Skip to content

Comments

[SecuritySolution] Fix search indices that was returning unmapped fields#225245

Merged
machadoum merged 1 commit intoelastic:mainfrom
machadoum:siem-ea-fix-search-privmon-indices
Jun 26, 2025
Merged

[SecuritySolution] Fix search indices that was returning unmapped fields#225245
machadoum merged 1 commit intoelastic:mainfrom
machadoum:siem-ea-fix-search-privmon-indices

Conversation

@machadoum
Copy link
Member

@machadoum machadoum commented Jun 25, 2025

Summary

The bug: A field with the expected name user.name.keyword but with the wrong mapping was returned.

How to fix it? fieldCaps was returning unmapped mixed with mapped fields. This change forces the API to return the fields property with a list of all indices matching user.name.keyword.

More information on this slack 🧵

How to test it?

  • Create an index with the correct mapping
PUT /test-index1
{
  "mappings": {
    "properties": {
      "user.name.keyword": {
        "type": "text"
      }
    }
  }
}
  • Create an index with the wrong mapping
PUT /test-index2
{
  "mappings": {
    "properties": {
      "user.name.keyword": {
        "type": "text"
      }
    }
  }
}
  • Go to the manage data sources page
  • Only test-index1 should be returned

@machadoum machadoum self-assigned this Jun 25, 2025
@machadoum machadoum added release_note:skip Skip the PR/issue when compiling release notes backport:version Backport to applied version labels v9.0.1 labels Jun 25, 2025
@machadoum machadoum marked this pull request as ready for review June 25, 2025 09:58
@machadoum machadoum requested a review from a team as a code owner June 25, 2025 09:58
@machadoum machadoum requested a review from tiansivive June 25, 2025 09:58
Copy link
Contributor

@tiansivive tiansivive left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! 🚀

@elasticmachine
Copy link
Contributor

💛 Build succeeded, but was flaky

Failed CI Steps

Test Failures

  • [job] [logs] FTR Configs #93 / Cloud Security Posture Test adding Cloud Security Posture Integrations CSPM AWS CIS_AWS Organization Manual Direct Access CIS_AWS Organization Manual Direct Access Workflow

Metrics [docs]

✅ unchanged

cc @machadoum

Copy link
Contributor

@CAWilson94 CAWilson94 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code LGTM 🚀 🐛

@machadoum machadoum merged commit cc6a2a9 into elastic:main Jun 26, 2025
19 checks passed
@kibanamachine
Copy link
Contributor

Starting backport for target branches: 9.0

https://github.com/elastic/kibana/actions/runs/15900379069

@kibanamachine
Copy link
Contributor

💔 All backports failed

Status Branch Result
9.0 Backport failed because of merge conflicts

You might need to backport the following PRs to 9.0:
- [SecuritySolution] Render the security solution's default empty page when no index is available (#225282)
- Remove playwright-chromium package from dependencies (#225221)
- Adds missing model Claude 3.7 to accepted models (#224943)

Manual backport

To create the backport manually run:

node scripts/backport --pr 225245

Questions ?

Please refer to the Backport tool documentation

@kibanamachine kibanamachine added the backport missing Added to PRs automatically when the are determined to be missing a backport. label Jun 27, 2025
@kibanamachine
Copy link
Contributor

Friendly reminder: Looks like this PR hasn’t been backported yet.
To create automatically backports add a backport:* label or prevent reminders by adding the backport:skip label.
You can also create backports manually by running node scripts/backport --pr 225245 locally
cc: @machadoum

1 similar comment
@kibanamachine
Copy link
Contributor

Friendly reminder: Looks like this PR hasn’t been backported yet.
To create automatically backports add a backport:* label or prevent reminders by adding the backport:skip label.
You can also create backports manually by running node scripts/backport --pr 225245 locally
cc: @machadoum

@machadoum machadoum removed the v9.0.1 label Jun 30, 2025
@kibanamachine
Copy link
Contributor

Friendly reminder: Looks like this PR hasn’t been backported yet.
To create automatically backports add a backport:* label or prevent reminders by adding the backport:skip label.
You can also create backports manually by running node scripts/backport --pr 225245 locally
cc: @machadoum

4 similar comments
@kibanamachine
Copy link
Contributor

Friendly reminder: Looks like this PR hasn’t been backported yet.
To create automatically backports add a backport:* label or prevent reminders by adding the backport:skip label.
You can also create backports manually by running node scripts/backport --pr 225245 locally
cc: @machadoum

@kibanamachine
Copy link
Contributor

Friendly reminder: Looks like this PR hasn’t been backported yet.
To create automatically backports add a backport:* label or prevent reminders by adding the backport:skip label.
You can also create backports manually by running node scripts/backport --pr 225245 locally
cc: @machadoum

@kibanamachine
Copy link
Contributor

Friendly reminder: Looks like this PR hasn’t been backported yet.
To create automatically backports add a backport:* label or prevent reminders by adding the backport:skip label.
You can also create backports manually by running node scripts/backport --pr 225245 locally
cc: @machadoum

@kibanamachine
Copy link
Contributor

Friendly reminder: Looks like this PR hasn’t been backported yet.
To create automatically backports add a backport:* label or prevent reminders by adding the backport:skip label.
You can also create backports manually by running node scripts/backport --pr 225245 locally
cc: @machadoum

@machadoum machadoum removed backport missing Added to PRs automatically when the are determined to be missing a backport. backport:version Backport to applied version labels v9.1.0 labels Jul 8, 2025
@kibanamachine kibanamachine added the backport missing Added to PRs automatically when the are determined to be missing a backport. label Jul 9, 2025
@kibanamachine
Copy link
Contributor

Friendly reminder: Looks like this PR hasn’t been backported yet.
To create automatically backports add a backport:* label or prevent reminders by adding the backport:skip label.
You can also create backports manually by running node scripts/backport --pr 225245 locally
cc: @machadoum

@kibanamachine
Copy link
Contributor

Friendly reminder: Looks like this PR hasn’t been backported yet.
To create automatically backports add a backport:* label or prevent reminders by adding the backport:skip label.
You can also create backports manually by running node scripts/backport --pr 225245 locally
cc: @machadoum

2 similar comments
@kibanamachine
Copy link
Contributor

Friendly reminder: Looks like this PR hasn’t been backported yet.
To create automatically backports add a backport:* label or prevent reminders by adding the backport:skip label.
You can also create backports manually by running node scripts/backport --pr 225245 locally
cc: @machadoum

@kibanamachine
Copy link
Contributor

Friendly reminder: Looks like this PR hasn’t been backported yet.
To create automatically backports add a backport:* label or prevent reminders by adding the backport:skip label.
You can also create backports manually by running node scripts/backport --pr 225245 locally
cc: @machadoum

@machadoum machadoum removed the backport missing Added to PRs automatically when the are determined to be missing a backport. label Jul 15, 2025
@kibanamachine kibanamachine added the backport missing Added to PRs automatically when the are determined to be missing a backport. label Jul 16, 2025
@kibanamachine
Copy link
Contributor

Friendly reminder: Looks like this PR hasn’t been backported yet.
To create automatically backports add a backport:* label or prevent reminders by adding the backport:skip label.
You can also create backports manually by running node scripts/backport --pr 225245 locally
cc: @machadoum

@machadoum machadoum added backport:skip This PR does not require backporting and removed backport missing Added to PRs automatically when the are determined to be missing a backport. labels Jul 17, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

backport:skip This PR does not require backporting release_note:skip Skip the PR/issue when compiling release notes

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants