Skip to content

[Security Solution][Resolver] Fixing ES mapping failure for ES archiver#100835

Merged
jonathan-buttner merged 2 commits intoelastic:masterfrom
jonathan-buttner:fix-resolver-winlogbeat-archive
May 28, 2021
Merged

[Security Solution][Resolver] Fixing ES mapping failure for ES archiver#100835
jonathan-buttner merged 2 commits intoelastic:masterfrom
jonathan-buttner:fix-resolver-winlogbeat-archive

Conversation

@jonathan-buttner
Copy link
Contributor

@jonathan-buttner jonathan-buttner commented May 27, 2021
edited
Loading

This PR fixes an ES failure that was occurring in a new 7.13 release of Elasticsearch. The failure is because our mapping was trying to set this field index.routing.allocation.include._tier.

Related issue with more background here: #100697

To test run the following integration tests:

Start the server:

yarn test:ftr:server --config x-pack/test/security_solution_endpoint_api_int/config.ts

Start the runner

yarn test:ftr:runner --config x-pack/test/security_solution_endpoint_api_int/config.ts

@jonathan-buttner jonathan-buttner added v8.0.0 release_note:skip Skip the PR/issue when compiling release notes Feature:Resolver Security Solution Resolver feature Team:Threat Hunting Security Solution Threat Hunting Team v7.14.0 labels May 27, 2021
@spalger
Copy link
Contributor

spalger commented May 27, 2021

@elasticmachine merge upstream

(restarting now that updated ES build is promoted)

spalger
spalger approved these changes May 27, 2021
View reviewed changes
Copy link
Contributor

@spalger spalger left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM on green CI

@kibanamachine
Copy link
Contributor

kibanamachine commented May 28, 2021

💚 Build Succeeded

Metrics [docs]

Unknown metric groups

References to deprecated APIs

id before after diff
canvas 29 25 -4
crossClusterReplication 8 6 -2
globalSearch 4 2 -2
indexManagement 12 7 -5
infra 261 149 -112
lens 67 45 -22
licensing 18 15 -3
maps 286 208 -78
securitySolution 386 342 -44
stackAlerts 101 95 -6
total -278

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@jonathan-buttner jonathan-buttner marked this pull request as ready for review May 28, 2021 13:07
@jonathan-buttner jonathan-buttner requested a review from a team as a code owner May 28, 2021 13:07
@elasticmachine
Copy link
Contributor

elasticmachine commented May 28, 2021

Pinging @elastic/security-threat-hunting (Feature:Resolver)

@jonathan-buttner jonathan-buttner added the auto-backport Deprecated - use backport:version if exact versions are needed label May 28, 2021
@jonathan-buttner jonathan-buttner enabled auto-merge (squash) May 28, 2021 13:08
@jonathan-buttner jonathan-buttner linked an issue May 28, 2021 that may be closed by this pull request
Failing ES Promotion: Endpoint plugin Resolver tests Resolver tests for the entity route winlogbeat tests "before all" hook for "returns a winlogbeat sysmon event when the event matches the schema correctly" #100697
Closed
@jonathan-buttner jonathan-buttner merged commit 692806a into elastic:master May 28, 2021
kibanamachine added a commit to kibanamachine/kibana that referenced this pull request May 28, 2021
@jonathan-buttner @kibanamachine
Fixing ES archive mapping failure (elastic#100835)
fca2b45 
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
@kibanamachine kibanamachine mentioned this pull request May 28, 2021
Merged
@kibanamachine
Copy link
Contributor

kibanamachine commented May 28, 2021

💚 Backport successful

Status Branch Result
7.x

This backport PR will be merged automatically after passing CI.

@jonathan-buttner jonathan-buttner deleted the fix-resolver-winlogbeat-archive branch May 28, 2021 16:52
kibanamachine added a commit that referenced this pull request May 28, 2021
@kibanamachine @jonathan-buttner
Fixing ES archive mapping failure (#100835) (#100917)
92bc2ec 
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>

Co-authored-by: Jonathan Buttner <56361221+jonathan-buttner@users.noreply.github.com>
gmmorris added a commit to gmmorris/kibana that referenced this pull request May 28, 2021
@gmmorris
Merge branch 'master' into task-manager/capacity-estimation
d1de507 
* master: (77 commits)
  [RAC][Security Solution] Register Security Detection Rules with Rule Registry (elastic#96015)
  [Enterprise Search] Log warning for Kibana/EntSearch version mismatches (elastic#100809)
  updating the saved objects test to include more saved object types (elastic#100828)
  [ML] Fix categorization job view examples link when datafeed uses multiple indices (elastic#100789)
  Fixing ES archive mapping failure (elastic#100835)
  Fix bug with Observability > APM header navigation (elastic#100845)
  [Security Solution][Endpoint] Add event filters summary card to the fleet endpoint tab (elastic#100668)
  [Actions] Taking space id into account when creating email footer link (elastic#100734)
  Ensure comments on parameters in arrow functions are captured in the docs and ci metrics. (elastic#100823)
  [Security Solution] Improve find rule and find rule status route performance (elastic#99678)
  [DOCS] Adds video to introduction (elastic#100906)
  [Fleet] Improve combo box for fleet settings (elastic#100603)
  [Security Solution][Endpoint] Endpoint generator and data loader support for Host Isolation (elastic#100813)
  [DOCS] Adds Lens video (elastic#100898)
  [TSVB] [Table tab] Fix "Math" aggregation (elastic#100765)
  chore(NA): moving @kbn/io-ts-utils into bazel (elastic#100810)
  [Alerting] Adding feature flag for enabling/disabling rule import and export (elastic#100718)
  [TSVB] Fix Upgrading from 7.12.1 to 7.13.0 breaks TSVB (elastic#100864)
  [Lens] Adds dynamic table cell coloring (elastic#95217)
  [Security Solution][Endpoint] Do not display searchbar in security-trusted apps if there are no items (elastic#100853)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@michaelolo24 michaelolo24 michaelolo24 approved these changes

+1 more reviewer

@spalger spalger spalger approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

auto-backport Deprecated - use backport:version if exact versions are needed Feature:Resolver Security Solution Resolver feature release_note:skip Skip the PR/issue when compiling release notes Team:Threat Hunting Security Solution Threat Hunting Team v7.14.0 v8.0.0

Projects

None yet

Milestone

No milestone

5 participants

@jonathan-buttner @spalger @kibanamachine @elasticmachine @michaelolo24