[Security Solution] Replace sourcerer in EQL tab with dataview picker#218897
Merged
christineweng merged 2 commits intoelastic:mainfrom May 1, 2025
Merged
[Security Solution] Replace sourcerer in EQL tab with dataview picker#218897christineweng merged 2 commits intoelastic:mainfrom
christineweng merged 2 commits intoelastic:mainfrom
Conversation
christineweng
added
release_note:skip
christineweng
changed the title
christineweng
force-pushed
the
dp-eql-tab
branch
from
7b197b3 to
99ee298
Compare
Contributor
|
Pinging @elastic/security-threat-hunting-investigations (Team:Threat Hunting:Investigations) |
michaelolo24
approved these changes
Apr 29, 2025
Contributor
michaelolo24
left a comment
michaelolo24
left a comment
There was a problem hiding this comment.
Thanks for getting this replacement done!
Contributor
⏳ Build in-progress, with failures
Failed CI Steps
Test Failures
History
|
kapral18
added a commit
to kapral18/kibana
that referenced
this pull request
May 4, 2025
…ends-crash * main: (111 commits) [ResponseOps][Rules] Cases action title length too long (elastic#219226) [main] Sync bundled packages with Package Storage (elastic#219839) Fix ignored dynamic templates (elastic#219875) Enforce dependency review by kibana-security workflow (elastic#219262) [Security Solution] [Detections] Removes tech preview text from eql seq suppression ui (elastic#219870) [Security Solution] Fix alerts table potentially not applying alert assignees (elastic#219460) fix(slo): alert deletion (elastic#219876) [AI4DSOC] fix styling to address cutoff when screen is narrow (elastic#219306) [Security Solution][Endpoint] Response action create and history log API updates in of space awareness (elastic#218674) Update publish_oas_docs.sh to deploy Kibana Serverless API docs (elastic#219867) feat(slo): lock resource installation (elastic#219747) [AI4DSOC] Alert flyout code cleanup (elastic#219810) [fleet] fixing `isAgentlessDefault` config usage and readability improvements to `isAgentlessSetupDefault` (elastic#219423) feat(slo): Bulk delete UI (elastic#219634) m1 demo prep (elastic#219588) [Security Solution] Replace sourcerer in EQL tab with dataview picker (elastic#218897) [AI4DSOC] Attack discovery widget follow up follow up (elastic#219849) [AI Assistant] Fix some OpenAI models not accepting temperature for Inference service (elastic#218887) Update dependency msw to ~2.7.5 (main) (elastic#219289) Use new client URLs in doc link service (elastic#219600) ...
akowalska622
pushed a commit
to akowalska622/kibana
that referenced
this pull request
May 29, 2025
…elastic#218897) ## Summary Replace sourcerer with data view picker when feature flag `newDataViewPickerEnabled` is on. EQL tab should function properly with the flag on (dataview picker) and off (sourcerer)  ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
christineweng
added a commit
to christineweng/kibana
that referenced
this pull request
Jun 6, 2025
…elastic#218897) ## Summary Replace sourcerer with data view picker when feature flag `newDataViewPickerEnabled` is on. EQL tab should function properly with the flag on (dataview picker) and off (sourcerer)  ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
christineweng
added a commit
that referenced
this pull request
Jun 10, 2025
… Data View Picker (#210585) (#223044) # Backport This will backport the following commits from `main` to `8.19`: - [[Security Solution][Sourcerer] Replace Sourcerer with Discover Data View Picker (#210585)](#210585) - [[Security Solution] Rename use_data_view to use_data_view_spec #216461](#216461) - [[Security Solution] Rename use full data view hook #216614](#216614) - [[Security Solution] Replace sourcerer in global header #216685](#216685) - [[Security Solution] Remove .title use in use_selected_patterns #216994](#216994) - [[Security Solution] Render default security solution data view with managed label #216961](#216961) - [[Security Solution] Replace sourcerer in analyzer #218183](#218183) - [[Security Solution] Replace use_sourcerer_data_view #216997](#216997) - [[Security Solution] Replace sourcerer in EQL tab with dataview picker #218897](#218897) - [[Security Solution][Sourcerer] replace use get scoped data view #220196](#220196) - [[Security Solution] renaming dataView to dataViewSpec and adding types for clarity #220718](#220718) - [[Security Solution][Sourcerer] Maintain url sync support #221737](#221737) - [[Security Solution][Data View Manager] Allow passing data view to query bar #220585](#220585) - [[Security Solution] Fix data view picker privilege #222122](#222122) <!--- Backport version: 10.0.0 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Luke Gmys","email":"11671118+lgestc@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-03-31T12:12:57Z","message":"[Security Solution][Sourcerer] Replace Sourcerer with Discover Data View Picker (#210585)\n\n# Unified Data View Picker: Phase 1 Implementation\nPart of https://github.com/elastic/security-team/issues/11959\n\n## What This PR Does\nThis PR represents the first step in our transition from the current\nSourcerer component to the new unified Data View Picker. Specifically,\nthis implementation:\n- Creates a new Data View Picker component\n- Implements feature flag protection for all changes\n- Handles asynchronous effects through Redux listener middleware\n- Establishes a new Redux store architecture to support ad hoc data\nviews infrastructure\n- Utilizes ad hoc data views to handle legacy patterns from series 7\n(replacing the previous upgrade data view flow)\n\nSee the readme for more info: \n```x-pack/solutions/security/plugins/security_solution/public/data_view_manager/readme.md```\n\n## What This PR Does NOT Cover\n- Does not affect screens