[Security Solution] Persist analyzer dataview in local storage#245002
Merged
kqualters-elastic merged 7 commits intoelastic:mainfrom Dec 16, 2025
Merged
[Security Solution] Persist analyzer dataview in local storage#245002kqualters-elastic merged 7 commits intoelastic:mainfrom
kqualters-elastic merged 7 commits intoelastic:mainfrom
Conversation
kqualters-elastic
changed the title
PhilippeOberti
approved these changes
Dec 11, 2025
PhilippeOberti
added
release_note:enhancement
Team:Threat Hunting:Investigations
Contributor
|
Pinging @elastic/security-threat-hunting-investigations (Team:Threat Hunting:Investigations) |
3 tasks
Contributor
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]Async chunks
History
|
Contributor
|
Starting backport for target branches: 9.2 https://github.com/elastic/kibana/actions/runs/20268831832 |
rbrtj
pushed a commit
to rbrtj/kibana
that referenced
this pull request
Dec 16, 2025
…ic#245002) ## Summary This PR will persist analyzer (only for now, but easily extendible to other scopes) selected data view to local storage when it's set, by the user or some other dispatch of that action. If the data view this is set to is deleted, and the value is set in local storage, the first data view in the data view selection list is used. With a bit more logic we could probably fall back to security solution default, but I think the first is fine. If the key doesn't exist at all, the default is used in this case. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios elastic#210926
Contributor
💔 All backports failed
Manual backportTo create the backport manually run: Questions ?Please refer to the Backport tool documentation |
kibanamachine
added
the
backport missing
Contributor
|
Friendly reminder: Looks like this PR hasn’t been backported yet. |
1 similar comment
Contributor
|
Friendly reminder: Looks like this PR hasn’t been backported yet. |
PhilippeOberti
added a commit
that referenced
this pull request
Dec 19, 2025
…s was selected in analyzer component (#246081) ## Summary While reviewing [this PR](#245002) that is adding the functionality to persist the selected in analyzer in local storage, and while working on this [other PR](#245712) that will ensure that analyzer will not load until the data view is ready, I realize that the analyzer preview component rendered in the flyout right panel Overview tab isn't using the same data view as the analyzer component in the flyout left panel Visualize tab. ### Context A few months ago we added the ability to select a different data view in the analyzer component that we render in the alert details flyout left panel. When we did this we never updated the analyzer preview component rendered in the alert details right panel Overview tab. Currently - if the document does not have the expected index - we fall back to the security solution default data view. ### Changes introduced in this PR The analyzer preview component is now using the data view selected in the analyzer component, if the document does not have the expected index. Combined with this data view being saved in local storage, this should improve performance. By default (meaning if no data view have been selected in the analyzer component - we use the default security solution data view (same behavior as in analyzer). No UI changes should be visible. ## How to test the PR As this should only happen with document that are missing the expected index, the change would only be visible for documents that don't have any value for the `kibana.alert.rule.indices` field. In those cases, the list of indices used in analyzer preview should be those from the selected data view in analyzer. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [x] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels.
