns histogram

* review

* review

* lint

Co-authored-by: Kibana Machine <[email protected]>

Author: angorayc

x-pack/plugins/security_solution/common/search_strategy/security_solution/matrix_histogram/index.ts

@@ -37,6 +37,7 @@ export interface MatrixHistogramRequestOptions extends RequestBasicOptions {
   stackByField: string;
   threshold?: { field: string | undefined; value: number } | undefined;
   inspect?: Maybe<Inspect>;
+  isPtrIncluded?: boolean;
 }
 
 export interface MatrixHistogramStrategyResponse extends IEsSearchResponse {

x-pack/plugins/security_solution/public/common/components/charts/barchart.tsx

@@ -47,6 +47,9 @@ const checkIfAnyValidSeriesExist = (
   !checkIfAllValuesAreZero(data) &&
   data.some(checkIfAllTheDataInTheSeriesAreValid);
 
+const yAccessors = ['y'];
+const splitSeriesAccessors = ['g'];
+
 // Bar chart rotation: https://ela.st/chart-rotations
 export const BarChartBaseComponent = ({
   data,
@@ -86,9 +89,9 @@ export const BarChartBaseComponent = ({
             xScaleType={getOr(ScaleType.Linear, 'configs.series.xScaleType', chartConfigs)}
             yScaleType={getOr(ScaleType.Linear, 'configs.series.yScaleType', chartConfigs)}
             xAccessor="x"
-            yAccessors={['y']}
+            yAccessors={yAccessors}
             timeZone={timeZone}
-            splitSeriesAccessors={['g']}
+            splitSeriesAccessors={splitSeriesAccessors}
             data={series.value!}
             stackAccessors={get('configs.series.stackAccessors', chartConfigs)}
             color={series.color ? series.color : undefined}

x-pack/plugins/security_solution/public/common/components/matrix_histogram/index.tsx

@@ -64,6 +64,7 @@ const HistogramPanel = styled(Panel)<{ height?: number }>`
 export const MatrixHistogramComponent: React.FC<MatrixHistogramComponentProps> = ({
   chartHeight,
   defaultStackByOption,
+  docValueFields,
   endDate,
   errorMessage,
   filterQuery,
@@ -72,6 +73,7 @@ export const MatrixHistogramComponent: React.FC<MatrixHistogramComponentProps> =
   hideHistogramIfEmpty = false,
   id,
   indexNames,
+  isPtrIncluded,
   legendPosition,
   mapping,
   panelHeight = DEFAULT_PANEL_HEIGHT,
@@ -138,6 +140,8 @@ export const MatrixHistogramComponent: React.FC<MatrixHistogramComponentProps> =
     indexNames,
     startDate,
     stackByField: selectedStackByOption.value,
+    isPtrIncluded,
+    docValueFields,
   });
 
   const titleWithStackByField = useMemo(

x-pack/plugins/security_solution/public/common/components/matrix_histogram/types.ts

@@ -12,6 +12,7 @@ import { InputsModelId } from '../../store/inputs/constants';
 import { MatrixHistogramType } from '../../../../common/search_strategy/security_solution';
 import { UpdateDateRange } from '../charts/common';
 import { GlobalTimeArgs } from '../../containers/use_global_time';
+import { DocValueFields } from '../../../../common/search_strategy';
 
 export type MatrixHistogramMappingTypes = Record<
   string,
@@ -57,6 +58,7 @@ interface MatrixHistogramBasicProps {
 }
 
 export interface MatrixHistogramQueryProps {
+  docValueFields?: DocValueFields[];
   endDate: string;
   errorMessage: string;
   indexNames: string[];
@@ -72,6 +74,7 @@ export interface MatrixHistogramQueryProps {
   histogramType: MatrixHistogramType;
   threshold?: { field: string | undefined; value: number } | undefined;
   skip?: boolean;
+  isPtrIncluded?: boolean;
 }
 
 export interface MatrixHistogramProps extends MatrixHistogramBasicProps {

x-pack/plugins/security_solution/public/common/containers/matrix_histogram/index.ts

