From bf91308b7f156441f7d82cc6d7d06dcc76c29068 Mon Sep 17 00:00:00 2001
From: Patryk Kopycinski <contact@patrykkopycinski.com>
Date: Tue, 26 Oct 2021 16:55:22 +0200
Subject: [PATCH 1/4] [Osquery] Fix live query search doesn't return relevant
 results for agents

---
 x-pack/plugins/osquery/public/agents/use_all_agents.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/x-pack/plugins/osquery/public/agents/use_all_agents.ts b/x-pack/plugins/osquery/public/agents/use_all_agents.ts
index 42e4954989c66..80de9236e99db 100644
--- a/x-pack/plugins/osquery/public/agents/use_all_agents.ts
+++ b/x-pack/plugins/osquery/public/agents/use_all_agents.ts
@@ -35,7 +35,7 @@ export const useAllAgents = (
   return useQuery<GetAgentsResponse>(
     ['agents', osqueryPolicies, searchValue, perPage],
     () => {
-      let kuery = `${osqueryPolicies.map((p) => `policy_id:${p}`).join(' or ')}`;
+      let kuery = `(${osqueryPolicies.map((p) => `policy_id:${p}`).join(' or ')})`;
 
       if (searchValue) {
         kuery += ` and (local_metadata.host.hostname:*${searchValue}* or local_metadata.elastic.agent.id:*${searchValue}*)`;

From e439ebd70d4919cc2d25326983b26a7f77106df3 Mon Sep 17 00:00:00 2001
From: Patryk Kopycinski <contact@patrykkopycinski.com>
Date: Tue, 26 Oct 2021 18:43:52 +0200
Subject: [PATCH 2/4] fix error message

---
 .../plugins/osquery/public/agents/use_all_agents.ts |  4 +++-
 .../server/routes/fleet_wrapper/get_agents.ts       | 13 +++++++++----
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/x-pack/plugins/osquery/public/agents/use_all_agents.ts b/x-pack/plugins/osquery/public/agents/use_all_agents.ts
index 80de9236e99db..09d589771079b 100644
--- a/x-pack/plugins/osquery/public/agents/use_all_agents.ts
+++ b/x-pack/plugins/osquery/public/agents/use_all_agents.ts
@@ -54,10 +54,12 @@ export const useAllAgents = (
       enabled: !osqueryPoliciesLoading && osqueryPolicies.length > 0,
       onSuccess: () => setErrorToast(),
       onError: (error) =>
-        setErrorToast(error as Error, {
+        // @ts-expect-error update types
+        setErrorToast(error?.body, {
           title: i18n.translate('xpack.osquery.agents.fetchError', {
             defaultMessage: 'Error while fetching agents',
           }),
+          toastMessage: error?.body?.error,
         }),
     }
   );
diff --git a/x-pack/plugins/osquery/server/routes/fleet_wrapper/get_agents.ts b/x-pack/plugins/osquery/server/routes/fleet_wrapper/get_agents.ts
index d45cb26e0d199..f129e95fd9508 100644
--- a/x-pack/plugins/osquery/server/routes/fleet_wrapper/get_agents.ts
+++ b/x-pack/plugins/osquery/server/routes/fleet_wrapper/get_agents.ts
@@ -22,10 +22,15 @@ export const getAgentsRoute = (router: IRouter, osqueryContext: OsqueryAppContex
     async (context, request, response) => {
       const esClient = context.core.elasticsearch.client.asInternalUser;
 
-      const agents = await osqueryContext.service
-        .getAgentService()
-        // @ts-expect-error update types
-        ?.listAgents(esClient, request.query);
+      let agents;
+      try {
+        agents = await osqueryContext.service
+          .getAgentService()
+          // @ts-expect-error update types
+          ?.listAgents(esClient, request.query);
+      } catch (error) {
+        return response.badRequest({ body: error });
+      }
 
       return response.ok({ body: agents });
     }

From 0eea20fa4608a8ea153a8e5de06f621a6d9a2995 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Patryk=20Kopyci=C5=84ski?= <contact@patrykkopycinski.com>
Date: Tue, 26 Oct 2021 20:29:54 +0200
Subject: [PATCH 3/4] Update use_all_agents.ts

---
 x-pack/plugins/osquery/public/agents/use_all_agents.ts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/x-pack/plugins/osquery/public/agents/use_all_agents.ts b/x-pack/plugins/osquery/public/agents/use_all_agents.ts
index 09d589771079b..03660a970aeef 100644
--- a/x-pack/plugins/osquery/public/agents/use_all_agents.ts
+++ b/x-pack/plugins/osquery/public/agents/use_all_agents.ts
@@ -59,6 +59,7 @@ export const useAllAgents = (
           title: i18n.translate('xpack.osquery.agents.fetchError', {
             defaultMessage: 'Error while fetching agents',
           }),
+          // @ts-expect-error update types
           toastMessage: error?.body?.error,
         }),
     }

From bcc49db2588b9ec1a666f192c9365252c5f85e76 Mon Sep 17 00:00:00 2001
From: Patryk Kopycinski <contact@patrykkopycinski.com>
Date: Tue, 26 Oct 2021 21:47:08 +0200
Subject: [PATCH 4/4] fix aliases

---
 .../osquery/public/packs/queries/ecs_mapping_editor_field.tsx   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/x-pack/plugins/osquery/public/packs/queries/ecs_mapping_editor_field.tsx b/x-pack/plugins/osquery/public/packs/queries/ecs_mapping_editor_field.tsx
index 4d7776bdb2954..2551b4d6c924b 100644
--- a/x-pack/plugins/osquery/public/packs/queries/ecs_mapping_editor_field.tsx
+++ b/x-pack/plugins/osquery/public/packs/queries/ecs_mapping_editor_field.tsx
@@ -768,7 +768,7 @@ export const ECSMappingEditorField = ({
               LIMIT 5;
             */
 
-            if (selectItem.type === 'FunctionCall' && selectItem.hasAs) {
+            if (selectItem.hasAs && selectItem.alias) {
               return [
                 {
                   label: selectItem.alias,