[Security Solution] turn on newDataViewPickerEnabled feature flag#234101
Merged
PhilippeOberti merged 2 commits intoelastic:mainfrom Oct 1, 2025
Merged
Conversation
PhilippeOberti
added
release_note:feature
PhilippeOberti
force-pushed
the
turn-on-newDataViewPickerEnabled-ff
branch
3 times, most recently
from
74e6c7e to
e51c30e
Compare
PhilippeOberti
force-pushed
the
turn-on-newDataViewPickerEnabled-ff
branch
3 times, most recently
from
51ce162 to
c32ec93
Compare
Contributor
💔 Build Failed
Failed CI Steps
Test Failures
Metrics [docs]Async chunks
History
|
PhilippeOberti
force-pushed
the
turn-on-newDataViewPickerEnabled-ff
branch
3 times, most recently
from
bb99aeb to
04c0b59
Compare
PhilippeOberti
force-pushed
the
turn-on-newDataViewPickerEnabled-ff
branch
3 times, most recently
from
3c97362 to
b7ea0ec
Compare
Contributor
|
Pinging @elastic/security-threat-hunting-investigations (Team:Threat Hunting:Investigations) |
jkelas
reviewed
Sep 30, 2025
| setShowBuildingBlockAlerts(isBuildingBlockTypeNotNull); | ||
| }, [isBuildingBlockTypeNotNull, setShowBuildingBlockAlerts]); | ||
| const isBuildingBlockTypeNotNull = rule?.building_block_type != null; | ||
| setShowBuildingBlockAlerts(isBuildingBlockTypeNotNull); |
Contributor
There was a problem hiding this comment.
Why this change?
Moving setShowBuildingBlockAlerts (which dispatches) into render introduces a side-effect during render and may cause potential loops.
Contributor
Author
There was a problem hiding this comment.
I spend over an entire day troubleshooting an issue where this Cypress test was failing. For some (still) unknown reason, the table was not showing the building block alerts.
Debugging this was extremely challenging as the current code in this index.tsx file is a bit of a nightmare (no offense). The page is re-rendering so many times before even showing anything on the screen, it's impossible to know what happens and why... Changing that useEffect fixed the issue without changing any of the behavior. I know it's not ideal but after spending hours on this I was running out of ideas... :(
Contributor
Author
There was a problem hiding this comment.
If you prefer me not changing this file, then I'l revert the change and will skip the Cypress test (which is owned by our team)
Contributor
There was a problem hiding this comment.
I am against this change, as it's an anti-pattern.
I think that ideally you could improve it this way: let the useDataTableFilters hook accept an override for building_block_type.
You would then skip calling the setShowBuildingBlockAlerts in the index.ts file, because that logic would already be included in the hook. The calling of the hook would look something like this:
const { showBuildingBlockAlerts, showOnlyThreatIndicatorAlerts } = useDataTableFilters(
TableId.alertsOnRuleDetailsPage,
{
buildingBlockOverride: rule?.building_block_type != null,
}
);
The code in the hook would look like this:
export type UseDataTableFilters = (
tableId: TableId,
options?: {
buildingBlockOverride?: boolean;
}
) => {
showBuildingBlockAlerts: boolean;
setShowBuildingBlockAlerts: (value: boolean) => void;
showOnlyThreatIndicatorAlerts: boolean;
setShowOnlyThreatIndicatorAlerts: (value: boolean) => void;
};
export const useDataTableFilters: UseDataTableFilters = (tableId: TableId, options) => {
const dispatch = useDispatch();
const getTable = useMemo(() => dataTableSelectors.getTableByIdSelector(), []);
const { showOnlyThreatIndicatorAlerts, showBuildingBlockAlerts: stateShowBuildingBlockAlerts } =
useShallowEqualSelector(
(state) =>
(getTable(state, tableId) ?? tableDefaults).additionalFilters ??
tableDefaults.additionalFilters
);
// Use override value if provided, otherwise use state value
const showBuildingBlockAlerts = options?.buildingBlockOverride ?? stateShowBuildingBlockAlerts;
...
Please try this approach. If it doesn't work, then you would have to skip the test.