@@ -5,7 +5,7 @@
  */
 
 import deepEqual from 'fast-deep-equal';
-import { getOr, noop } from 'lodash/fp';
+import { getOr, isEmpty, noop } from 'lodash/fp';
 import { useCallback, useEffect, useRef, useState } from 'react';
 
 import { MatrixHistogramQueryProps } from '../../components/matrix_histogram/types';
@@ -43,11 +43,13 @@ export interface UseMatrixHistogramArgs {
 }
 
 export const useMatrixHistogram = ({
+  docValueFields,
   endDate,
   errorMessage,
   filterQuery,
   histogramType,
   indexNames,
+  isPtrIncluded,
   stackByField,
   startDate,
   threshold,
@@ -76,6 +78,8 @@ export const useMatrixHistogram = ({
     },
     stackByField,
     threshold,
+    ...(isPtrIncluded != null ? { isPtrIncluded } : {}),
+    ...(!isEmpty(docValueFields) ? { docValueFields } : {}),
   });
 
   const [matrixHistogramResponse, setMatrixHistogramResponse] = useState<UseMatrixHistogramArgs>({
@@ -167,13 +171,25 @@ export const useMatrixHistogram = ({
         },
         stackByField,
         threshold,
+        ...(isPtrIncluded != null ? { isPtrIncluded } : {}),
+        ...(!isEmpty(docValueFields) ? { docValueFields } : {}),
       };
       if (!deepEqual(prevRequest, myRequest)) {
         return myRequest;
       }
       return prevRequest;
     });
-  }, [indexNames, endDate, filterQuery, startDate, stackByField, histogramType, threshold]);
+  }, [
+    indexNames,
+    endDate,
+    filterQuery,
+    startDate,
+    stackByField,
+    histogramType,
+    threshold,
+    isPtrIncluded,
+    docValueFields,
+  ]);
 
   useEffect(() => {
     if (!skip) {

x-pack/plugins/security_solution/public/network/containers/network_dns/histogram.ts

@@ -13,23 +13,23 @@ import { inputsModel } from '../../../common/store';
 import { useShallowEqualSelector } from '../../../common/hooks/use_selector';
 import { useKibana } from '../../../common/lib/kibana';
 import { createFilter } from '../../../common/containers/helpers';
-import { NetworkDnsEdges, PageInfoPaginated } from '../../../../common/search_strategy';
 import { generateTablePaginationOptions } from '../../../common/components/paginated_table/helpers';
 import { networkModel, networkSelectors } from '../../store';
 import {
+  DocValueFields,
   NetworkQueries,
   NetworkDnsRequestOptions,
   NetworkDnsStrategyResponse,
   MatrixOverOrdinalHistogramData,
-} from '../../../../common/search_strategy/security_solution/network';
+  NetworkDnsEdges,
+  PageInfoPaginated,
+} from '../../../../common/search_strategy';
 import { isCompleteResponse, isErrorResponse } from '../../../../../../../src/plugins/data/common';
 import { AbortError } from '../../../../../../../src/plugins/kibana_utils/common';
 import * as i18n from './translations';
 import { getInspectResponse } from '../../../helpers';
 import { InspectResponse } from '../../../types';
 
-export * from './histogram';
-
 const ID = 'networkDnsQuery';
 
 export interface NetworkDnsArgs {
@@ -47,6 +47,7 @@ export interface NetworkDnsArgs {
 
 interface UseNetworkDns {
   id?: string;
+  docValueFields: DocValueFields[];
   indexNames: string[];
   type: networkModel.NetworkType;
   filterQuery?: ESTermQuery | string;
@@ -56,6 +57,7 @@ interface UseNetworkDns {
 }
 
 export const useNetworkDns = ({
+  docValueFields,
   endDate,
   filterQuery,
   indexNames,
@@ -74,6 +76,7 @@ export const useNetworkDns = ({
     !skip
       ? {
           defaultIndex: indexNames,
+          docValueFields: docValueFields ?? [],
           factoryQueryType: NetworkQueries.dns,
           filterQuery: createFilter(filterQuery),
           isPtrIncluded,
@@ -190,6 +193,7 @@ export const useNetworkDns = ({
       const myRequest = {
         ...(prevRequest ?? {}),
         defaultIndex: indexNames,
+        docValueFields: docValueFields ?? [],
         isPtrIncluded,
         factoryQueryType: NetworkQueries.dns,
         filterQuery: createFilter(filterQuery),
@@ -206,7 +210,18 @@ export const useNetworkDns = ({
       }
       return prevRequest;
     });
-  }, [activePage, indexNames, endDate, filterQuery, limit, startDate, sort, skip, isPtrIncluded]);
+  }, [
+    activePage,
+    indexNames,
+    endDate,
+    filterQuery,
+    limit,
+    startDate,
+    sort,
+    skip,
+    isPtrIncluded,
+    docValueFields,
+  ]);
 
   useEffect(() => {
     networkDnsSearch(networkDnsRequest);

x-pack/plugins/security_solution/public/network/containers/network_dns/index.tsx

@@ -8,7 +8,7 @@ import React, { useEffect, useCallback, useMemo } from 'react';
 import { getOr } from 'lodash/fp';
 
