Skip to content

[Security Solution] Remove index pattern field from Sourcerer#190113

Merged
lgestc merged 6 commits intoelastic:mainfrom
lgestc:remove_index_pattern
Oct 28, 2024
Merged

[Security Solution] Remove index pattern field from Sourcerer#190113
lgestc merged 6 commits intoelastic:mainfrom
lgestc:remove_index_pattern

Conversation

@lgestc
Copy link
Contributor

@lgestc lgestc commented Aug 8, 2024
edited
Loading

Summary

This PR removes index pattern field from the sourcerer model, replacing it with direct access to data view spec.

The end goal for the sourcerer is to just utilize platform wide Data View Types, instead of some custom abstractions / containers such as indexPattern field which is effectively a DataViewSpec, just packed up differently.

@lgestc lgestc added release_note:skip Skip the PR/issue when compiling release notes backport:skip This PR does not require backporting Team:Threat Hunting:Investigations Security Solution Threat Hunting Investigations Team labels Aug 8, 2024
@lgestc lgestc force-pushed the remove_index_pattern branch from 45f100c to ffee9d9 Compare August 9, 2024 09:56
@elastic elastic deleted a comment from kibana-ci Aug 9, 2024
@lgestc lgestc force-pushed the remove_index_pattern branch 2 times, most recently from 0543a83 to e6411d4 Compare August 12, 2024 08:35
@elastic elastic deleted a comment from kibana-ci Aug 12, 2024
@lgestc lgestc force-pushed the remove_index_pattern branch from e6411d4 to 55dc5f5 Compare August 13, 2024 10:12
@elastic elastic deleted a comment from kibana-ci Aug 13, 2024
@lgestc lgestc force-pushed the remove_index_pattern branch from ae938f0 to 2d72933 Compare August 13, 2024 12:31
@elastic elastic deleted a comment from kibana-ci Aug 13, 2024
@lgestc lgestc marked this pull request as ready for review August 13, 2024 13:58
@lgestc lgestc requested review from a team as code owners August 13, 2024 13:58
@elasticmachine
Copy link
Contributor

elasticmachine commented Aug 13, 2024

Pinging @elastic/security-threat-hunting-investigations (Team:Threat Hunting:Investigations)

@lgestc lgestc force-pushed the remove_index_pattern branch 3 times, most recently from 1eb35ba to c747754 Compare August 19, 2024 12:46
@lgestc lgestc requested a review from logeekal August 19, 2024 12:47
@elastic elastic deleted a comment from kibana-ci Aug 19, 2024
@opauloh opauloh added the ci:cloud-deploy Create or update a Cloud deployment label Aug 19, 2024
@opauloh
Copy link
Contributor

opauloh commented Aug 19, 2024

/ci

@elastic elastic deleted a comment from elasticmachine Oct 21, 2024
@elasticmachine
Copy link
Contributor

elasticmachine commented Oct 22, 2024

Pinging @elastic/security-threat-hunting-explore (Team:Threat Hunting:Explore)

angorayc
angorayc reviewed Oct 22, 2024
View reviewed changes
@lgestc lgestc force-pushed the remove_index_pattern branch from 486d4d1 to 4bc6290 Compare October 22, 2024 12:03
@lgestc lgestc requested a review from angorayc October 22, 2024 12:42
@lgestc lgestc requested review from dplumlee and tiansivive October 23, 2024 12:49
dplumlee
dplumlee approved these changes Oct 23, 2024
View reviewed changes
Copy link
Contributor

@dplumlee dplumlee left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM @lgestc, thanks for addressing my comments

@tiansivive tiansivive removed their request for review October 24, 2024 08:44
logeekal
logeekal reviewed Oct 25, 2024
View reviewed changes
Copy link
Contributor

@logeekal logeekal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes look good but it is a little confusing regarding the name indexPattern which is not renamed but equal to DataViewBase or DataViewSpec at multiple places.

x-pack/plugins/security_solution/public/common/components/events_viewer/index.tsx
filters: globalFilters,
from: start,
indexPattern,
indexPattern: sourcererDataView,
Copy link
Contributor

@logeekal logeekal Oct 25, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess it makes sense to rename parameter as sourceDataView as well?