I agree that the code in this file might benefit from a refactoring, but that's something for a different time. If you wish, please create a ticket for us and describe the issue and the need for refactoring this as a way to unskip the test.
Contributor
Author
There was a problem hiding this comment.
I spent a little bit more time and decided to revert the change and skip our Cypress test.
The funny thing is with the useEffect, the Cypress test is stuck in an infinite re-rendering loop. Removing the useEffect fixes that... 🤣
tiansivive
approved these changes
Sep 30, 2025
Contributor
tiansivive
left a comment
tiansivive
left a comment
There was a problem hiding this comment.
Entity Analytics changes LGTM
PhilippeOberti
force-pushed
the
turn-on-newDataViewPickerEnabled-ff
branch
2 times, most recently
from
77b7cc2 to
5d718bb
Compare
NicholasPeretti
approved these changes
Oct 1, 2025
Contributor
NicholasPeretti
left a comment
NicholasPeretti
left a comment
There was a problem hiding this comment.
This looks great!
Works nice on my machine as well 🚀
| ); | ||
| await waitFor(() => { | ||
| expect(getByTestId('EmbeddedMapComponent')).toBeInTheDocument(); | ||
| describe('newDataViewPickerEnabled disabled', () => { |
Contributor
There was a problem hiding this comment.
Very nice changes in the test file! 🚀
PhilippeOberti
force-pushed
the
turn-on-newDataViewPickerEnabled-ff
branch
from
5d718bb to
a2d7a75
Compare
Contributor
💔 Build Failed
Failed CI StepsTest Failures
Metrics [docs]
History
|
kibanamachine
added
backport:skip
This was referenced Oct 3, 2025
PhilippeOberti
added a commit
that referenced
this pull request
Oct 10, 2025
…and Security solution alerts data views when needed (#238354) ## Summary This PR aims at fixing a UI issue related to the data view picker changes we made recently in Security Solution. After enabling the `dataViewPickerEnabled` feature flag (see [this PR](#234101)) we realized that the `Security solution default` and `Security solution alerts` aren't displayed properly. This is only visible within an environment that had those data view existing before turning on the feature flag. Instead of showing `Security solution default` we show this <img width="562" height="366" alt="Screenshot 2025-10-09 at 4 10 40 PM" src="https://github.com/user-attachments/assets/3b59501e-f1ae-460d-b26c-b46f876ea772" /> And instead of showing `Security solution alerts` we show this <img width="558" height="404" alt="Screenshot 2025-10-09 at 4 10 18 PM" src="https://github.com/user-attachments/assets/f50a0eb7-a5f2-41e0-8018-28d9ddf92ee6" /> Looking at the Data Views screen under Stack Management, we indeed see that the names are matching what we see in the data view picker <img width="734" height="655" alt="Screenshot 2025-10-09 at 4 11 46 PM" src="https://github.com/user-attachments/assets/ebc743e8-91d9-4ac1-8992-85290db59f10" /> For the `Security solution default` data view, we added the name in [this PR](#224333). For the `Security solution alerts` data view, we created the alert index and the corresponding data view in [this PR](#224144). But we changed both names in [this PR](#231374) (from `Default security data view` to `Security solution default` and from `Security alert data view` to `Security solution alerts` respectively). This means that if one of these data views was created either without a name or with an old name, that name would persist and be visible within the new data view picker. ## The fix This PR makes a simple fix: if the names of the saved object differ from what we expect (only for the `default` and `alerts` data views), we update the saved object. Here's en example of the data view being updated after a refresh https://github.com/user-attachments/assets/4ef8c623-3e45-4a57-93bb-0464c3189f67 ### Checklist - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [x] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels.
