[Investigations][DataViews] - Remove non-performant toSpec usage#225726
Merged
michaelolo24 merged 10 commits intoelastic:mainfrom Jul 15, 2025
Merged
[Investigations][DataViews] - Remove non-performant toSpec usage#225726michaelolo24 merged 10 commits intoelastic:mainfrom
michaelolo24 merged 10 commits intoelastic:mainfrom
Conversation
michaelolo24
force-pushed
the
remove-dataview-spec
branch
2 times, most recently
from
00e4aea to
b515a78
Compare
michaelolo24
added
release_note:skip
michaelolo24
force-pushed
the
remove-dataview-spec
branch
6 times, most recently
from
0c85253 to
9ec3fdc
Compare
Contributor
|
Pinging @elastic/security-threat-hunting-investigations (Team:Threat Hunting:Investigations) |
maximpn
reviewed
Jul 3, 2025
Comment on lines
247
to
248
| experimentalDataView?.fields?.getByName(EXECUTION_UUID_FIELD_NAME) || | ||
| oldSourcererDataView.fields?.[EXECUTION_UUID_FIELD_NAME], |
Contributor
There was a problem hiding this comment.
Shouldn't it check newDataViewPickerEnabled flag and pick the corresponding implementation?
Suggested change
| experimentalDataView?.fields?.getByName(EXECUTION_UUID_FIELD_NAME) || | |
| oldSourcererDataView.fields?.[EXECUTION_UUID_FIELD_NAME], | |
| newDataViewPickerEnabled ? experimentalDataView.fields?.getByName(EXECUTION_UUID_FIELD_NAME) : oldSourcererDataView.fields?.[EXECUTION_UUID_FIELD_NAME], |
Contributor
Author
There was a problem hiding this comment.
Yep, you're right. I relied on the presence of the DataView at first, but preferred the more explicit approach of using the flag, and just missed this one. Thanks!
maximpn
approved these changes
Jul 3, 2025
Contributor
maximpn
left a comment
maximpn
left a comment
There was a problem hiding this comment.
@michaelolo24 Thanks for replacing DataViewSpec with DataView 👍
I tested D&R side and haven't spotted any issues. The changes mostly trivial. I left a comment on possible improvement.
Besides that I'm curious that Data View Manager's useDataView hook only accepts dataViewManagerScope. The name sounds generic but the hook handles only sourcerer data views. Should it be renamed to useSourcererDataView?
Contributor
There was a problem hiding this comment.
I'd like to offer an alternative here. I'm not a fan of the idea of adding a prop that will be removed (hopefully) soon. Doing it this way will mean that we'll have to modify this file again when we're removing that code.
We could change the existing dataViewSpec prop to dataViewand have all the components handle the conversion from the DataViewSpec to DataView in those instead? That way the code in this combineQueries would be final (or as close as possible to).
If this is not feasible or too complex, then I'd suggest to rename the newly added newDataViewPickerEnabledDataView prop to just dataView and keep it alongside the already existing dataViewSpec one. That way when we're ready to clean all this up we just have to delete the dataViewSpec prop.
I'd also add some comments and maybe a deprecated sign to the dataViewSpec prop in the CombineQueries interface line 30 above in this file?
export interface CombineQueries {
config: EsQueryConfig;
dataProviders: DataProvider[];
/**
* blah
*/
dataView?: DataView;
/**
* @deprecated
*/
dataViewSpec?: DataViewSpec;
browserFields: BrowserFields;
filters: Filter[];
kqlQuery: Query;
kqlMode: string;
}And similar comments within the convertToBuildEsQuery function.
Contributor
Author
There was a problem hiding this comment.
This could be worse from a performance perspective because it would introduce additional logic to those components where they are either requesting the DataView based on the spec or creating it, to match this new API. It shouldn't be a performance hit if those DataViews are cached, but it could be. I can test it, but I actually prefer the second option you propose by deprecating the dataViewSpec. Regarding the name, I actually named it that so it didn't get forgotten or skipped since there would be no way for someone who is unaware of this PR to identify that it should be removed/modified during cleanup? I can also just create a ticket specifically for this 😅 . Anyways, lmk what you think? Will definitely add the deprecation message though 👍🏾
Contributor
There was a problem hiding this comment.
Regarding the name, I actually named it that so it didn't get forgotten or skipped since there would be no way for someone who is unaware of this PR to identify that it should be removed/modified during cleanup?
We will eventually want to change that newDataViewPickerEnabledDataView prop into dataView correct? If so I'd name it the correct name right now and be done with it. When we do the cleanup, we only have to remove the dataViewSpec... I feel like if we add documentation in the interfaced we have right now it should be clear to devs what they should use and what will have to be removed, no?
Contributor
Author
There was a problem hiding this comment.
Yep, that works for me!
Contributor
There was a problem hiding this comment.
What do you think about making dataView NOT optional here? This way it mimics more how the previous dataViewSpec prop was working...
I made the changes on this PR to your branch, type_check passes locally but have not ran any of the unit tests nor have I tested the UI locally yet.
wdyt?
Contributor
Author
There was a problem hiding this comment.