...urity_solution/public/common/components/markdown_editor/plugins/insight/use_insight_query.ts
config: esQueryConfig,
dataProviders,
indexPattern,
indexPattern: sourcererDataView,
Copy link
Contributor

@logeekal logeekal Oct 25, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as before regarding renaming parameter.

x-pack/plugins/security_solution/public/common/lib/kuery/index.ts
config: EsQueryConfig;
dataProviders: DataProvider[];
indexPattern: DataViewBase;
indexPattern?: DataViewSpec;
Copy link
Contributor

@logeekal logeekal Oct 25, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same comment about renaming.

@tiansivive tiansivive self-requested a review October 25, 2024 08:12
tiansivive
tiansivive approved these changes Oct 25, 2024
View reviewed changes
Copy link
Contributor

@tiansivive tiansivive left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM from Entity Analytics

@elasticmachine
Copy link
Contributor

elasticmachine commented Oct 25, 2024

💚 Build Succeeded

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
securitySolution 6035 6036 +1

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 20.2MB 20.2MB +69.0B
threatIntelligence 57.3KB 57.3KB -30.0B
total +39.0B

History

@lgestc lgestc merged commit a8048dd into elastic:main Oct 28, 2024
tiansivive pushed a commit to tiansivive/kibana that referenced this pull request Oct 29, 2024
@lgestc @tiansivive
[Security Solution] Remove index pattern field from Sourcerer (elasti…
d088932 
…c#190113)

## Summary

This PR removes index pattern field from the sourcerer model, replacing
it with direct access to data view spec.

The end goal for the sourcerer is to just utilize platform wide Data
View Types, instead of some custom abstractions / containers such as
indexPattern field which is effectively a DataViewSpec, just packed up
differently.
@christineweng christineweng mentioned this pull request Jun 5, 2025
Merged
@christineweng
Copy link
Contributor

christineweng commented Jun 5, 2025

💚 All backports created successfully

Status Branch Result
8.19

Note: Successful backport PRs will be merged automatically after passing CI.

Questions ?

Please refer to the Backport tool documentation

christineweng pushed a commit to christineweng/kibana that referenced this pull request Jun 5, 2025
@lgestc
[Security Solution] Remove index pattern field from Sourcerer (elasti…
2c2802e 
…c#190113)

## Summary

This PR removes index pattern field from the sourcerer model, replacing
it with direct access to data view spec.

The end goal for the sourcerer is to just utilize platform wide Data
View Types, instead of some custom abstractions / containers such as
indexPattern field which is effectively a DataViewSpec, just packed up
differently.

(cherry picked from commit a8048dd)

# Conflicts:
#	x-pack/plugins/security_solution/public/detections/components/alerts_table/index.tsx
#	x-pack/plugins/security_solution/public/detections/hooks/trigger_actions_alert_table/use_persistent_controls.tsx
#	x-pack/plugins/security_solution/public/entity_analytics/api/hooks/use_preview_risk_scores.ts
#	x-pack/plugins/security_solution/public/timelines/components/timeline/query_bar/eql/index.tsx
#	x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/index.tsx
#	x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/alerts_grouping.tsx
#	x-pack/solutions/security/plugins/security_solution/public/detections/components/detection_engine_filters/detection_engine_filters.tsx
#	x-pack/solutions/security/plugins/security_solution/public/detections/pages/alerts/detection_engine.tsx
#	x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/risk_score_preview_section.tsx
#	x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/top_risk_score_contributors_alerts/index.tsx
#	x-pack/solutions/security/plugins/security_solution/public/explore/users/pages/details/index.tsx
#	x-pack/solutions/security/plugins/security_solution/public/kubernetes/pages/utils/data_view_spec_to_index_pattern.ts
#	x-pack/solutions/security/plugins/security_solution/public/overview/components/event_counts/index.test.tsx
#	x-pack/solutions/security/plugins/security_solution/public/overview/components/events_by_dataset/index.tsx
#	x-pack/solutions/security/plugins/security_solution/public/timelines/components/timeline/tabs/eql/index.tsx
#	x-pack/solutions/security/plugins/security_solution/public/timelines/components/timeline/tabs/query/index.tsx
christineweng added a commit to christineweng/kibana that referenced this pull request Jun 5, 2025
@christineweng
[Security Solution] Remove index pattern field from Sourcerer (elasti…
2f56e94 
…c#190113)

This PR removes index pattern field from the sourcerer model, replacing
it with direct access to data view spec.