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Oct 10, 2025
…and Security solution alerts data views when needed (elastic#238354) ## Summary This PR aims at fixing a UI issue related to the data view picker changes we made recently in Security Solution. After enabling the `dataViewPickerEnabled` feature flag (see [this PR](elastic#234101)) we realized that the `Security solution default` and `Security solution alerts` aren't displayed properly. This is only visible within an environment that had those data view existing before turning on the feature flag. Instead of showing `Security solution default` we show this <img width="562" height="366" alt="Screenshot 2025-10-09 at 4 10 40 PM" src="https://github.com/user-attachments/assets/3b59501e-f1ae-460d-b26c-b46f876ea772" /> And instead of showing `Security solution alerts` we show this <img width="558" height="404" alt="Screenshot 2025-10-09 at 4 10 18 PM" src="https://github.com/user-attachments/assets/f50a0eb7-a5f2-41e0-8018-28d9ddf92ee6" /> Looking at the Data Views screen under Stack Management, we indeed see that the names are matching what we see in the data view picker <img width="734" height="655" alt="Screenshot 2025-10-09 at 4 11 46 PM" src="https://github.com/user-attachments/assets/ebc743e8-91d9-4ac1-8992-85290db59f10" /> For the `Security solution default` data view, we added the name in [this PR](elastic#224333). For the `Security solution alerts` data view, we created the alert index and the corresponding data view in [this PR](elastic#224144). But we changed both names in [this PR](elastic#231374) (from `Default security data view` to `Security solution default` and from `Security alert data view` to `Security solution alerts` respectively). This means that if one of these data views was created either without a name or with an old name, that name would persist and be visible within the new data view picker. ## The fix This PR makes a simple fix: if the names of the saved object differ from what we expect (only for the `default` and `alerts` data views), we update the saved object. Here's en example of the data view being updated after a refresh https://github.com/user-attachments/assets/4ef8c623-3e45-4a57-93bb-0464c3189f67 ### Checklist - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [x] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. (cherry picked from commit 4f30b77)
kibanamachine
added a commit
that referenced
this pull request
Oct 10, 2025
…fault and Security solution alerts data views when needed (#238354) (#238525) # Backport This will backport the following commits from `main` to `9.2`: - [[Security Solution] update the name of the Security solution default and Security solution alerts data views when needed (#238354)](#238354) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Philippe Oberti","email":"philippe.oberti@elastic.co"},"sourceCommit":{"committedDate":"2025-10-10T17:27:38Z","message":"[Security Solution] update the name of the Security solution default and Security solution alerts data views when needed (#238354)\n\n## Summary\n\nThis PR aims at fixing a UI issue related to the data view picker\nchanges we made recently in Security Solution. After enabling the\n`dataViewPickerEnabled` feature flag (see [this\nPR](#234101)) we realized that the\n`Security solution default` and `Security solution alerts` aren't\ndisplayed properly.\nThis is only visible within an environment that had those data view\nexisting before turning on the feature flag.\n\nInstead of showing `Security solution default` we show this\n<img width=\"562\" height=\"366\" alt=\"Screenshot 2025-10-09 at 4 10 40 PM\"\nsrc=\"https://github.com/user-attachments/assets/3b59501e-f1ae-460d-b26c-b46f876ea772\"\n/>\n\nAnd instead of showing `Security solution alerts` we show this\n<img width=\"558\" height=\"404\" alt=\"Screenshot 2025-10-09 at 4 10 18 PM\"\nsrc=\"https://github.com/user-attachments/assets/f50a0eb7-a5f2-41e0-8018-28d9ddf92ee6\"\n/>\n\nLooking at the Data Views screen under Stack Management, we indeed see\nthat the names are matching what we see in the data view picker\n<img width=\"734\" height=\"655\" alt=\"Screenshot 2025-10-09 at 4 11 46 PM\"\nsrc=\"https://github.com/user-attachments/assets/ebc743e8-91d9-4ac1-8992-85290db59f10\"\n/>\n\nFor the `Security solution default` data view, we added the name in\n[this PR](https://github.com/elastic/kibana/pull/224333).\nFor the `Security solution alerts` data view, we created the alert index\nand the corresponding data view in [this\nPR](https://github.com/elastic/kibana/pull/224144).