other than Timelines\n- Does not modify the existing Sourcerer component in any way\n- Does not fully support all URL/local storage patterns\n\n## Implementation Notes\nWe've made several accommodations to support both Sourcerer and the new Data View Picker simultaneously during this transition period, including:\n- Some interfaces might look odd, especially the hooks that return the data view or patterns - this is intentional to support existing use cases\n- There are feature flag-based conditional statements throughout the code that will be removed once the transition is complete\n\n## Testing Instructions\n1. Add the following feature flag to your configuration:\n ```\n xpack.securitySolution.enableExperimental: ['newDataViewPickerEnabled']\n ```\n2. Navigate to the Timelines interface\n3. Test interactions with the new Data View Picker\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>","sha":"9679f2941550856d75e00c1faadd8c9669afe917","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:enhancement","backport:skip","Team: SecuritySolution","Team:Threat Hunting:Investigations","Feature:Sourcerer","9.1 candidate","v9.1.0"],"title":"[Security Solution][Sourcerer] Replace Sourcerer with Discover Data View Picker","number":210585,"url":"https://github.com/elastic/kibana/pull/210585","mergeCommit":{"message":"[Security Solution][Sourcerer] Replace Sourcerer with Discover Data View Picker (#210585)\n\n# Unified Data View Picker: Phase 1 Implementation\nPart of https://github.com/elastic/security-team/issues/11959\n\n## What This PR Does\nThis PR represents the first step in our transition from the current\nSourcerer component to the new unified Data View Picker. Specifically,\nthis implementation:\n- Creates a new Data View Picker component\n- Implements feature flag protection for all changes\n- Handles asynchronous effects through Redux listener middleware\n- Establishes a new Redux store architecture to support ad hoc data\nviews infrastructure\n- Utilizes ad hoc data views to handle legacy patterns from series 7\n(replacing the previous upgrade data view flow)\n\nSee the readme for more info: \n```x-pack/solutions/security/plugins/security_solution/public/data_view_manager/readme.md```\n\n## What This PR Does NOT Cover\n- Does not affect screens other than Timelines\n- Does not modify the existing Sourcerer component in any way\n- Does not fully support all URL/local storage patterns\n\n## Implementation Notes\nWe've made several accommodations to support both Sourcerer and the new Data View Picker simultaneously during this transition period, including:\n- Some interfaces might look odd, especially the hooks that return the data view or patterns - this is intentional to support existing use cases\n- There are feature flag-based conditional statements throughout the code that will be removed once the transition is complete\n\n## Testing Instructions\n1. Add the following feature flag to your configuration:\n ```\n xpack.securitySolution.enableExperimental: ['newDataViewPickerEnabled']\n ```\n2. Navigate to the Timelines interface\n3. Test interactions with the new Data View Picker\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>","sha":"9679f2941550856d75e00c1faadd8c9669afe917"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/210585","number":210585,"mergeCommit":{"message":"[Security Solution][Sourcerer] Replace Sourcerer with Discover Data View Picker (#210585)\n\n# Unified Data View Picker: Phase 1 Implementation\nPart of https://github.com/elastic/security-team/issues/11959\n\n## What This PR Does\nThis PR represents the first step in our transition from the current\nSourcerer component to the new unified Data View Picker. Specifically,\nthis implementation:\n- Creates a new Data View Picker component\n- Implements feature flag protection for all changes\n- Handles asynchronous effects through Redux listener middleware\n- Establishes a new Redux store architecture to support ad hoc data\nviews infrastructure\n- Utilizes ad hoc data views to handle legacy patterns from series 7\n(replacing the previous upgrade data view flow)\n\nSee the readme for more info: \n```x-pack/solutions/security/plugins/security_solution/public/data_view_manager/readme.md```\n\n## What This PR Does NOT Cover\n- Does not affect screens other than Timelines\n- Does not modify the existing Sourcerer component in any way\n- Does not fully support all URL/local storage patterns\n\n## Implementation Notes\nWe've made several accommodations to support both Sourcerer and the new Data View Picker simultaneously during this transition period, including:\n- Some interfaces might look odd, especially the hooks that return the data view or patterns - this is intentional to support existing use cases\n- There are feature flag-based conditional statements throughout the code that will be removed once the transition is complete\n\n## Testing Instructions\n1. Add the following feature flag to your configuration:\n ```\n xpack.securitySolution.enableExperimental: ['newDataViewPickerEnabled']\n ```\n2. Navigate to the Timelines interface\n3. Test interactions with the new Data View Picker\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>","sha":"9679f2941550856d75e00c1faadd8c9669afe917"}}]}] BACKPORT--> --------- Co-authored-by: Luke Gmys <11671118+lgestc@users.noreply.github.com> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Philippe Oberti <philippe.oberti@elastic.co>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Replace sourcerer with data view picker when feature flag
newDataViewPickerEnabledis on. EQL tab should function properly with the flag on (dataview picker) and off (sourcerer)Checklist
release_note:*label is applied per the guidelines