The end goal for the sourcerer is to just utilize platform wide Data
View Types, instead of some custom abstractions / containers such as
indexPattern field which is effectively a DataViewSpec, just packed up
differently.
christineweng added a commit that referenced this pull request Jun 6, 2025
@christineweng @lgestc
[8.19] [Security Solution] Remove index pattern field from Sourcerer (#…
7cbb4e3 
…190113) And other sourcerer clean ups (#222889)

# Backport

This will backport the following commits from `main` to `8.19`:
- [[Security Solution] Remove index pattern field from Sourcerer
(#190113)](#190113)
- [remove unused fields from the sourcerer hook result
#206030](#206030)
- [[Security Solution][Sourcerer] Rename index pattern props to data
view #216542](#216542)

<!--- Backport version: 10.0.0 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Luke
Gmys","email":"11671118+lgestc@users.noreply.github.com"},"sourceCommit":{"committedDate":"2024-10-28T11:11:00Z","message":"[Security
Solution] Remove index pattern field from Sourcerer (#190113)\n\n##
Summary\r\n\r\nThis PR removes index pattern field from the sourcerer
model, replacing\r\nit with direct access to data view spec.\r\n\r\nThe
end goal for the sourcerer is to just utilize platform wide Data\r\nView
Types, instead of some custom abstractions / containers such
as\r\nindexPattern field which is effectively a DataViewSpec, just
packed
up\r\ndifferently.","sha":"a8048ddf6b3f6623c87236c875a0ef1506a39fe2","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","backport:skip","v9.0.0","Team:Threat
Hunting:Investigations","Team:Threat
Hunting:Explore"],"title":"[Security Solution] Remove index pattern
field from
Sourcerer","number":190113,"url":"https://github.com/elastic/kibana/pull/190113","mergeCommit":{"message":"[Security
Solution] Remove index pattern field from Sourcerer (#190113)\n\n##
Summary\r\n\r\nThis PR removes index pattern field from the sourcerer
model, replacing\r\nit with direct access to data view spec.\r\n\r\nThe
end goal for the sourcerer is to just utilize platform wide Data\r\nView
Types, instead of some custom abstractions / containers such
as\r\nindexPattern field which is effectively a DataViewSpec, just
packed
up\r\ndifferently.","sha":"a8048ddf6b3f6623c87236c875a0ef1506a39fe2"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/190113","number":190113,"mergeCommit":{"message":"[Security
Solution] Remove index pattern field from Sourcerer (#190113)\n\n##
Summary\r\n\r\nThis PR removes index pattern field from the sourcerer
model, replacing\r\nit with direct access to data view spec.\r\n\r\nThe
end goal for the sourcerer is to just utilize platform wide Data\r\nView
Types, instead of some custom abstractions / containers such
as\r\nindexPattern field which is effectively a DataViewSpec, just
packed
up\r\ndifferently.","sha":"a8048ddf6b3f6623c87236c875a0ef1506a39fe2"}}]}]
BACKPORT-->

---------

Co-authored-by: Luke Gmys <11671118+lgestc@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@logeekal logeekal logeekal left review comments

@tiansivive tiansivive tiansivive approved these changes

@angorayc angorayc angorayc approved these changes

@opauloh opauloh opauloh approved these changes

@dplumlee dplumlee dplumlee approved these changes

@jaredburgettelastic jaredburgettelastic Awaiting requested review from jaredburgettelastic jaredburgettelastic was automatically assigned from elastic/security-entity-analytics

@christineweng christineweng Awaiting requested review from christineweng

Assignees

No one assigned

Labels

backport:skip This PR does not require backporting release_note:skip Skip the PR/issue when compiling release notes Team:Threat Hunting:Investigations Security Solution Threat Hunting Investigations Team v8.19.0 v9.0.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

10 participants

@lgestc @elasticmachine @opauloh @kibana-ci @christineweng @tiansivive @angorayc @logeekal @dplumlee @kibanamachine