[Investigations][Bug] - Fix alert page filtering by checking for empty dataView#235144
Merged
michaelolo24 merged 4 commits intoelastic:mainfrom Sep 16, 2025
Merged
Conversation
michaelolo24
added
bug
Contributor
|
Pinging @elastic/security-threat-hunting-investigations (Team:Threat Hunting:Investigations) |
PhilippeOberti
approved these changes
Sep 15, 2025
Contributor
There was a problem hiding this comment.
Thanks for fixing this! I left a couple of minor non-blocker comments.
If I understand correctly, this was introduced in 9.1 but kind of fixed/hidden by my alerts page refactor PR, as in this one we don't display anything until the dataView is fully ready... That's why we couldn't reproduce it on main, correct?
| filters: Filter[]; | ||
| }): [string, undefined] | [undefined, Error] => { | ||
| try { | ||
| const newDataViewExists = dataView?.id && dataView?.title; |
Contributor
There was a problem hiding this comment.
Any reason for using title here which is deprecated? Why not using getIndexPattern()?
Also maybe even better, we could use this hasMatchedIndices function?
Contributor
Author
There was a problem hiding this comment.
I'll change it, but the definition for getIndexPattern() is
getIndexPattern = () => this.title;
😅. And I'm not using matchedIndices as the check is primarily against whether or not the dataView is empty (our INIT_DV in useDataView.ts) vs whether there are any matching indices in the env. I would prefer to pass down the newDataViewPickerEnabled check, but the surface area for that change is larger for a patch fix.
Contributor
There was a problem hiding this comment.
I'll change it, but the definition for getIndexPattern() is getIndexPattern = () => this.title;
Yup yup I know, it's just if someone wants to remove the export of this.title then it's one less place to change 😉
Thanks for updating it!
michaelolo24
force-pushed
the
fix-alert-page-filtering
branch
from
4d712c0 to
769cc1f
Compare
Contributor
|
desk tested that this fixed the bug on main, lgtm 👍 |
Contributor
I am able to reproduce on main, you need to enable the advanced setting: |
Contributor
Author
@PhilippeOberti no not really. This one actually happens because by default we don't check if the field is in a given dataView when searching, if you follow the code path here: specificallyfilterMatchesIndex you'll see that the failure happens because the dataView that it's checking against doesn't actually have the fields since the useDataView always returns a dataView now..even though it's empty
|
michaelolo24
force-pushed
the
fix-alert-page-filtering
branch
from
64eb1f5 to
094bcc3
Compare
Contributor
|
Starting backport for target branches: 8.19, 9.1 https://github.com/elastic/kibana/actions/runs/17768603604 |
Contributor
💚 Build Succeeded
Metrics [docs]Async chunks
Saved Objects .kibana field count
History
|
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Sep 16, 2025
## Summary This PR fixes an issue with the alert page filtering when the below config is enabled: <img width="627" height="181" alt="image" src="https://github.com/user-attachments/assets/39fc9a61-d794-407d-bea9-16792c9a6535" /> When enabled, the config looks to make sure that searches are only done against index patterns that are mapped to the given dataView. When introducing the code to migrate to our new dataView picker [here](https://github.com/elastic/kibana/blob/9659a525327b2e46478f45d03ce39103848361cc/x-pack/solutions/security/plugins/security_solution/public/common/lib/kuery/index.ts#L231) in the following PR elastic#225726, a check was done to only apply the new DataView when it was provided. To fix a separate issue regarding flashing of the alerts page, this following [initial dataView](https://github.com/elastic/kibana/blob/9659a525327b2e46478f45d03ce39103848361cc/x-pack/solutions/security/plugins/security_solution/public/data_view_manager/hooks/use_data_view.ts#L45) was introduced with this pr: elastic#225675 In short, the dataView object was always defined, even if it was just an initial dataView leading to the fields being queried against not being mapped. The necessary checks are added in this PR ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios (cherry picked from commit 128528c)
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Sep 16, 2025