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Dec 19, 2025
…s was selected in analyzer component (elastic#246081) ## Summary While reviewing [this PR](elastic#245002) that is adding the functionality to persist the selected in analyzer in local storage, and while working on this [other PR](elastic#245712) that will ensure that analyzer will not load until the data view is ready, I realize that the analyzer preview component rendered in the flyout right panel Overview tab isn't using the same data view as the analyzer component in the flyout left panel Visualize tab. ### Context A few months ago we added the ability to select a different data view in the analyzer component that we render in the alert details flyout left panel. When we did this we never updated the analyzer preview component rendered in the alert details right panel Overview tab. Currently - if the document does not have the expected index - we fall back to the security solution default data view. ### Changes introduced in this PR The analyzer preview component is now using the data view selected in the analyzer component, if the document does not have the expected index. Combined with this data view being saved in local storage, this should improve performance. By default (meaning if no data view have been selected in the analyzer component - we use the default security solution data view (same behavior as in analyzer). No UI changes should be visible. ## How to test the PR As this should only happen with document that are missing the expected index, the change would only be visible for documents that don't have any value for the `kibana.alert.rule.indices` field. In those cases, the list of indices used in analyzer preview should be those from the selected data view in analyzer. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [x] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. (cherry picked from commit 5272def)
PhilippeOberti
added a commit
to PhilippeOberti/kibana
that referenced
this pull request
Dec 19, 2025
…s was selected in analyzer component (elastic#246081) ## Summary While reviewing [this PR](elastic#245002) that is adding the functionality to persist the selected in analyzer in local storage, and while working on this [other PR](elastic#245712) that will ensure that analyzer will not load until the data view is ready, I realize that the analyzer preview component rendered in the flyout right panel Overview tab isn't using the same data view as the analyzer component in the flyout left panel Visualize tab. ### Context A few months ago we added the ability to select a different data view in the analyzer component that we render in the alert details flyout left panel. When we did this we never updated the analyzer preview component rendered in the alert details right panel Overview tab. Currently - if the document does not have the expected index - we fall back to the security solution default data view. ### Changes introduced in this PR The analyzer preview component is now using the data view selected in the analyzer component, if the document does not have the expected index. Combined with this data view being saved in local storage, this should improve performance. By default (meaning if no data view have been selected in the analyzer component - we use the default security solution data view (same behavior as in analyzer). No UI changes should be visible. ## How to test the PR As this should only happen with document that are missing the expected index, the change would only be visible for documents that don't have any value for the `kibana.alert.rule.indices` field. In those cases, the list of indices used in analyzer preview should be those from the selected data view in analyzer. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [x] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. (cherry picked from commit 5272def) # Conflicts: # x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/right/components/analyzer_preview.test.tsx # x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/right/components/analyzer_preview.tsx
Contributor
|
Friendly reminder: Looks like this PR hasn’t been backported yet. |
Contributor
|
Friendly reminder: Looks like this PR hasn’t been backported yet. |
PhilippeOberti
pushed a commit
to PhilippeOberti/kibana
that referenced
this pull request
Dec 23, 2025
…ic#245002) ## Summary This PR will persist analyzer (only for now, but easily extendible to other scopes) selected data view to local storage when it's set, by the user or some other dispatch of that action. If the data view this is set to is deleted, and the value is set in local storage, the first data view in the data view selection list is used. With a bit more logic we could probably fall back to security solution default, but I think the first is fine. If the key doesn't exist at all, the default is used in this case. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios elastic#210926 (cherry picked from commit 40e1f9f) # Conflicts: # x-pack/solutions/security/plugins/security_solution/public/data_view_manager/hooks/use_init_data_view_manager.ts # x-pack/solutions/security/plugins/security_solution/public/data_view_manager/redux/listeners/data_view_selected.test.ts # x-pack/solutions/security/plugins/security_solution/public/data_view_manager/redux/listeners/data_view_selected.ts # x-pack/solutions/security/plugins/security_solution/public/data_view_manager/redux/listeners/init_listener.test.ts # x-pack/solutions/security/plugins/security_solution/public/data_view_manager/redux/listeners/init_listener.ts
Contributor
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
PhilippeOberti
added a commit
that referenced
this pull request
Dec 23, 2025