 import { NetworkDnsTable } from '../../components/network_dns_table';
-import { useNetworkDns, HISTOGRAM_ID } from '../../containers/network_dns';
+import { useNetworkDns } from '../../containers/network_dns';
 import { manageQuery } from '../../../common/components/page/manage_query';
 
 import { NetworkComponentQueryProps } from './types';
@@ -20,6 +20,10 @@ import {
 import * as i18n from '../translations';
 import { MatrixHistogram } from '../../../common/components/matrix_histogram';
 import { MatrixHistogramType } from '../../../../common/search_strategy/security_solution';
+import { networkSelectors } from '../../store';
+import { useShallowEqualSelector } from '../../../common/hooks/use_selector';
+
+const HISTOGRAM_ID = 'networkDnsHistogramQuery';
 
 const NetworkDnsTableManage = manageQuery(NetworkDnsTable);
 
@@ -43,6 +47,7 @@ export const histogramConfigs: Omit<MatrixHistogramConfigs, 'title'> = {
 
 const DnsQueryTabBodyComponent: React.FC<NetworkComponentQueryProps> = ({
   deleteQuery,
+  docValueFields,
   endDate,
   filterQuery,
   indexNames,
@@ -51,6 +56,9 @@ const DnsQueryTabBodyComponent: React.FC<NetworkComponentQueryProps> = ({
   setQuery,
   type,
 }) => {
+  const getNetworkDnsSelector = networkSelectors.dnsSelector();
+  const { isPtrIncluded } = useShallowEqualSelector(getNetworkDnsSelector);
+
   useEffect(() => {
     return () => {
       if (deleteQuery) {
@@ -63,6 +71,7 @@ const DnsQueryTabBodyComponent: React.FC<NetworkComponentQueryProps> = ({
     loading,
     { totalCount, networkDns, pageInfo, loadPage, id, inspect, isInspected, refetch },
   ] = useNetworkDns({
+    docValueFields: docValueFields ?? [],
     endDate,
     filterQuery,
     indexNames,
@@ -87,9 +96,11 @@ const DnsQueryTabBodyComponent: React.FC<NetworkComponentQueryProps> = ({
   return (
     <>
       <MatrixHistogram
+        id={HISTOGRAM_ID}
+        isPtrIncluded={isPtrIncluded}
+        docValueFields={docValueFields}
         endDate={endDate}
         filterQuery={filterQuery}
-        id={HISTOGRAM_ID}
         indexNames={indexNames}
         setQuery={setQuery}
         showLegend={true}

x-pack/plugins/security_solution/public/network/pages/navigation/dns_query_tab_body.tsx

@@ -27,6 +27,7 @@ import { UpdateDateRange } from '../../../common/components/charts/common';
 export const NetworkRoutes = React.memo<NetworkRoutesProps>(
   ({
     networkPagePath,
+    docValueFields,
     type,
     to,
     filterQuery,
@@ -107,7 +108,7 @@ export const NetworkRoutes = React.memo<NetworkRoutesProps>(
     return (
       <Switch>
         <Route path={`/:tabName(${NetworkRouteType.dns})`}>
-          <DnsQueryTabBody {...tabProps} />
+          <DnsQueryTabBody {...tabProps} docValueFields={docValueFields} />
         </Route>
         <Route path={`/:tabName(${NetworkRouteType.flows})`}>
           <>

x-pack/plugins/security_solution/public/network/pages/navigation/network_routes.tsx

@@ -14,6 +14,7 @@ import { GlobalTimeArgs } from '../../../common/containers/use_global_time';
 
 import { SetAbsoluteRangeDatePicker } from '../types';
 import { NarrowDateRange } from '../../../common/components/ml/types';
+import { DocValueFields } from '../../../common/containers/source';
 
 interface QueryTabBodyProps extends Pick<GlobalTimeArgs, 'setQuery' | 'deleteQuery'> {
   skip: boolean;
@@ -25,7 +26,9 @@ interface QueryTabBodyProps extends Pick<GlobalTimeArgs, 'setQuery' | 'deleteQue
   indexNames: string[];
 }
 
-export type NetworkComponentQueryProps = QueryTabBodyProps;
+export type NetworkComponentQueryProps = QueryTabBodyProps & {
+  docValueFields?: DocValueFields[];
+};
 
 export type IPsQueryTabBodyProps = QueryTabBodyProps & {
   indexPattern: IIndexPattern;
@@ -42,6 +45,7 @@ export type HttpQueryTabBodyProps = QueryTabBodyProps & {
 };
 
 export type NetworkRoutesProps = GlobalTimeArgs & {
+  docValueFields: DocValueFields[];
   networkPagePath: string;
   type: networkModel.NetworkType;
   filterQuery?: string | ESTermQuery;