## Summary This PR fixes an issue with the alert page filtering when the below config is enabled: <img width="627" height="181" alt="image" src="https://github.com/user-attachments/assets/39fc9a61-d794-407d-bea9-16792c9a6535" /> When enabled, the config looks to make sure that searches are only done against index patterns that are mapped to the given dataView. When introducing the code to migrate to our new dataView picker [here](https://github.com/elastic/kibana/blob/9659a525327b2e46478f45d03ce39103848361cc/x-pack/solutions/security/plugins/security_solution/public/common/lib/kuery/index.ts#L231) in the following PR elastic#225726, a check was done to only apply the new DataView when it was provided. To fix a separate issue regarding flashing of the alerts page, this following [initial dataView](https://github.com/elastic/kibana/blob/9659a525327b2e46478f45d03ce39103848361cc/x-pack/solutions/security/plugins/security_solution/public/data_view_manager/hooks/use_data_view.ts#L45) was introduced with this pr: elastic#225675 In short, the dataView object was always defined, even if it was just an initial dataView leading to the fields being queried against not being mapped. The necessary checks are added in this PR ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios (cherry picked from commit 128528c)
Contributor
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
kibanamachine
added a commit
that referenced
this pull request
Sep 16, 2025
…35214) # Backport This will backport the following commits from `main` to `8.19`: - [[Investigations][Bug] - Check for empty dataView (#235144)](#235144) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Michael Olorunnisola","email":"michael.olorunnisola@elastic.co"},"sourceCommit":{"committedDate":"2025-09-16T14:09:44Z","message":"[Investigations][Bug] - Check for empty dataView (#235144)\n\n## Summary\n\nThis PR fixes an issue with the alert page filtering when the below\nconfig is enabled:\n\n<img width=\"627\" height=\"181\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/39fc9a61-d794-407d-bea9-16792c9a6535\"\n/>\n\nWhen enabled, the config looks to make sure that searches are only done\nagainst index patterns that are mapped to the given dataView. When\nintroducing the code to migrate to our new dataView picker\n[here](https://github.com/elastic/kibana/blob/9659a525327b2e46478f45d03ce39103848361cc/x-pack/solutions/security/plugins/security_solution/public/common/lib/kuery/index.ts#L231)\nin the following PR #225726, a\ncheck was done to only apply the new DataView when it was provided. To\nfix a separate issue regarding flashing of the alerts page, this\nfollowing [initial\ndataView](https://github.com/elastic/kibana/blob/9659a525327b2e46478f45d03ce39103848361cc/x-pack/solutions/security/plugins/security_solution/public/data_view_manager/hooks/use_data_view.ts#L45)\nwas introduced with this pr:\nhttps://github.com//pull/225675\n\nIn short, the dataView object was always defined, even if it was just an\ninitial dataView leading to the fields being queried against not being\nmapped.\n\nThe necessary checks are added in this PR\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios","sha":"128528cbfe123c5f0234824e5834755cab58b0c4","branchLabelMapping":{"^v9.2.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:fix","Team:Threat Hunting:Investigations","backport:version","v9.2.0","v9.1.4","v8.19.4","v8.19.5","v9.1.5"],"title":"[Investigations][Bug] - Check for empty dataView","number":235144,"url":"https://github.com/elastic/kibana/pull/235144","mergeCommit":{"message":"[Investigations][Bug] - Check for empty dataView (#235144)\n\n## Summary\n\nThis PR fixes an issue with the alert page filtering when the below\nconfig is enabled:\n\n<img width=\"627\" height=\"181\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/39fc9a61-d794-407d-bea9-16792c9a6535\"\n/>\n\nWhen enabled, the config looks to make sure that searches are only done\nagainst index patterns that are mapped to the given dataView. When\nintroducing the code to migrate to our new dataView picker\n[here](https://github.com/elastic/kibana/blob/9659a525327b2e46478f45d03ce39103848361cc/x-pack/solutions/security/plugins/security_solution/public/common/lib/kuery/index.ts#L231)\nin the following PR #225726, a\ncheck was done to only apply the new DataView when it was provided. To\nfix a separate issue regarding flashing of the alerts page, this\nfollowing [initial\ndataView](https://github.com/elastic/kibana/blob/9659a525327b2e46478f45d03ce39103848361cc/x-pack/solutions/security/plugins/security_solution/public/data_view_manager/hooks/use_data_view.ts#L45)\nwas introduced with this pr:\nhttps://github.com//pull/225675\n\nIn short, the dataView object was always defined, even if it was just an\ninitial dataView leading to the fields being queried against not being\nmapped.\n\nThe necessary checks are added in this PR\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios","sha":"128528cbfe123c5f0234824e5834755cab58b0c4"}},"sourceBranch":"main","suggestedTargetBranches":["9.1","8.19"],"targetPullRequestStates":[{"branch":"main","label":"v9.2.0","branchLabelMappingKey":"^v9.2.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/235144","number":235144,"mergeCommit":{"message":"[Investigations][Bug] - Check for empty dataView (#235144)\n\n## Summary\n\nThis PR fixes an issue with the alert page filtering when the below\nconfig is enabled:\n\n<img width=\"627\" height=\"181\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/39fc9a61-d794-407d-bea9-16792c9a6535\"\n/>\n\nWhen enabled, the config looks to make sure that searches are only done\nagainst index patterns that are mapped to the given dataView. When\nintroducing the code to migrate to our new dataView picker\n[here](https://github.com/elastic/kibana/blob/9659a525327b2e46478f45d03ce39103848361cc/x-pack/solutions/security/plugins/security_solution/public/common/lib/kuery/index.ts#L231)\nin the following PR #225726, a\ncheck was done to only apply the new DataView when it was provided. To\nfix a separate issue regarding flashing of the alerts page, this\nfollowing [initial\ndataView](https://github.com/elastic/kibana/blob/9659a525327b2e46478f45d03ce39103848361cc/x-pack/solutions/security/plugins/security_solution/public/data_view_manager/hooks/use_data_view.ts#L45)\nwas introduced with this pr:\nhttps://github.com//pull/225675\n\nIn short, the dataView object was always defined, even if it was just an\ninitial dataView leading to the fields being queried against not being\nmapped.\n\nThe necessary checks are added in this PR\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios","sha":"128528cbfe123c5f0234824e5834755cab58b0c4"}},{"branch":"9.1","label":"v9.1.4","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.19","label":"v8.19.4","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Michael Olorunnisola <michael.olorunnisola@elastic.co>
kibanamachine
added a commit
that referenced
this pull request
Sep 16, 2025
…5215) # Backport This will backport the following commits from `main` to `9.1`: - [[Investigations][Bug] - Check for empty dataView (#235144)](#235144) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Michael Olorunnisola","email":"michael.olorunnisola@elastic.co"},"sourceCommit":{"committedDate":"2025-09-16T14:09:44Z","message":"[Investigations][Bug] - Check for empty dataView (#235144)\n\n## Summary\n\nThis PR fixes an issue with the alert page filtering when the below\nconfig is enabled:\n\n<img width=\"627\" height=\"181\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/39fc9a61-d794-407d-bea9-16792c9a6535\"\n/>\n\nWhen enabled, the config looks to make sure that searches are only done\nagainst index patterns that are mapped to the given dataView. When\nintroducing the code to migrate to our new dataView picker\n[here](https://github.com/elastic/kibana/blob/9659a525327b2e46478f45d03ce39103848361cc/x-pack/solutions/security/plugins/security_solution/public/common/lib/kuery/index.ts#L231)\nin the following PR #225726, a\ncheck was done to only apply the new DataView when it was provided. To\nfix a separate issue regarding flashing of the alerts page, this\nfollowing [initial\ndataView](https://github.com/elastic/kibana/blob/9659a525327b2e46478f45d03ce39103848361cc/x-pack/solutions/security/plugins/security_solution/public/data_view_manager/hooks/use_data_view.ts#L45)\nwas introduced with this pr:\nhttps://github.com//pull/225675\n\nIn short, the dataView object was always defined, even if it was just an\ninitial dataView leading to the fields being queried against not being\nmapped.\n\nThe necessary checks are added in this PR\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios","sha":"128528cbfe123c5f0234824e5834755cab58b0c4","branchLabelMapping":{"^v9.2.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:fix","Team:Threat Hunting:Investigations","backport:version","v9.2.0","v9.1.4","v8.19.4","v8.19.5","v9.1.5"],"title":"[Investigations][Bug] - Check for empty dataView","number":235144,"url":"https://github.com/elastic/kibana/pull/235144","mergeCommit":{"message":"[Investigations][Bug] - Check for empty dataView (#235144)\n\n## Summary\n\nThis PR fixes an issue with the alert page filtering when the below\nconfig is enabled:\n\n<img width=\"627\" height=\"181\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/39fc9a61-d794-407d-bea9-16792c9a6535\"\n/>\n\nWhen enabled, the config looks to make sure that searches are only done\nagainst index patterns that are mapped to the given dataView. When\nintroducing the code to migrate to our new dataView picker\n[here](https://github.com/elastic/kibana/blob/9659a525327b2e46478f45d03ce39103848361cc/x-pack/solutions/security/plugins/security_solution/public/common/lib/kuery/index.ts#L231)\nin the following PR #225726, a\ncheck was done to only apply the new DataView when it was provided. To\nfix a separate issue regarding flashing of the alerts page, this\nfollowing [initial\ndataView](https://github.com/elastic/kibana/blob/9659a525327b2e46478f45d03ce39103848361cc/x-pack/solutions/security/plugins/security_solution/public/data_view_manager/hooks/use_data_view.ts#L45)\nwas introduced with this pr:\nhttps://github.com//pull/225675\n\nIn short, the dataView object was always defined, even if it was just an\ninitial dataView leading to the fields being queried against not being\nmapped.\n\nThe necessary checks are added in this PR\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios","sha":"128528cbfe123c5f0234824e5834755cab58b0c4"}},"sourceBranch":"main","suggestedTargetBranches":["9.1","8.19"],"targetPullRequestStates":[{"branch":"main","label":"v9.2.0","branchLabelMappingKey":"^v9.2.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/235144","number":235144,"mergeCommit":{"message":"[Investigations][Bug] - Check for empty dataView (#235144)\n\n## Summary\n\nThis PR fixes an issue with the alert page filtering when the below\nconfig is enabled:\n\n<img width=\"627\" height=\"181\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/39fc9a61-d794-407d-bea9-16792c9a6535\"\n/>\n\nWhen enabled, the config looks to make sure that searches are only done\nagainst index patterns that are mapped to the given dataView. When\nintroducing the code to migrate to our new dataView picker\n[here](https://github.com/elastic/kibana/blob/9659a525327b2e46478f45d03ce39103848361cc/x-pack/solutions/security/plugins/security_solution/public/common/lib/kuery/index.ts#L231)\nin the following PR #225726, a\ncheck was done to only apply the new DataView when it was provided. To\nfix a separate issue regarding flashing of the alerts page, this\nfollowing [initial\ndataView](https://github.com/elastic/kibana/blob/9659a525327b2e46478f45d03ce39103848361cc/x-pack/solutions/security/plugins/security_solution/public/data_view_manager/hooks/use_data_view.ts#L45)\nwas introduced with this pr:\nhttps://github.com//pull/225675\n\nIn short, the dataView object was always defined, even if it was just an\ninitial dataView leading to the fields being queried against not being\nmapped.\n\nThe necessary checks are added in this PR\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios","sha":"128528cbfe123c5f0234824e5834755cab58b0c4"}},{"branch":"9.1","label":"v9.1.4","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.19","label":"v8.19.4","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Michael Olorunnisola <michael.olorunnisola@elastic.co>
michaelolo24
changed the title
CAWilson94
pushed a commit
to CAWilson94/kibana
that referenced
this pull request
Sep 24, 2025
## Summary This PR fixes an issue with the alert page filtering when the below config is enabled: <img width="627" height="181" alt="image" src="https://github.com/user-attachments/assets/39fc9a61-d794-407d-bea9-16792c9a6535" /> When enabled, the config looks to make sure that searches are only done against index patterns that are mapped to the given dataView. When introducing the code to migrate to our new dataView picker [here](https://github.com/elastic/kibana/blob/9659a525327b2e46478f45d03ce39103848361cc/x-pack/solutions/security/plugins/security_solution/public/common/lib/kuery/index.ts#L231) in the following PR elastic#225726, a check was done to only apply the new DataView when it was provided. To fix a separate issue regarding flashing of the alerts page, this following [initial dataView](https://github.com/elastic/kibana/blob/9659a525327b2e46478f45d03ce39103848361cc/x-pack/solutions/security/plugins/security_solution/public/data_view_manager/hooks/use_data_view.ts#L45) was introduced with this pr: elastic#225675 In short, the dataView object was always defined, even if it was just an initial dataView leading to the fields being queried against not being mapped. The necessary checks are added in this PR ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
niros1
pushed a commit
that referenced
this pull request
Sep 30, 2025
## Summary This PR fixes an issue with the alert page filtering when the below config is enabled: <img width="627" height="181" alt="image" src="https://github.com/user-attachments/assets/39fc9a61-d794-407d-bea9-16792c9a6535" /> When enabled, the config looks to make sure that searches are only done against index patterns that are mapped to the given dataView. When introducing the code to migrate to our new dataView picker [here](https://github.com/elastic/kibana/blob/9659a525327b2e46478f45d03ce39103848361cc/x-pack/solutions/security/plugins/security_solution/public/common/lib/kuery/index.ts#L231) in the following PR #225726, a check was done to only apply the new DataView when it was provided. To fix a separate issue regarding flashing of the alerts page, this following [initial dataView](https://github.com/elastic/kibana/blob/9659a525327b2e46478f45d03ce39103848361cc/x-pack/solutions/security/plugins/security_solution/public/data_view_manager/hooks/use_data_view.ts#L45) was introduced with this pr: #225675 In short, the dataView object was always defined, even if it was just an initial dataView leading to the fields being queried against not being mapped. The necessary checks are added in this PR ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
rylnd
pushed a commit
to rylnd/kibana
that referenced
this pull request
Oct 17, 2025
## Summary This PR fixes an issue with the alert page filtering when the below config is enabled: <img width="627" height="181" alt="image" src="https://github.com/user-attachments/assets/39fc9a61-d794-407d-bea9-16792c9a6535" /> When enabled, the config looks to make sure that searches are only done against index patterns that are mapped to the given dataView. When introducing the code to migrate to our new dataView picker [here](https://github.com/elastic/kibana/blob/9659a525327b2e46478f45d03ce39103848361cc/x-pack/solutions/security/plugins/security_solution/public/common/lib/kuery/index.ts#L231) in the following PR elastic#225726, a check was done to only apply the new DataView when it was provided. To fix a separate issue regarding flashing of the alerts page, this following [initial dataView](https://github.com/elastic/kibana/blob/9659a525327b2e46478f45d03ce39103848361cc/x-pack/solutions/security/plugins/security_solution/public/data_view_manager/hooks/use_data_view.ts#L45) was introduced with this pr: elastic#225675 In short, the dataView object was always defined, even if it was just an initial dataView leading to the fields being queried against not being mapped. The necessary checks are added in this PR ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR fixes an issue with the alert page filtering when the below configuration is enabled:
When enabled, the config looks to make sure that searches are only done against index patterns that are mapped to the given dataView. This configuration is utilized in a utility function here
kibana/src/platform/packages/shared/kbn-es-query/src/es_query/from_filters.ts
Line 86 in 5aa463e
When introducing the code to migrate to our new dataView picker here in the following PR #225726, a check was done to only apply the new DataView when it was provided. To fix a separate issue regarding flashing of the alerts page when loading, a default empty data view was introduced to fix the initial flash with the following initial dataView and was introduced with this pr: #225675.
In short, the empty dataView object was always defined, which only caused problems when this setting was turned on, because the field being filtered on was being checked against an empty dataView. It's not reproducible otherwise. And the impact area is limited to just SecuritySolution
There were no tests to account for this configuration, but those were added here to prevent this from occurring again.
The necessary checks are added in this PR
Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.