[search source] return rawResponse on search failure

[nreese]

Closes #167099

Problem

/bsearch and /search APIs only return error key from elasticsearch error response. This is problematic because Inspector needs rawResponse to populate "Clusters and shards"

While working on this issue, I discovered another problem with how error responses are added to inspector requestResponder. The Error instance is added as json key. This is a little awkward since the response tab just stringifies the contents of json, thus stringifing the Error object instead of just the error body returned from API. This PR address this problem by setting json to either attributes or { message }.

Solution

PR updates /bsearch and /search APIs to return { attributes: { error: ErrorCause, rawResponse }} for failed responses. Solution avoided changing KbnServerError and reportServerError since these methods are used extensivly throughout Kibana (see #167544 (comment) for more details). Instead, KbnSearchError and reportSearchError are created to report search error messages.

Test

1. install web logs sample data set
2. open discover
3. add filter

   {
     "error_query": {
       "indices": [
         {
           "error_type": "exception",
           "message": "local shard failure message 123",
           "name": "kibana_sample_data_logs",
           "shard_ids": [
             0
           ]
         }
       ]
     }
   }
   

4. Open inspector. Verify "Clusters and shards" tab is visible and populated. Verify "Response" tab shows "error" and "rawResponse" keys.
   
   

[nreese]

@elasticmachine merge upstream

[elasticmachine]

Pinging @elastic/kibana-data-discovery (Team:DataDiscovery)

[nreese]

@elasticmachine merge upstream

[nreese]

@elasticmachine merge upstream

[nreese]

@elasticmachine merge upstream

[davismcphee]

Code changes LGTM! Just left a couple of minor comments.

Otherwise my only concern is related to backward compatibility. Does changing the error response of the /search and /bsearch endpoints risk breaking backward compatibility in a Serverless upgrade scenario (i.e. backend and frontend versions off by 1)? This is less of a concern while Serverless is in private preview, but something to be mindful of regardless.

Also, unrelated to this PR, but I noticed the inspector uses X failured shard(s) in the title, which looks a little odd. Should it instead say X failed shard(s)?

[davismcphee]

How do we know e.statusCode isn't null here?

[davismcphee]

Is there a scenario we can test for here where rawResponse isn't undefined too?

[nreese]

I can add a test case to API integration tests that verifies rawResponse is returned. These tests are all just mocks, where as API integration tests test actual code paths.

[davismcphee]

That instead also works for me 👍

[nreese]

Also, unrelated to this PR, but I noticed the inspector uses X failured shard(s) in the title, which looks a little odd. Should it instead say X failed shard(s)?

I am not sure I see the problem. It says "1 failed shard" when there is a single shard failure and "3 failed shards" when there are multiple shard failures. This seems like proper english. Could you explain further?

https://github.com/elastic/kibana/blob/main/src/plugins/inspector/public/views/requests/components/details/clusters_view/clusters_table/shards_view/shard_failure_flyout.tsx#L35

{i18n.translate('inspector.requests.clusters.shards.flyoutTitle', {
              defaultMessage:
                '{failedShardCount} failured {failedShardCount, plural, one {shard} other {shards}}',
              values: { failedShardCount: failures.length },
            })}

[davismcphee]

I am not sure I see the problem. It says "1 failed shard" when there is a single shard failure and "3 failed shards" when there are multiple shard failures. This seems like proper english. Could you explain further?

"1 failed shard" makes sense, but currently it's "1 failured shard". There's an additional "ur" in "failed" currently.

[nreese]

"1 failed shard" makes sense, but currently it's "1 failured shard". There's an additional "ur" in "failed" currently.

Thanks, I see that now. I can open a separate PR to resolve

[drewdaemon]

Lens changes make sense to me. I left one question.

Search changes are owned by Discovery, so nothing needed from me there.

[drewdaemon]

Not sure I understand why this guard was inserted. It doesn't look like we gated the logic by the existence of caused_by before.

[nreese]

attributes.error is typed as optional.

[drewdaemon]

It looks like the previous logic assumed that caused_by was defined (type cast) which it must always have been since getNestedErrorClause would have errored if passed undefined.

Given this, I think changing from casting to checking is okay because it should not change the amount of times this branch gets entered.

[nreese]

@elasticmachine merge upstream

[angorayc]

I can reproduce this when running locally with Network throttling. Create an issue to follow it up: #169507

[angorayc]

Could you please check if the error you had was the same as #168709, if so, can you please try unskipping the test?

[nreese]

I removed skip, it is not longer needed now that test has been fixed

[drewdaemon]

It looks like the previous logic assumed that caused_by was defined (type cast) which it must always have been since getNestedErrorClause would have errored if passed undefined.

Given this, I think changing from casting to checking is okay because it should not change the amount of times this branch gets entered.

[PhilippeOberti]

LGTM for the Threat Hunting Investigations team!

[kibana-ci]

💚 Build Succeeded

• Buildkite Build
• Commit: a17c45c

Metrics [docs]

Public APIs missing comments

Total count of every public API that lacks a comment. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats comments for more detailed information.

id	before	after	diff
data	2547	2539	-8

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
lens	1.4MB	1.4MB	+145.0B
securitySolution	13.0MB	13.0MB	+136.0B
timelines	30.0KB	30.2KB	+136.0B
total			+417.0B

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id	before	after	diff
data	407.4KB	407.8KB	+361.0B

Unknown metric groups

API count

id	before	after	diff
data	3202	3194	-8

History

• 💛 Build #169780 was flaky 940dcb5
• 💔 Build #167341 failed 91ece0d
• 💔 Build #167118 failed 45b3a47
• 💔 Build #167090 failed 034e64b
• 💔 Build #167067 failed 8831278
• 💔 Build #166714 failed 127150b

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream