[Security Solution] Replace use_sourcerer_data_view#216997
Merged
lgestc merged 41 commits intoelastic:mainfrom Apr 28, 2025
Merged
[Security Solution] Replace use_sourcerer_data_view#216997lgestc merged 41 commits intoelastic:mainfrom
lgestc merged 41 commits intoelastic:mainfrom
Conversation
lgestc
commented
Apr 3, 2025
Comment on lines
+84
to
+86
| <DataViewPicker | ||
| scope={sourcererScope} | ||
| disabled={sourcererScope === DataViewManagerScopeName.detections} |
Contributor
Author
There was a problem hiding this comment.
disabling the picker on alerts page, right now it is not possible to change the data view anyway since the pattern is not passed to the server side
Contributor
Author
|
replacing most of the useSourcererDataView here :) FYI @christineweng @michaelolo24 |
lgestc
force-pushed
the
replace_use_sourcerer_data_view
branch
from
8a566ec to
74ab922
Compare
lgestc
added
Feature:Sourcerer
Team:Threat Hunting:Investigations
angorayc
requested changes
Apr 23, 2025
Contributor
angorayc
left a comment
angorayc
left a comment
There was a problem hiding this comment.
Great job, well done! Thanks for implementing this @lgestc
Some issues found after applying a temporary data view. Please check #216997 (comment) and see if you are able to reproduce them.
Contributor
Author
thank you Angela, I will take a look & fix this somehow Update: the first problem is by design and will be mitigated somehow, in short - we dont want to allow saving timelines with adhoc dataviews. Possible solution would be to embed the pattern into the timeline, or force the data view save first... it will be addressed somehow in the future PRs. Not sure how yet. 2nd problem - most likely something invalidates the data view cache on the client side, I will try to find out what it is in this specific path. We had similar issue in some other flows where data view cache would be cleared manually in some useEffect context. |
Contributor
Author
Thanks @angorayc ! Fixed the temp issue #2 https://github.com/elastic/kibana/pull/216997/files#diff-64fbab14826f73c2214e6c2d9022011fe8cc2ee6c169381865b9e70f58c01e5bL123 , the toast warning when saving timeline will remain the way it is for now. |
jcger
approved these changes
Apr 28, 2025
...orm/packages/shared/kbn-alerts-ui-shared/src/alert_filter_controls/alert_filter_controls.tsx
Outdated
Show resolved
Hide resolved
Contributor
💚 Build Succeeded
Metrics [docs]Module Count
Async chunks
Unknown metric groupsESLint disabled in files
ESLint disabled line counts
History
|
akowalska622
pushed a commit
to akowalska622/kibana
that referenced
this pull request
May 29, 2025
## Summary This PR replaces `useSourcererDataView` hook / other apis based on the sourcerer component with the new code using unified data view picker. (behind a feature flag for now, with the intention of enabling it before 9.1 if we make it on time). ## Testing Set the following flag, then you should see the new picker, at least on the pages with global header. `xpack.securitySolution.enableExperimental: ['newDataViewPickerEnabled']` **The most important thing**: Not setting the feature flag, you should be able to use the previous sourcerer component with no issues. Optional (this is WIP): On some pages, changing the view using that picker should result in changes to data loaded (inspect the queries made to see if the correct index is picked). --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
christineweng
pushed a commit
to christineweng/kibana
that referenced
this pull request
Jun 6, 2025
This PR replaces `useSourcererDataView` hook / other apis based on the sourcerer component with the new code using unified data view picker. (behind a feature flag for now, with the intention of enabling it before 9.1 if we make it on time). Set the following flag, then you should see the new picker, at least on the pages with global header. `xpack.securitySolution.enableExperimental: ['newDataViewPickerEnabled']` **The most important thing**: Not setting the feature flag, you should be able to use the previous sourcerer component with no issues. Optional (this is WIP): On some pages, changing the view using that picker should result in changes to data loaded (inspect the queries made to see if the correct index is picked). --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Merged
2 tasks
christineweng
added a commit
that referenced
this pull request
Jun 10, 2025
… Data View Picker (#210585) (#223044) # Backport This will backport the following commits from `main` to `8.19`: - [[Security Solution][Sourcerer] Replace Sourcerer with Discover Data View Picker (#210585)](#210585) - [[Security Solution] Rename use_data_view to use_data_view_spec #216461](#216461) - [[Security Solution] Rename use full data view hook #216614](#216614) - [[Security Solution] Replace sourcerer in global header #216685](#216685) - [[Security Solution] Remove .title use in use_selected_patterns #216994](#216994) - [[Security Solution] Render default security solution data view with managed label #216961](#216961) - [[Security Solution] Replace sourcerer in analyzer #218183](#218183) - [[Security Solution] Replace use_sourcerer_data_view #216997](#216997) - [[Security Solution] Replace sourcerer in EQL tab with dataview picker #218897](#218897) - [[Security Solution][Sourcerer] replace use get scoped data view #220196](#220196) - [[Security Solution] renaming dataView to dataViewSpec and adding types for clarity #220718](#220718) - [[Security Solution][Sourcerer] Maintain url sync support #221737](#221737) - [[Security Solution][Data View Manager] Allow passing data view to query bar #220585](#220585) - [[Security Solution] Fix data view picker privilege #222122](#222122) <!--- Backport version: 10.0.0 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Luke Gmys","email":"11671118+lgestc@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-03-31T12:12:57Z","message":"[Security Solution][Sourcerer] Replace Sourcerer with Discover Data View Picker (#210585)\n\n# Unified Data View Picker: Phase 1 Implementation\nPart of https://github.com/elastic/security-team/issues/11959\n\n## What This PR Does\nThis PR represents the first step in our transition from the current\nSourcerer component to the new unified Data View Picker. Specifically,\nthis implementation:\n- Creates a new Data View Picker component\n- Implements feature flag protection for all changes\n- Handles asynchronous effects through Redux listener middleware\n- Establishes a new Redux store architecture to support ad hoc data\nviews infrastructure\n- Utilizes ad hoc data views to handle legacy patterns from series 7\n(replacing the previous upgrade data view flow)\n\nSee the readme for more info: \n```x-pack/solutions/security/plugins/security_solution/public/data_view_manager/readme.md```\n\n## What This PR Does NOT Cover\n- Does not affect screens other than Timelines\n- Does not modify the existing Sourcerer component in any way\n- Does not fully support all URL/local storage patterns\n\n## Implementation Notes\nWe've made several accommodations to support both Sourcerer and the new Data View Picker simultaneously during this transition period, including:\n- Some interfaces might look odd, especially the hooks that return the data view or patterns - this is intentional to support existing use cases\n- There are feature flag-based conditional statements throughout the code that will be removed once the transition is complete\n\n## Testing Instructions\n1. Add the following feature flag to your configuration:\n ```\n xpack.securitySolution.enableExperimental: ['newDataViewPickerEnabled']\n ```\n2. Navigate to the Timelines interface\n3. Test interactions with the new Data View Picker\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>","sha":"9679f2941550856d75e00c1faadd8c9669afe917","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:enhancement","backport:skip","Team: SecuritySolution","Team:Threat Hunting:Investigations","Feature:Sourcerer","9.1 candidate","v9.1.0"],"title":"[Security Solution][Sourcerer] Replace Sourcerer with Discover Data View Picker","number":210585,"url":"https://github.com/elastic/kibana/pull/210585","mergeCommit":{"message":"[Security Solution][Sourcerer] Replace Sourcerer with Discover Data View Picker (#210585)\n\n# Unified Data View Picker: Phase 1 Implementation\nPart of https://github.com/elastic/security-team/issues/11959\n\n## What This PR Does\nThis PR represents the first step in our transition from the current\nSourcerer component to the new unified Data View Picker. Specifically,\nthis implementation:\n- Creates a new Data View Picker component\n- Implements feature flag protection for all changes\n- Handles asynchronous effects through Redux listener middleware\n- Establishes a new Redux store architecture to support ad hoc data\nviews infrastructure\n- Utilizes ad hoc data views to handle legacy patterns from series 7\n(replacing the previous upgrade data view flow)\n\nSee the readme for more info: \n```x-pack/solutions/security/plugins/security_solution/public/data_view_manager/readme.md```\n\n## What This PR Does NOT Cover\n- Does not affect screens other than Timelines\n- Does not modify the existing Sourcerer component in any way\n- Does not fully support all URL/local storage patterns\n\n## Implementation Notes\nWe've made several accommodations to support both Sourcerer and the new Data View Picker simultaneously during this transition period, including:\n- Some interfaces might look odd, especially the hooks that return the data view or patterns - this is intentional to support existing use cases\n- There are feature flag-based conditional statements throughout the code that will be removed once the transition is complete\n\n## Testing Instructions\n1. Add the following feature flag to your configuration:\n ```\n xpack.securitySolution.enableExperimental: ['newDataViewPickerEnabled']\n ```\n2. Navigate to the Timelines interface\n3. Test interactions with the new Data View Picker\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>","sha":"9679f2941550856d75e00c1faadd8c9669afe917"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/210585","number":210585,"mergeCommit":{"message":"[Security Solution][Sourcerer] Replace Sourcerer with Discover Data View Picker (#210585)\n\n# Unified Data View Picker: Phase 1 Implementation\nPart of https://github.com/elastic/security-team/issues/11959\n\n## What This PR Does\nThis PR represents the first step in our transition from the current\nSourcerer component to the new unified Data View Picker. Specifically,\nthis implementation:\n- Creates a new Data View Picker component\n- Implements feature flag protection for all changes\n- Handles asynchronous effects through Redux listener middleware\n- Establishes a new Redux store architecture to support ad hoc data\nviews infrastructure\n- Utilizes ad hoc data views to handle legacy patterns from series 7\n(replacing the previous upgrade data view flow)\n\nSee the readme for more info: \n```x-pack/solutions/security/plugins/security_solution/public/data_view_manager/readme.md```\n\n## What This PR Does NOT Cover\n- Does not affect screens other than Timelines\n- Does not modify the existing Sourcerer component in any way\n- Does not fully support all URL/local storage patterns\n\n## Implementation Notes\nWe've made several accommodations to support both Sourcerer and the new Data View Picker simultaneously during this transition period, including:\n- Some interfaces might look odd, especially the hooks that return the data view or patterns - this is intentional to support existing use cases\n- There are feature flag-based conditional statements throughout the code that will be removed once the transition is complete\n\n## Testing Instructions\n1. Add the following feature flag to your configuration:\n ```\n xpack.securitySolution.enableExperimental: ['newDataViewPickerEnabled']\n ```\n2. Navigate to the Timelines interface\n3. Test interactions with the new Data View Picker\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>","sha":"9679f2941550856d75e00c1faadd8c9669afe917"}}]}] BACKPORT--> --------- Co-authored-by: Luke Gmys <11671118+lgestc@users.noreply.github.com> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Philippe Oberti <philippe.oberti@elastic.co>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
9 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR replaces
useSourcererDataViewhook / other apis based on the sourcerer component withthe new code using unified data view picker. (behind a feature flag for now, with the intention of enabling it before 9.1 if we make it on time).
Testing
Set the following flag, then you should see the new picker, at least on the pages with global header.
xpack.securitySolution.enableExperimental: ['newDataViewPickerEnabled']The most important thing: Not setting the feature flag, you should be able to use the previous sourcerer component with no issues.
Optional (this is WIP):
On some pages, changing the view using that picker should result in changes to data loaded (inspect the queries made to see if the correct index is picked).