Done! Thanks for the PR 😄
Contributor
Author
@maximpn The scopes are actually the exact same. When all this work is done, sourcerer is going away in favor of the new DataViewManager. We need to replace the SourcererScopeName with the DataViewManagerScopeName. Will do that in a follow up PR. |
michaelolo24
force-pushed
the
remove-dataview-spec
branch
from
2876030 to
39138bc
Compare
Contributor
|
Starting backport for target branches: 8.19, 9.1 https://github.com/elastic/kibana/actions/runs/16281944962 |
Contributor
💔 All backports failed
Manual backportTo create the backport manually run: Questions ?Please refer to the Backport tool documentation |
This was referenced Jul 15, 2025
kibanamachine
added
the
backport missing
Contributor
|
Friendly reminder: Looks like this PR hasn’t been backported yet. |
This was referenced Jul 16, 2025
Merged
michaelolo24
added a commit
to michaelolo24/kibana
that referenced
this pull request
Jul 16, 2025
…stic#225726) ## Summary This PR looks to improve the performance of the application by using `DataView` in place of `DataViewSpec`. The currently used `DataViewSpec` turns out to not be performant at scale because it lacks caching, and performs quite a few nested iterations in the [DataView.toSpec](https://github.com/elastic/kibana/blob/27183690142a5590b4ad72d060c43cad869f3f3c/src/platform/plugins/shared/data_views/common/data_views/data_view.ts#L147) call as seen [here](https://github.com/elastic/kibana/blob/27183690142a5590b4ad72d060c43cad869f3f3c/src/platform/plugins/shared/data_views/common/data_views/abstract_data_views.ts#L391-L422), [here](https://github.com/elastic/kibana/blob/27183690142a5590b4ad72d060c43cad869f3f3c/src/platform/plugins/shared/data_views/common/fields/field_list.ts#L157-L159), and finally [here](https://github.com/elastic/kibana/blob/27183690142a5590b4ad72d060c43cad869f3f3c/src/platform/plugins/shared/data_views/common/fields/data_view_field.ts#L438-L440). While this may not be a significant issue at a few thousand fields, this does not scale well as the number of fields reaches the tens/hundreds of thousands. This PR makes the change to rely on the DataView instance directly, which is cached in memory. These performance impacts aren't seen currently as the new framework is currently disabled behind the below feature flag. ** Relevant configurations ** `xpack.securitySolution.enableExperimental: ['newDataViewPickerEnabled']` --------- Co-authored-by: PhilippeOberti <philippe.oberti@elastic.co> (cherry picked from commit 6294df6) # Conflicts: # x-pack/solutions/security/plugins/security_solution/public/entity_analytics/pages/entity_analytics_privileged_user_monitoring_page.tsx
Contributor
Author
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
michaelolo24
added a commit
to michaelolo24/kibana
that referenced
this pull request
Jul 16, 2025
…stic#225726) ## Summary This PR looks to improve the performance of the application by using `DataView` in place of `DataViewSpec`. The currently used `DataViewSpec` turns out to not be performant at scale because it lacks caching, and performs quite a few nested iterations in the [DataView.toSpec](https://github.com/elastic/kibana/blob/27183690142a5590b4ad72d060c43cad869f3f3c/src/platform/plugins/shared/data_views/common/data_views/data_view.ts#L147) call as seen [here](https://github.com/elastic/kibana/blob/27183690142a5590b4ad72d060c43cad869f3f3c/src/platform/plugins/shared/data_views/common/data_views/abstract_data_views.ts#L391-L422), [here](https://github.com/elastic/kibana/blob/27183690142a5590b4ad72d060c43cad869f3f3c/src/platform/plugins/shared/data_views/common/fields/field_list.ts#L157-L159), and finally [here](https://github.com/elastic/kibana/blob/27183690142a5590b4ad72d060c43cad869f3f3c/src/platform/plugins/shared/data_views/common/fields/data_view_field.ts#L438-L440). While this may not be a significant issue at a few thousand fields, this does not scale well as the number of fields reaches the tens/hundreds of thousands. This PR makes the change to rely on the DataView instance directly, which is cached in memory. These performance impacts aren't seen currently as the new framework is currently disabled behind the below feature flag. ** Relevant configurations ** `xpack.securitySolution.enableExperimental: ['newDataViewPickerEnabled']` --------- Co-authored-by: PhilippeOberti <philippe.oberti@elastic.co> (cherry picked from commit 6294df6) # Conflicts: # x-pack/solutions/security/plugins/security_solution/public/attack_discovery/pages/index.tsx # x-pack/solutions/security/plugins/security_solution/public/dashboards/pages/details/index.tsx # x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/index.tsx # x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/additional_toolbar_controls.tsx # x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/index.tsx # x-pack/solutions/security/plugins/security_solution/public/detections/pages/alerts/detection_engine.tsx # x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/risk_score_management/risk_score_preview_section.tsx # x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/top_risk_score_contributors_alerts/index.tsx # x-pack/solutions/security/plugins/security_solution/public/entity_analytics/pages/entity_analytics_privileged_user_monitoring_page.tsx # x-pack/solutions/security/plugins/security_solution/public/explore/hosts/pages/details/index.tsx # x-pack/solutions/security/plugins/security_solution/public/explore/hosts/pages/hosts.tsx # x-pack/solutions/security/plugins/security_solution/public/explore/network/pages/network.tsx # x-pack/solutions/security/plugins/security_solution/public/explore/users/pages/details/index.tsx
michaelolo24
added a commit
that referenced
this pull request
Jul 16, 2025
#225726) (#228342) # Backport This will backport the following commits from `main` to `9.1`: - [[Investigations][DataViews] - Remove non-performant toSpec usage (#225726)](#225726) <!--- Backport version: 10.0.1 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Michael Olorunnisola","email":"michael.olorunnisola@elastic.co"},"sourceCommit":{"committedDate":"2025-07-15T01:41:03Z","message":"[Investigations][DataViews] - Remove non-performant toSpec usage (#225726)\n\n## Summary\n\nThis PR looks to improve the performance of the application by using\n`DataView` in place of `DataViewSpec`. The currently used `DataViewSpec`\nturns out to not be performant at scale because it lacks caching, and\nperforms quite a few nested iterations in the\n[DataView.toSpec](https://github.com/elastic/kibana/blob/27183690142a5590b4ad72d060c43cad869f3f3c/src/platform/plugins/shared/data_views/common/data_views/data_view.ts#L147)\ncall as seen\n[here](https://github.com/elastic/kibana/blob/27183690142a5590b4ad72d060c43cad869f3f3c/src/platform/plugins/shared/data_views/common/data_views/abstract_data_views.ts#L391-L422),\n[here](https://github.com/elastic/kibana/blob/27183690142a5590b4ad72d060c43cad869f3f3c/src/platform/plugins/shared/data_views/common/fields/field_list.ts#L157-L159),\nand finally\n[here](https://github.com/elastic/kibana/blob/27183690142a5590b4ad72d060c43cad869f3f3c/src/platform/plugins/shared/data_views/common/fields/data_view_field.ts#L438-L440).\nWhile this may not be a significant issue at a few thousand fields, this\ndoes not scale well as the number of fields reaches the tens/hundreds of\nthousands.\n\nThis PR makes the change to rely on the DataView instance directly,\nwhich is cached in memory. These performance impacts aren't seen\ncurrently as the new framework is currently disabled behind the below\nfeature flag.\n\n** Relevant configurations **\n`xpack.securitySolution.enableExperimental:\n['newDataViewPickerEnabled']`\n\n---------\n\nCo-authored-by: PhilippeOberti <philippe.oberti@elastic.co>","sha":"6294df62575ad73f5feb5a20142b5e1fc49c3dbe","branchLabelMapping":{"^v9.2.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","backport missing","Team:Threat Hunting:Investigations","backport:version","v9.1.0","v8.19.0","v9.2.0"],"title":"[Investigations][DataViews] - Remove non-performant toSpec usage","number":225726,"url":"https://github.com/elastic/kibana/pull/225726","mergeCommit":{"message":"[Investigations][DataViews] - Remove non-performant toSpec usage (#225726)\n\n## Summary\n\nThis PR looks to improve the performance of the application by using\n`DataView` in place of `DataViewSpec`. The currently used `DataViewSpec`\nturns out to not be performant at scale because it lacks caching, and\nperforms quite a few nested iterations in the\n[DataView.toSpec](https://github.com/elastic/kibana/blob/27183690142a5590b4ad72d060c43cad869f3f3c/src/platform/plugins/shared/data_views/common/data_views/data_view.ts#L147)\ncall as seen\n[here](https://github.com/elastic/kibana/blob/27183690142a5590b4ad72d060c43cad869f3f3c/src/platform/plugins/shared/data_views/common/data_views/abstract_data_views.ts#L391-L422),\n[here](https://github.com/elastic/kibana/blob/27183690142a5590b4ad72d060c43cad869f3f3c/src/platform/plugins/shared/data_views/common/fields/field_list.ts#L157-L159),\nand finally\n[here](https://github.com/elastic/kibana/blob/27183690142a5590b4ad72d060c43cad869f3f3c/src/platform/plugins/shared/data_views/common/fields/data_view_field.ts#L438-L440).\nWhile this may not be a significant issue at a few thousand fields, this\ndoes not scale well as the number of fields reaches the tens/hundreds of\nthousands.\n\nThis PR makes the change to rely on the DataView instance directly,\nwhich is cached in memory. These performance impacts aren't seen\ncurrently as the new framework is currently disabled behind the below\nfeature flag.\n\n** Relevant configurations **\n`xpack.securitySolution.enableExperimental:\n['newDataViewPickerEnabled']`\n\n---------\n\nCo-authored-by: PhilippeOberti <philippe.oberti@elastic.co>","sha":"6294df62575ad73f5feb5a20142b5e1fc49c3dbe"}},"sourceBranch":"main","suggestedTargetBranches":["9.1","8.19"],"targetPullRequestStates":[{"branch":"9.1","label":"v9.1.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.19","label":"v8.19.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.2.0","branchLabelMappingKey":"^v9.2.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/225726","number":225726,"mergeCommit":{"message":"[Investigations][DataViews] - Remove non-performant toSpec usage (#225726)\n\n## Summary\n\nThis PR looks to improve the performance of the application by using\n`DataView` in place of `DataViewSpec`. The currently used `DataViewSpec`\nturns out to not be performant at scale because it lacks caching, and\nperforms quite a few nested iterations in the\n[DataView.toSpec](https://github.com/elastic/kibana/blob/27183690142a5590b4ad72d060c43cad869f3f3c/src/platform/plugins/shared/data_views/common/data_views/data_view.ts#L147)\ncall as seen\n[here](https://github.com/elastic/kibana/blob/27183690142a5590b4ad72d060c43cad869f3f3c/src/platform/plugins/shared/data_views/common/data_views/abstract_data_views.ts#L391-L422),\n[here](https://github.com/elastic/kibana/blob/27183690142a5590b4ad72d060c43cad869f3f3c/src/platform/plugins/shared/data_views/common/fields/field_list.ts#L157-L159),\nand finally\n[here](https://github.com/elastic/kibana/blob/27183690142a5590b4ad72d060c43cad869f3f3c/src/platform/plugins/shared/data_views/common/fields/data_view_field.ts#L438-L440).\nWhile this may not be a significant issue at a few thousand fields, this\ndoes not scale well as the number of fields reaches the tens/hundreds of\nthousands.\n\nThis PR makes the change to rely on the DataView instance directly,\nwhich is cached in memory. These performance impacts aren't seen\ncurrently as the new framework is currently disabled behind the below\nfeature flag.\n\n** Relevant configurations **\n`xpack.securitySolution.enableExperimental:\n['newDataViewPickerEnabled']`\n\n---------\n\nCo-authored-by: PhilippeOberti <philippe.oberti@elastic.co>","sha":"6294df62575ad73f5feb5a20142b5e1fc49c3dbe"}}]}] BACKPORT-->
Contributor
|
Looks like this PR has backport PRs but they still haven't been merged. Please merge them ASAP to keep the branches relatively in sync. |
michaelolo24
added a commit
that referenced
this pull request
Jul 17, 2025