\nBut we changed both names in [this\nPR](#231374) (from `Default\nsecurity data view` to `Security solution default` and from `Security\nalert data view` to `Security solution alerts` respectively).\n\nThis means that if one of these data views was created either without a\nname or with an old name, that name would persist and be visible within\nthe new data view picker.\n\n## The fix\n\nThis PR makes a simple fix: if the names of the saved object differ from\nwhat we expect (only for the `default` and `alerts` data views), we\nupdate the saved object.\n\nHere's en example of the data view being updated after a refresh\n\n\nhttps://github.com/user-attachments/assets/4ef8c623-3e45-4a57-93bb-0464c3189f67\n\n### Checklist\n\n- [x] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [x] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.","sha":"4f30b775602edd56a04e600b50d8a1f948ab8acc","branchLabelMapping":{"^v9.3.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","Team:Threat Hunting:Investigations","backport:version","v9.2.0","v9.3.0"],"title":"[Security Solution] update the name of the Security solution default and Security solution alerts data views when needed","number":238354,"url":"https://github.com/elastic/kibana/pull/238354","mergeCommit":{"message":"[Security Solution] update the name of the Security solution default and Security solution alerts data views when needed (#238354)\n\n## Summary\n\nThis PR aims at fixing a UI issue related to the data view picker\nchanges we made recently in Security Solution. After enabling the\n`dataViewPickerEnabled` feature flag (see [this\nPR](#234101)) we realized that the\n`Security solution default` and `Security solution alerts` aren't\ndisplayed properly.\nThis is only visible within an environment that had those data view\nexisting before turning on the feature flag.\n\nInstead of showing `Security solution default` we show this\n<img width=\"562\" height=\"366\" alt=\"Screenshot 2025-10-09 at 4 10 40 PM\"\nsrc=\"https://github.com/user-attachments/assets/3b59501e-f1ae-460d-b26c-b46f876ea772\"\n/>\n\nAnd instead of showing `Security solution alerts` we show this\n<img width=\"558\" height=\"404\" alt=\"Screenshot 2025-10-09 at 4 10 18 PM\"\nsrc=\"https://github.com/user-attachments/assets/f50a0eb7-a5f2-41e0-8018-28d9ddf92ee6\"\n/>\n\nLooking at the Data Views screen under Stack Management, we indeed see\nthat the names are matching what we see in the data view picker\n<img width=\"734\" height=\"655\" alt=\"Screenshot 2025-10-09 at 4 11 46 PM\"\nsrc=\"https://github.com/user-attachments/assets/ebc743e8-91d9-4ac1-8992-85290db59f10\"\n/>\n\nFor the `Security solution default` data view, we added the name in\n[this PR](https://github.com/elastic/kibana/pull/224333).\nFor the `Security solution alerts` data view, we created the alert index\nand the corresponding data view in [this\nPR](https://github.com/elastic/kibana/pull/224144).\nBut we changed both names in [this\nPR](#231374) (from `Default\nsecurity data view` to `Security solution default` and from `Security\nalert data view` to `Security solution alerts` respectively).\n\nThis means that if one of these data views was created either without a\nname or with an old name, that name would persist and be visible within\nthe new data view picker.\n\n## The fix\n\nThis PR makes a simple fix: if the names of the saved object differ from\nwhat we expect (only for the `default` and `alerts` data views), we\nupdate the saved object.\n\nHere's en example of the data view being updated after a refresh\n\n\nhttps://github.com/user-attachments/assets/4ef8c623-3e45-4a57-93bb-0464c3189f67\n\n### Checklist\n\n- [x] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [x] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.","sha":"4f30b775602edd56a04e600b50d8a1f948ab8acc"}},"sourceBranch":"main","suggestedTargetBranches":["9.2"],"targetPullRequestStates":[{"branch":"9.2","label":"v9.2.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.3.0","branchLabelMappingKey":"^v9.3.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/238354","number":238354,"mergeCommit":{"message":"[Security Solution] update the name of the Security solution default and Security solution alerts data views when needed (#238354)\n\n## Summary\n\nThis PR aims at fixing a UI issue related to the data view picker\nchanges we made recently in Security Solution. After enabling the\n`dataViewPickerEnabled` feature flag (see [this\nPR](#234101)) we realized that the\n`Security solution default` and `Security solution alerts` aren't\ndisplayed properly.\nThis is only visible within an environment that had those data view\nexisting before turning on the feature flag.\n\nInstead of showing `Security solution default` we show this\n<img width=\"562\" height=\"366\" alt=\"Screenshot 2025-10-09 at 4 10 40 PM\"\nsrc=\"https://github.com/user-attachments/assets/3b59501e-f1ae-460d-b26c-b46f876ea772\"\n/>\n\nAnd instead of showing `Security solution alerts` we show this\n<img width=\"558\" height=\"404\" alt=\"Screenshot 2025-10-09 at 4 10 18 PM\"\nsrc=\"https://github.com/user-attachments/assets/f50a0eb7-a5f2-41e0-8018-28d9ddf92ee6\"\n/>\n\nLooking at the Data Views screen under Stack Management, we indeed see\nthat the names are matching what we see in the data view picker\n<img width=\"734\" height=\"655\" alt=\"Screenshot 2025-10-09 at 4 11 46 PM\"\nsrc=\"https://github.com/user-attachments/assets/ebc743e8-91d9-4ac1-8992-85290db59f10\"\n/>\n\nFor the `Security solution default` data view, we added the name in\n[this PR](https://github.com/elastic/kibana/pull/224333).\nFor the `Security solution alerts` data view, we created the alert index\nand the corresponding data view in [this\nPR](https://github.com/elastic/kibana/pull/224144).\nBut we changed both names in [this\nPR](#231374) (from `Default\nsecurity data view` to `Security solution default` and from `Security\nalert data view` to `Security solution alerts` respectively).\n\nThis means that if one of these data views was created either without a\nname or with an old name, that name would persist and be visible within\nthe new data view picker.\n\n## The fix\n\nThis PR makes a simple fix: if the names of the saved object differ from\nwhat we expect (only for the `default` and `alerts` data views), we\nupdate the saved object.\n\nHere's en example of the data view being updated after a refresh\n\n\nhttps://github.com/user-attachments/assets/4ef8c623-3e45-4a57-93bb-0464c3189f67\n\n### Checklist\n\n- [x] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [x] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.","sha":"4f30b775602edd56a04e600b50d8a1f948ab8acc"}}]}] BACKPORT--> Co-authored-by: Philippe Oberti <philippe.oberti@elastic.co>
rylnd
pushed a commit
to rylnd/kibana
that referenced
this pull request
Oct 17, 2025
…astic#234101) ## Summary This PR turns on the `newDataViewPickerEnabled` feature flag. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [x] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. elastic#234088
rylnd
pushed a commit
to rylnd/kibana
that referenced
this pull request
Oct 17, 2025
…and Security solution alerts data views when needed (elastic#238354) ## Summary This PR aims at fixing a UI issue related to the data view picker changes we made recently in Security Solution. After enabling the `dataViewPickerEnabled` feature flag (see [this PR](elastic#234101)) we realized that the `Security solution default` and `Security solution alerts` aren't displayed properly. This is only visible within an environment that had those data view existing before turning on the feature flag. Instead of showing `Security solution default` we show this <img width="562" height="366" alt="Screenshot 2025-10-09 at 4 10 40 PM" src="https://github.com/user-attachments/assets/3b59501e-f1ae-460d-b26c-b46f876ea772" /> And instead of showing `Security solution alerts` we show this <img width="558" height="404" alt="Screenshot 2025-10-09 at 4 10 18 PM" src="https://github.com/user-attachments/assets/f50a0eb7-a5f2-41e0-8018-28d9ddf92ee6" /> Looking at the Data Views screen under Stack Management, we indeed see that the names are matching what we see in the data view picker <img width="734" height="655" alt="Screenshot 2025-10-09 at 4 11 46 PM" src="https://github.com/user-attachments/assets/ebc743e8-91d9-4ac1-8992-85290db59f10" /> For the `Security solution default` data view, we added the name in [this PR](elastic#224333). For the `Security solution alerts` data view, we created the alert index and the corresponding data view in [this PR](elastic#224144). But we changed both names in [this PR](elastic#231374) (from `Default security data view` to `Security solution default` and from `Security alert data view` to `Security solution alerts` respectively). This means that if one of these data views was created either without a name or with an old name, that name would persist and be visible within the new data view picker. ## The fix This PR makes a simple fix: if the names of the saved object differ from what we expect (only for the `default` and `alerts` data views), we update the saved object. Here's en example of the data view being updated after a refresh https://github.com/user-attachments/assets/4ef8c623-3e45-4a57-93bb-0464c3189f67 ### Checklist - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [x] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels.
nickpeihl
pushed a commit
to nickpeihl/kibana
that referenced
this pull request
Oct 23, 2025
…and Security solution alerts data views when needed (elastic#238354) ## Summary This PR aims at fixing a UI issue related to the data view picker changes we made recently in Security Solution. After enabling the `dataViewPickerEnabled` feature flag (see [this PR](elastic#234101)) we realized that the `Security solution default` and `Security solution alerts` aren't displayed properly. This is only visible within an environment that had those data view existing before turning on the feature flag. Instead of showing `Security solution default` we show this <img width="562" height="366" alt="Screenshot 2025-10-09 at 4 10 40 PM" src="https://github.com/user-attachments/assets/3b59501e-f1ae-460d-b26c-b46f876ea772" /> And instead of showing `Security solution alerts` we show this <img width="558" height="404" alt="Screenshot 2025-10-09 at 4 10 18 PM" src="https://github.com/user-attachments/assets/f50a0eb7-a5f2-41e0-8018-28d9ddf92ee6" /> Looking at the Data Views screen under Stack Management, we indeed see that the names are matching what we see in the data view picker <img width="734" height="655" alt="Screenshot 2025-10-09 at 4 11 46 PM" src="https://github.com/user-attachments/assets/ebc743e8-91d9-4ac1-8992-85290db59f10" /> For the `Security solution default` data view, we added the name in [this PR](elastic#224333). For the `Security solution alerts` data view, we created the alert index and the corresponding data view in [this PR](elastic#224144). But we changed both names in [this PR](elastic#231374) (from `Default security data view` to `Security solution default` and from `Security alert data view` to `Security solution alerts` respectively). This means that if one of these data views was created either without a name or with an old name, that name would persist and be visible within the new data view picker. ## The fix This PR makes a simple fix: if the names of the saved object differ from what we expect (only for the `default` and `alerts` data views), we update the saved object. Here's en example of the data view being updated after a refresh https://github.com/user-attachments/assets/4ef8c623-3e45-4a57-93bb-0464c3189f67 ### Checklist - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [x] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels.
NicholasPeretti
pushed a commit
to NicholasPeretti/kibana
that referenced
this pull request
Oct 27, 2025
…and Security solution alerts data views when needed (elastic#238354) ## Summary This PR aims at fixing a UI issue related to the data view picker changes we made recently in Security Solution. After enabling the `dataViewPickerEnabled` feature flag (see [this PR](elastic#234101)) we realized that the `Security solution default` and `Security solution alerts` aren't displayed properly. This is only visible within an environment that had those data view existing before turning on the feature flag. Instead of showing `Security solution default` we show this <img width="562" height="366" alt="Screenshot 2025-10-09 at 4 10 40 PM" src="https://github.com/user-attachments/assets/3b59501e-f1ae-460d-b26c-b46f876ea772" /> And instead of showing `Security solution alerts` we show this <img width="558" height="404" alt="Screenshot 2025-10-09 at 4 10 18 PM" src="https://github.com/user-attachments/assets/f50a0eb7-a5f2-41e0-8018-28d9ddf92ee6" /> Looking at the Data Views screen under Stack Management, we indeed see that the names are matching what we see in the data view picker <img width="734" height="655" alt="Screenshot 2025-10-09 at 4 11 46 PM" src="https://github.com/user-attachments/assets/ebc743e8-91d9-4ac1-8992-85290db59f10" /> For the `Security solution default` data view, we added the name in [this PR](elastic#224333). For the `Security solution alerts` data view, we created the alert index and the corresponding data view in [this PR](elastic#224144). But we changed both names in [this PR](elastic#231374) (from `Default security data view` to `Security solution default` and from `Security alert data view` to `Security solution alerts` respectively). This means that if one of these data views was created either without a name or with an old name, that name would persist and be visible within the new data view picker. ## The fix This PR makes a simple fix: if the names of the saved object differ from what we expect (only for the `default` and `alerts` data views), we update the saved object. Here's en example of the data view being updated after a refresh https://github.com/user-attachments/assets/4ef8c623-3e45-4a57-93bb-0464c3189f67 ### Checklist - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [x] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels.
3 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR turns on the
newDataViewPickerEnabledfeature flag.Checklist
release_note:*label is applied per the guidelinesbackport:*labels.#234088