Skip to content

[8.19] [Security Solution] [Detections] Fix flakey EQL shard test (#215757)#233535

Merged
rylnd merged 3 commits intoelastic:8.19from
rylnd:backport/8.19/pr-215757
Aug 29, 2025
Merged

[8.19] [Security Solution] [Detections] Fix flakey EQL shard test (#215757)#233535
rylnd merged 3 commits intoelastic:8.19from
rylnd:backport/8.19/pr-215757

Conversation

@rylnd
Copy link
Copy Markdown
Contributor

@rylnd rylnd commented Aug 29, 2025
edited
Loading

Backport

This will backport the following commits from main to 8.19:

Closes #209024; details can be found there.

Questions ?

Please refer to the Backport tool documentation

@dhurley14
[Security Solution] [Detections] Fix flakey EQL shard test (elastic#2…
140d1ee 
…15757)

## Summary

Ref: elastic#209024

Flake caused by occasionally hitting max signals on the "good" shard and
never triggering the error from the runtime field on the "bad" shard. By
moving the bad runtime field to the `packetbeat` index and changing the
rule query in the test to an `and` we can ensure the rule queries both
good and bad shards.

### Checklist

- [x] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed

(cherry picked from commit d869d47)

# Conflicts:
#	x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/eql/trial_license_complete_tier/eql.ts
@rylnd rylnd requested a review from kibanamachine as a code owner August 29, 2025 20:19
@rylnd rylnd added the backport This PR is a backport of another PR label Aug 29, 2025
@rylnd rylnd enabled auto-merge (squash) August 29, 2025 20:19
@rylnd rylnd mentioned this pull request Aug 29, 2025
Merged
1 task
@rylnd
Fix errant test descriptions
5032b82 
These look to have been modified in elastic#215757 due to what looks like a bad
find/replace; when I backported those changes to 8.19 I also 'ported
these mistakes 😅
@rylnd rylnd mentioned this pull request Aug 29, 2025
Closed
@rylnd rylnd merged commit 17f2dba into elastic:8.19 Aug 29, 2025
8 checks passed
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Aug 29, 2025

💚 Build Succeeded

Metrics [docs]

✅ unchanged

@rylnd rylnd deleted the backport/8.19/pr-215757 branch August 29, 2025 22:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yctercero yctercero yctercero approved these changes

@kibanamachine kibanamachine Awaiting requested review from kibanamachine kibanamachine is a code owner

Assignees

No one assigned

Labels

backport This PR is a backport of another PR

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@rylnd @elasticmachine @yctercero @dhurley14 @kibanamachine