…ge (#225726) (#228346) # Backport This will backport the following commits from `main` to `8.19`: - [[Investigations][DataViews] - Remove non-performant toSpec usage (#225726)](#225726) <!--- Backport version: 10.0.1 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Michael Olorunnisola","email":"michael.olorunnisola@elastic.co"},"sourceCommit":{"committedDate":"2025-07-15T01:41:03Z","message":"[Investigations][DataViews] - Remove non-performant toSpec usage (#225726)\n\n## Summary\n\nThis PR looks to improve the performance of the application by using\n`DataView` in place of `DataViewSpec`. The currently used `DataViewSpec`\nturns out to not be performant at scale because it lacks caching, and\nperforms quite a few nested iterations in the\n[DataView.toSpec](https://github.com/elastic/kibana/blob/27183690142a5590b4ad72d060c43cad869f3f3c/src/platform/plugins/shared/data_views/common/data_views/data_view.ts#L147)\ncall as seen\n[here](https://github.com/elastic/kibana/blob/27183690142a5590b4ad72d060c43cad869f3f3c/src/platform/plugins/shared/data_views/common/data_views/abstract_data_views.ts#L391-L422),\n[here](https://github.com/elastic/kibana/blob/27183690142a5590b4ad72d060c43cad869f3f3c/src/platform/plugins/shared/data_views/common/fields/field_list.ts#L157-L159),\nand finally\n[here](https://github.com/elastic/kibana/blob/27183690142a5590b4ad72d060c43cad869f3f3c/src/platform/plugins/shared/data_views/common/fields/data_view_field.ts#L438-L440).\nWhile this may not be a significant issue at a few thousand fields, this\ndoes not scale well as the number of fields reaches the tens/hundreds of\nthousands.\n\nThis PR makes the change to rely on the DataView instance directly,\nwhich is cached in memory. These performance impacts aren't seen\ncurrently as the new framework is currently disabled behind the below\nfeature flag.\n\n** Relevant configurations **\n`xpack.securitySolution.enableExperimental:\n['newDataViewPickerEnabled']`\n\n---------\n\nCo-authored-by: PhilippeOberti <philippe.oberti@elastic.co>","sha":"6294df62575ad73f5feb5a20142b5e1fc49c3dbe","branchLabelMapping":{"^v9.2.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","backport missing","Team:Threat Hunting:Investigations","backport:version","v9.1.0","v8.19.0","v9.2.0"],"title":"[Investigations][DataViews] - Remove non-performant toSpec usage","number":225726,"url":"https://github.com/elastic/kibana/pull/225726","mergeCommit":{"message":"[Investigations][DataViews] - Remove non-performant toSpec usage (#225726)\n\n## Summary\n\nThis PR looks to improve the performance of the application by using\n`DataView` in place of `DataViewSpec`. The currently used `DataViewSpec`\nturns out to not be performant at scale because it lacks caching, and\nperforms quite a few nested iterations in the\n[DataView.toSpec](https://github.com/elastic/kibana/blob/27183690142a5590b4ad72d060c43cad869f3f3c/src/platform/plugins/shared/data_views/common/data_views/data_view.ts#L147)\ncall as seen\n[here](https://github.com/elastic/kibana/blob/27183690142a5590b4ad72d060c43cad869f3f3c/src/platform/plugins/shared/data_views/common/data_views/abstract_data_views.ts#L391-L422),\n[here](https://github.com/elastic/kibana/blob/27183690142a5590b4ad72d060c43cad869f3f3c/src/platform/plugins/shared/data_views/common/fields/field_list.ts#L157-L159),\nand finally\n[here](https://github.com/elastic/kibana/blob/27183690142a5590b4ad72d060c43cad869f3f3c/src/platform/plugins/shared/data_views/common/fields/data_view_field.ts#L438-L440).\nWhile this may not be a significant issue at a few thousand fields, this\ndoes not scale well as the number of fields reaches the tens/hundreds of\nthousands.\n\nThis PR makes the change to rely on the DataView instance directly,\nwhich is cached in memory. These performance impacts aren't seen\ncurrently as the new framework is currently disabled behind the below\nfeature flag.\n\n** Relevant configurations **\n`xpack.securitySolution.enableExperimental:\n['newDataViewPickerEnabled']`\n\n---------\n\nCo-authored-by: PhilippeOberti <philippe.oberti@elastic.co>","sha":"6294df62575ad73f5feb5a20142b5e1fc49c3dbe"}},"sourceBranch":"main","suggestedTargetBranches":["9.1","8.19"],"targetPullRequestStates":[{"branch":"9.1","label":"v9.1.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.19","label":"v8.19.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.2.0","branchLabelMappingKey":"^v9.2.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/225726","number":225726,"mergeCommit":{"message":"[Investigations][DataViews] - Remove non-performant toSpec usage (#225726)\n\n## Summary\n\nThis PR looks to improve the performance of the application by using\n`DataView` in place of `DataViewSpec`. The currently used `DataViewSpec`\nturns out to not be performant at scale because it lacks caching, and\nperforms quite a few nested iterations in the\n[DataView.toSpec](https://github.com/elastic/kibana/blob/27183690142a5590b4ad72d060c43cad869f3f3c/src/platform/plugins/shared/data_views/common/data_views/data_view.ts#L147)\ncall as seen\n[here](https://github.com/elastic/kibana/blob/27183690142a5590b4ad72d060c43cad869f3f3c/src/platform/plugins/shared/data_views/common/data_views/abstract_data_views.ts#L391-L422),\n[here](https://github.com/elastic/kibana/blob/27183690142a5590b4ad72d060c43cad869f3f3c/src/platform/plugins/shared/data_views/common/fields/field_list.ts#L157-L159),\nand finally\n[here](https://github.com/elastic/kibana/blob/27183690142a5590b4ad72d060c43cad869f3f3c/src/platform/plugins/shared/data_views/common/fields/data_view_field.ts#L438-L440).\nWhile this may not be a significant issue at a few thousand fields, this\ndoes not scale well as the number of fields reaches the tens/hundreds of\nthousands.\n\nThis PR makes the change to rely on the DataView instance directly,\nwhich is cached in memory. These performance impacts aren't seen\ncurrently as the new framework is currently disabled behind the below\nfeature flag.\n\n** Relevant configurations **\n`xpack.securitySolution.enableExperimental:\n['newDataViewPickerEnabled']`\n\n---------\n\nCo-authored-by: PhilippeOberti <philippe.oberti@elastic.co>","sha":"6294df62575ad73f5feb5a20142b5e1fc49c3dbe"}}]}] BACKPORT--> --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Davis Plumlee <davis.plumlee@elastic.co> Co-authored-by: Davis Plumlee <56367316+dplumlee@users.noreply.github.com>
kibanamachine
removed
the
backport missing
Bluefinger
pushed a commit
to Bluefinger/kibana
that referenced
this pull request
Jul 22, 2025
…stic#225726) ## Summary This PR looks to improve the performance of the application by using `DataView` in place of `DataViewSpec`. The currently used `DataViewSpec` turns out to not be performant at scale because it lacks caching, and performs quite a few nested iterations in the [DataView.toSpec](https://github.com/elastic/kibana/blob/27183690142a5590b4ad72d060c43cad869f3f3c/src/platform/plugins/shared/data_views/common/data_views/data_view.ts#L147) call as seen [here](https://github.com/elastic/kibana/blob/27183690142a5590b4ad72d060c43cad869f3f3c/src/platform/plugins/shared/data_views/common/data_views/abstract_data_views.ts#L391-L422), [here](https://github.com/elastic/kibana/blob/27183690142a5590b4ad72d060c43cad869f3f3c/src/platform/plugins/shared/data_views/common/fields/field_list.ts#L157-L159), and finally [here](https://github.com/elastic/kibana/blob/27183690142a5590b4ad72d060c43cad869f3f3c/src/platform/plugins/shared/data_views/common/fields/data_view_field.ts#L438-L440). While this may not be a significant issue at a few thousand fields, this does not scale well as the number of fields reaches the tens/hundreds of thousands. This PR makes the change to rely on the DataView instance directly, which is cached in memory. These performance impacts aren't seen currently as the new framework is currently disabled behind the below feature flag. ** Relevant configurations ** `xpack.securitySolution.enableExperimental: ['newDataViewPickerEnabled']` --------- Co-authored-by: PhilippeOberti <philippe.oberti@elastic.co>
kertal
pushed a commit
to kertal/kibana
that referenced
this pull request
Jul 25, 2025
## Summary This PR looks to improve the performance of the newly introduced `useBrowserFields` implementation. The currently used `DataViewSpec.fields` isn't performant at scale and is not cached. Existing code is as follows: [DataView.toSpec](https://github.com/elastic/kibana/blob/27183690142a5590b4ad72d060c43cad869f3f3c/src/platform/plugins/shared/data_views/common/data_views/data_view.ts#L147) call as seen [here](https://github.com/elastic/kibana/blob/27183690142a5590b4ad72d060c43cad869f3f3c/src/platform/plugins/shared/data_views/common/data_views/abstract_data_views.ts#L391-L422), [here](https://github.com/elastic/kibana/blob/27183690142a5590b4ad72d060c43cad869f3f3c/src/platform/plugins/shared/data_views/common/fields/field_list.ts#L157-L159), and finally [here](https://github.com/elastic/kibana/blob/27183690142a5590b4ad72d060c43cad869f3f3c/src/platform/plugins/shared/data_views/common/fields/data_view_field.ts#L438-L440). While this may not be a significant issue at a few thousand fields, this does not scale well as the number of fields reaches the tens to hundreds of thousands. [Separate PR](elastic#225726) that moves away from spec usage to pure `DataView` usage The `useFieldsBrowser` hook is improved by relying directly on the DataView rather than the DataViewSpec. And there are improvements to the original sourcerer fieldBrowser calculation. Currently the use of `memoizeOne` doesn't actually work as the fields object passed to it is an object and not an array. A new fieldBrowserManager was introduced that caches based on the scope. Originally investigated caching via a `WeakMap` to avoid the scenario where all 4 (current) scopes cache the exact same DataView, but it looked like references to previously selected dataViews retained a strong reference in memory, which often led to all N number of selected dataViews being retained in the cache. The current approach is safer as the number of cached entries are capped at `DataViewManagerScopeName.length` ** Relevant configurations ** `xpack.securitySolution.enableExperimental: ['newDataViewPickerEnabled']`
kertal
pushed a commit
to kertal/kibana
that referenced
this pull request
Jul 25, 2025
…stic#225726) ## Summary This PR looks to improve the performance of the application by using `DataView` in place of `DataViewSpec`. The currently used `DataViewSpec` turns out to not be performant at scale because it lacks caching, and performs quite a few nested iterations in the [DataView.toSpec](https://github.com/elastic/kibana/blob/27183690142a5590b4ad72d060c43cad869f3f3c/src/platform/plugins/shared/data_views/common/data_views/data_view.ts#L147) call as seen [here](https://github.com/elastic/kibana/blob/27183690142a5590b4ad72d060c43cad869f3f3c/src/platform/plugins/shared/data_views/common/data_views/abstract_data_views.ts#L391-L422), [here](https://github.com/elastic/kibana/blob/27183690142a5590b4ad72d060c43cad869f3f3c/src/platform/plugins/shared/data_views/common/fields/field_list.ts#L157-L159), and finally [here](https://github.com/elastic/kibana/blob/27183690142a5590b4ad72d060c43cad869f3f3c/src/platform/plugins/shared/data_views/common/fields/data_view_field.ts#L438-L440). While this may not be a significant issue at a few thousand fields, this does not scale well as the number of fields reaches the tens/hundreds of thousands. This PR makes the change to rely on the DataView instance directly, which is cached in memory. These performance impacts aren't seen currently as the new framework is currently disabled behind the below feature flag. ** Relevant configurations ** `xpack.securitySolution.enableExperimental: ['newDataViewPickerEnabled']` --------- Co-authored-by: PhilippeOberti <philippe.oberti@elastic.co>
1 task
michaelolo24
added a commit
that referenced
this pull request
Sep 16, 2025
## Summary This PR fixes an issue with the alert page filtering when the below config is enabled: <img width="627" height="181" alt="image" src="https://github.com/user-attachments/assets/39fc9a61-d794-407d-bea9-16792c9a6535" /> When enabled, the config looks to make sure that searches are only done against index patterns that are mapped to the given dataView. When introducing the code to migrate to our new dataView picker [here](https://github.com/elastic/kibana/blob/9659a525327b2e46478f45d03ce39103848361cc/x-pack/solutions/security/plugins/security_solution/public/common/lib/kuery/index.ts#L231) in the following PR #225726, a check was done to only apply the new DataView when it was provided. To fix a separate issue regarding flashing of the alerts page, this following [initial dataView](https://github.com/elastic/kibana/blob/9659a525327b2e46478f45d03ce39103848361cc/x-pack/solutions/security/plugins/security_solution/public/data_view_manager/hooks/use_data_view.ts#L45) was introduced with this pr: #225675 In short, the dataView object was always defined, even if it was just an initial dataView leading to the fields being queried against not being mapped. The necessary checks are added in this PR ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Sep 16, 2025
## Summary This PR fixes an issue with the alert page filtering when the below config is enabled: <img width="627" height="181" alt="image" src="https://github.com/user-attachments/assets/39fc9a61-d794-407d-bea9-16792c9a6535" /> When enabled, the config looks to make sure that searches are only done against index patterns that are mapped to the given dataView. When introducing the code to migrate to our new dataView picker [here](https://github.com/elastic/kibana/blob/9659a525327b2e46478f45d03ce39103848361cc/x-pack/solutions/security/plugins/security_solution/public/common/lib/kuery/index.ts#L231) in the following PR elastic#225726, a check was done to only apply the new DataView when it was provided. To fix a separate issue regarding flashing of the alerts page, this following [initial dataView](https://github.com/elastic/kibana/blob/9659a525327b2e46478f45d03ce39103848361cc/x-pack/solutions/security/plugins/security_solution/public/data_view_manager/hooks/use_data_view.ts#L45) was introduced with this pr: elastic#225675 In short, the dataView object was always defined, even if it was just an initial dataView leading to the fields being queried against not being mapped. The necessary checks are added in this PR ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios (cherry picked from commit 128528c)
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Sep 16, 2025
## Summary This PR fixes an issue with the alert page filtering when the below config is enabled: <img width="627" height="181" alt="image" src="https://github.com/user-attachments/assets/39fc9a61-d794-407d-bea9-16792c9a6535" /> When enabled, the config looks to make sure that searches are only done against index patterns that are mapped to the given dataView. When introducing the code to migrate to our new dataView picker [here](https://github.com/elastic/kibana/blob/9659a525327b2e46478f45d03ce39103848361cc/x-pack/solutions/security/plugins/security_solution/public/common/lib/kuery/index.ts#L231) in the following PR elastic#225726, a check was done to only apply the new DataView when it was provided. To fix a separate issue regarding flashing of the alerts page, this following [initial dataView](https://github.com/elastic/kibana/blob/9659a525327b2e46478f45d03ce39103848361cc/x-pack/solutions/security/plugins/security_solution/public/data_view_manager/hooks/use_data_view.ts#L45) was introduced with this pr: elastic#225675 In short, the dataView object was always defined, even if it was just an initial dataView leading to the fields being queried against not being mapped. The necessary checks are added in this PR ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios (cherry picked from commit 128528c)
kibanamachine
added a commit
that referenced
this pull request
Sep 16, 2025
…35214) # Backport This will backport the following commits from `main` to `8.19`: - [[Investigations][Bug] - Check for empty dataView (#235144)](#235144) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Michael Olorunnisola","email":"michael.olorunnisola@elastic.co"},"sourceCommit":{"committedDate":"2025-09-16T14:09:44Z","message":"[Investigations][Bug] - Check for empty dataView (#235144)\n\n## Summary\n\nThis PR fixes an issue with the alert page filtering when the below\nconfig is enabled:\n\n<img width=\"627\" height=\"181\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/39fc9a61-d794-407d-bea9-16792c9a6535\"\n/>\n\nWhen enabled, the config looks to make sure that searches are only done\nagainst index patterns that are mapped to the given dataView. When\nintroducing the code to migrate to our new dataView picker\n[here](https://github.com/elastic/kibana/blob/9659a525327b2e46478f45d03ce39103848361cc/x-pack/solutions/security/plugins/security_solution/public/common/lib/kuery/index.ts#L231)\nin the following PR #225726, a\ncheck was done to only apply the new DataView when it was provided. To\nfix a separate issue regarding flashing of the alerts page, this\nfollowing [initial\ndataView](https://github.com/elastic/kibana/blob/9659a525327b2e46478f45d03ce39103848361cc/x-pack/solutions/security/plugins/security_solution/public/data_view_manager/hooks/use_data_view.ts#L45)\nwas introduced with this pr:\nhttps://github.com//pull/225675\n\nIn short, the dataView object was always defined, even if it was just an\ninitial dataView leading to the fields being queried against not being\nmapped.\n\nThe necessary checks are added in this PR\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios","sha":"128528cbfe123c5f0234824e5834755cab58b0c4","branchLabelMapping":{"^v9.2.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:fix","Team:Threat Hunting:Investigations","backport:version","v9.2.0","v9.1.4","v8.19.4","v8.19.5","v9.1.5"],"title":"[Investigations][Bug] - Check for empty dataView","number":235144,"url":"https://github.com/elastic/kibana/pull/235144","mergeCommit":{"message":"[Investigations][Bug] - Check for empty dataView (#235144)\n\n## Summary\n\nThis PR fixes an issue with the alert page filtering when the below\nconfig is enabled:\n\n<img width=\"627\" height=\"181\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/39fc9a61-d794-407d-bea9-16792c9a6535\"\n/>\n\nWhen enabled, the config looks to make sure that searches are only done\nagainst index patterns that are mapped to the given dataView. When\nintroducing the code to migrate to our new dataView picker\n[here](https://github.com/elastic/kibana/blob/9659a525327b2e46478f45d03ce39103848361cc/x-pack/solutions/security/plugins/security_solution/public/common/lib/kuery/index.ts#L231)\nin the following PR #225726, a\ncheck was done to only apply the new DataView when it was provided. To\nfix a separate issue regarding flashing of the alerts page, this\nfollowing [initial\ndataView](https://github.com/elastic/kibana/blob/9659a525327b2e46478f45d03ce39103848361cc/x-pack/solutions/security/plugins/security_solution/public/data_view_manager/hooks/use_data_view.ts#L45)\nwas introduced with this pr:\nhttps://github.com//pull/225675\n\nIn short, the dataView object was always defined, even if it was just an\ninitial dataView leading to the fields being queried against not being\nmapped.\n\nThe necessary checks are added in this PR\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios","sha":"128528cbfe123c5f0234824e5834755cab58b0c4"}},"sourceBranch":"main","suggestedTargetBranches":["9.1","8.19"],"targetPullRequestStates":[{"branch":"main","label":"v9.2.0","branchLabelMappingKey":"^v9.2.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/235144","number":235144,"mergeCommit":{"message":"[Investigations][Bug] - Check for empty dataView (#235144)\n\n## Summary\n\nThis PR fixes an issue with the alert page filtering when the below\nconfig is enabled:\n\n<img width=\"627\" height=\"181\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/39fc9a61-d794-407d-bea9-16792c9a6535\"\n/>\n\nWhen enabled, the config looks to make sure that searches are only done\nagainst index patterns that are mapped to the given dataView. When\nintroducing the code to migrate to our new dataView picker\n[here](https://github.com/elastic/kibana/blob/9659a525327b2e46478f45d03ce39103848361cc/x-pack/solutions/security/plugins/security_solution/public/common/lib/kuery/index.ts#L231)\nin the following PR #225726, a\ncheck was done to only apply the new DataView when it was provided. To\nfix a separate issue regarding flashing of the alerts page, this\nfollowing [initial\ndataView](https://github.com/elastic/kibana/blob/9659a525327b2e46478f45d03ce39103848361cc/x-pack/solutions/security/plugins/security_solution/public/data_view_manager/hooks/use_data_view.ts#L45)\nwas introduced with this pr:\nhttps://github.com//pull/225675\n\nIn short, the dataView object was always defined, even if it was just an\ninitial dataView leading to the fields being queried against not being\nmapped.\n\nThe necessary checks are added in this PR\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios","sha":"128528cbfe123c5f0234824e5834755cab58b0c4"}},{"branch":"9.1","label":"v9.1.4","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.19","label":"v8.19.4","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Michael Olorunnisola <michael.olorunnisola@elastic.co>
kibanamachine
added a commit
that referenced
this pull request
Sep 16, 2025
…5215) # Backport This will backport the following commits from `main` to `9.1`: - [[Investigations][Bug] - Check for empty dataView (#235144)](#235144) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Michael Olorunnisola","email":"michael.olorunnisola@elastic.co"},"sourceCommit":{"committedDate":"2025-09-16T14:09:44Z","message":"[Investigations][Bug] - Check for empty dataView (#235144)\n\n## Summary\n\nThis PR fixes an issue with the alert page filtering when the below\nconfig is enabled:\n\n<img width=\"627\" height=\"181\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/39fc9a61-d794-407d-bea9-16792c9a6535\"\n/>\n\nWhen enabled, the config looks to make sure that searches are only done\nagainst index patterns that are mapped to the given dataView. When\nintroducing the code to migrate to our new dataView picker\n[here](https://github.com/elastic/kibana/blob/9659a525327b2e46478f45d03ce39103848361cc/x-pack/solutions/security/plugins/security_solution/public/common/lib/kuery/index.ts#L231)\nin the following PR #225726, a\ncheck was done to only apply the new DataView when it was provided. To\nfix a separate issue regarding flashing of the alerts page, this\nfollowing [initial\ndataView](https://github.com/elastic/kibana/blob/9659a525327b2e46478f45d03ce39103848361cc/x-pack/solutions/security/plugins/security_solution/public/data_view_manager/hooks/use_data_view.ts#L45)\nwas introduced with this pr:\nhttps://github.com//pull/225675\n\nIn short, the dataView object was always defined, even if it was just an\ninitial dataView leading to the fields being queried against not being\nmapped.\n\nThe necessary checks are added in this PR\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios","sha":"128528cbfe123c5f0234824e5834755cab58b0c4","branchLabelMapping":{"^v9.2.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:fix","Team:Threat Hunting:Investigations","backport:version","v9.2.0","v9.1.4","v8.19.4","v8.19.5","v9.1.5"],"title":"[Investigations][Bug] - Check for empty dataView","number":235144,"url":"https://github.com/elastic/kibana/pull/235144","mergeCommit":{"message":"[Investigations][Bug] - Check for empty dataView (#235144)\n\n## Summary\n\nThis PR fixes an issue with the alert page filtering when the below\nconfig is enabled:\n\n<img width=\"627\" height=\"181\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/39fc9a61-d794-407d-bea9-16792c9a6535\"\n/>\n\nWhen enabled, the config looks to make sure that searches are only done\nagainst index patterns that are mapped to the given dataView. When\nintroducing the code to migrate to our new dataView picker\n[here](https://github.com/elastic/kibana/blob/9659a525327b2e46478f45d03ce39103848361cc/x-pack/solutions/security/plugins/security_solution/public/common/lib/kuery/index.ts#L231)\nin the following PR #225726, a\ncheck was done to only apply the new DataView when it was provided. To\nfix a separate issue regarding flashing of the alerts page, this\nfollowing [initial\ndataView](https://github.com/elastic/kibana/blob/9659a525327b2e46478f45d03ce39103848361cc/x-pack/solutions/security/plugins/security_solution/public/data_view_manager/hooks/use_data_view.ts#L45)\nwas introduced with this pr:\nhttps://github.com//pull/225675\n\nIn short, the dataView object was always defined, even if it was just an\ninitial dataView leading to the fields being queried against not being\nmapped.\n\nThe necessary checks are added in this PR\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios","sha":"128528cbfe123c5f0234824e5834755cab58b0c4"}},"sourceBranch":"main","suggestedTargetBranches":["9.1","8.19"],"targetPullRequestStates":[{"branch":"main","label":"v9.2.0","branchLabelMappingKey":"^v9.2.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/235144","number":235144,"mergeCommit":{"message":"[Investigations][Bug] - Check for empty dataView (#235144)\n\n## Summary\n\nThis PR fixes an issue with the alert page filtering when the below\nconfig is enabled:\n\n<img width=\"627\" height=\"181\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/39fc9a61-d794-407d-bea9-16792c9a6535\"\n/>\n\nWhen enabled, the config looks to make sure that searches are only done\nagainst index patterns that are mapped to the given dataView. When\nintroducing the code to migrate to our new dataView picker\n[here](https://github.com/elastic/kibana/blob/9659a525327b2e46478f45d03ce39103848361cc/x-pack/solutions/security/plugins/security_solution/public/common/lib/kuery/index.ts#L231)\nin the following PR #225726, a\ncheck was done to only apply the new DataView when it was provided. To\nfix a separate issue regarding flashing of the alerts page, this\nfollowing [initial\ndataView](https://github.com/elastic/kibana/blob/9659a525327b2e46478f45d03ce39103848361cc/x-pack/solutions/security/plugins/security_solution/public/data_view_manager/hooks/use_data_view.ts#L45)\nwas introduced with this pr:\nhttps://github.com//pull/225675\n\nIn short, the dataView object was always defined, even if it was just an\ninitial dataView leading to the fields being queried against not being\nmapped.\n\nThe necessary checks are added in this PR\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios","sha":"128528cbfe123c5f0234824e5834755cab58b0c4"}},{"branch":"9.1","label":"v9.1.4","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.19","label":"v8.19.4","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Michael Olorunnisola <michael.olorunnisola@elastic.co>
CAWilson94
pushed a commit
to CAWilson94/kibana
that referenced
this pull request
Sep 24, 2025
## Summary This PR fixes an issue with the alert page filtering when the below config is enabled: <img width="627" height="181" alt="image" src="https://github.com/user-attachments/assets/39fc9a61-d794-407d-bea9-16792c9a6535" /> When enabled, the config looks to make sure that searches are only done against index patterns that are mapped to the given dataView. When introducing the code to migrate to our new dataView picker [here](https://github.com/elastic/kibana/blob/9659a525327b2e46478f45d03ce39103848361cc/x-pack/solutions/security/plugins/security_solution/public/common/lib/kuery/index.ts#L231) in the following PR elastic#225726, a check was done to only apply the new DataView when it was provided. To fix a separate issue regarding flashing of the alerts page, this following [initial dataView](https://github.com/elastic/kibana/blob/9659a525327b2e46478f45d03ce39103848361cc/x-pack/solutions/security/plugins/security_solution/public/data_view_manager/hooks/use_data_view.ts#L45) was introduced with this pr: elastic#225675 In short, the dataView object was always defined, even if it was just an initial dataView leading to the fields being queried against not being mapped. The necessary checks are added in this PR ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
niros1
pushed a commit
that referenced
this pull request
Sep 30, 2025
## Summary This PR fixes an issue with the alert page filtering when the below config is enabled: <img width="627" height="181" alt="image" src="https://github.com/user-attachments/assets/39fc9a61-d794-407d-bea9-16792c9a6535" /> When enabled, the config looks to make sure that searches are only done against index patterns that are mapped to the given dataView. When introducing the code to migrate to our new dataView picker [here](https://github.com/elastic/kibana/blob/9659a525327b2e46478f45d03ce39103848361cc/x-pack/solutions/security/plugins/security_solution/public/common/lib/kuery/index.ts#L231) in the following PR #225726, a check was done to only apply the new DataView when it was provided. To fix a separate issue regarding flashing of the alerts page, this following [initial dataView](https://github.com/elastic/kibana/blob/9659a525327b2e46478f45d03ce39103848361cc/x-pack/solutions/security/plugins/security_solution/public/data_view_manager/hooks/use_data_view.ts#L45) was introduced with this pr: #225675 In short, the dataView object was always defined, even if it was just an initial dataView leading to the fields being queried against not being mapped. The necessary checks are added in this PR ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
rylnd
pushed a commit
to rylnd/kibana
that referenced
this pull request
Oct 17, 2025
## Summary This PR fixes an issue with the alert page filtering when the below config is enabled: <img width="627" height="181" alt="image" src="https://github.com/user-attachments/assets/39fc9a61-d794-407d-bea9-16792c9a6535" /> When enabled, the config looks to make sure that searches are only done against index patterns that are mapped to the given dataView. When introducing the code to migrate to our new dataView picker [here](https://github.com/elastic/kibana/blob/9659a525327b2e46478f45d03ce39103848361cc/x-pack/solutions/security/plugins/security_solution/public/common/lib/kuery/index.ts#L231) in the following PR elastic#225726, a check was done to only apply the new DataView when it was provided. To fix a separate issue regarding flashing of the alerts page, this following [initial dataView](https://github.com/elastic/kibana/blob/9659a525327b2e46478f45d03ce39103848361cc/x-pack/solutions/security/plugins/security_solution/public/data_view_manager/hooks/use_data_view.ts#L45) was introduced with this pr: elastic#225675 In short, the dataView object was always defined, even if it was just an initial dataView leading to the fields being queried against not being mapped. The necessary checks are added in this PR ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR looks to improve the performance of the application by using
DataViewin place ofDataViewSpec. The currently usedDataViewSpecturns out to not be performant at scale because it lacks caching, and performs quite a few nested iterations in the DataView.toSpec call as seen here, here, and finally here. While this may not be a significant issue at a few thousand fields, this does not scale well as the number of fields reaches the tens/hundreds of thousands.This PR makes the change to rely on the DataView instance directly, which is cached in memory. These performance impacts aren't seen currently as the new framework is currently disabled behind the below feature flag.
** Relevant configurations **
xpack.securitySolution.enableExperimental: ['newDataViewPickerEnabled']