…245002) (#247401) # Backport This will backport the following commits from `main` to `9.2`: - [[Security Solution] Persist analyzer dataview in local storage (#245002)](#245002) <!--- Backport version: 10.2.0 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Kevin Qualters","email":"56408403+kqualters-elastic@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-12-16T13:01:50Z","message":"[Security Solution] Persist analyzer dataview in local storage (#245002)\n\n## Summary\n\nThis PR will persist analyzer (only for now, but easily extendible to\nother scopes) selected data view to local storage when it's set, by the\nuser or some other dispatch of that action. If the data view this is set\nto is deleted, and the value is set in local storage, the first data\nview in the data view selection list is used. With a bit more logic we\ncould probably fall back to security solution default, but I think the\nfirst is fine. If the key doesn't exist at all, the default is used in\nthis case.\n\n### Checklist\n\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n\nhttps://github.com//issues/210926","sha":"40e1f9f3a24e5d955c8385d914d19e343b7166c2","branchLabelMapping":{"^v9.3.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:enhancement","backport missing","Team:Threat Hunting:Investigations","backport:version","v9.3.0","v9.2.4"],"title":"[Security Solution] Persist analyzer dataview in local storage","number":245002,"url":"https://github.com/elastic/kibana/pull/245002","mergeCommit":{"message":"[Security Solution] Persist analyzer dataview in local storage (#245002)\n\n## Summary\n\nThis PR will persist analyzer (only for now, but easily extendible to\nother scopes) selected data view to local storage when it's set, by the\nuser or some other dispatch of that action. If the data view this is set\nto is deleted, and the value is set in local storage, the first data\nview in the data view selection list is used. With a bit more logic we\ncould probably fall back to security solution default, but I think the\nfirst is fine. If the key doesn't exist at all, the default is used in\nthis case.\n\n### Checklist\n\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n\nhttps://github.com//issues/210926","sha":"40e1f9f3a24e5d955c8385d914d19e343b7166c2"}},"sourceBranch":"main","suggestedTargetBranches":["9.2"],"targetPullRequestStates":[{"branch":"main","label":"v9.3.0","branchLabelMappingKey":"^v9.3.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/245002","number":245002,"mergeCommit":{"message":"[Security Solution] Persist analyzer dataview in local storage (#245002)\n\n## Summary\n\nThis PR will persist analyzer (only for now, but easily extendible to\nother scopes) selected data view to local storage when it's set, by the\nuser or some other dispatch of that action. If the data view this is set\nto is deleted, and the value is set in local storage, the first data\nview in the data view selection list is used. With a bit more logic we\ncould probably fall back to security solution default, but I think the\nfirst is fine. If the key doesn't exist at all, the default is used in\nthis case.\n\n### Checklist\n\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n\nhttps://github.com//issues/210926","sha":"40e1f9f3a24e5d955c8385d914d19e343b7166c2"}},{"branch":"9.2","label":"v9.2.4","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> --------- Co-authored-by: Kevin Qualters <56408403+kqualters-elastic@users.noreply.github.com> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
kibanamachine
removed
the
backport missing
CAWilson94
pushed a commit
to CAWilson94/kibana
that referenced
this pull request
Jan 6, 2026
…s was selected in analyzer component (elastic#246081) ## Summary While reviewing [this PR](elastic#245002) that is adding the functionality to persist the selected in analyzer in local storage, and while working on this [other PR](elastic#245712) that will ensure that analyzer will not load until the data view is ready, I realize that the analyzer preview component rendered in the flyout right panel Overview tab isn't using the same data view as the analyzer component in the flyout left panel Visualize tab. ### Context A few months ago we added the ability to select a different data view in the analyzer component that we render in the alert details flyout left panel. When we did this we never updated the analyzer preview component rendered in the alert details right panel Overview tab. Currently - if the document does not have the expected index - we fall back to the security solution default data view. ### Changes introduced in this PR The analyzer preview component is now using the data view selected in the analyzer component, if the document does not have the expected index. Combined with this data view being saved in local storage, this should improve performance. By default (meaning if no data view have been selected in the analyzer component - we use the default security solution data view (same behavior as in analyzer). No UI changes should be visible. ## How to test the PR As this should only happen with document that are missing the expected index, the change would only be visible for documents that don't have any value for the `kibana.alert.rule.indices` field. In those cases, the list of indices used in analyzer preview should be those from the selected data view in analyzer. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [x] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels.
dej611
pushed a commit
to dej611/kibana
that referenced
this pull request
Jan 8, 2026
…s was selected in analyzer component (elastic#246081) ## Summary While reviewing [this PR](elastic#245002) that is adding the functionality to persist the selected in analyzer in local storage, and while working on this [other PR](elastic#245712) that will ensure that analyzer will not load until the data view is ready, I realize that the analyzer preview component rendered in the flyout right panel Overview tab isn't using the same data view as the analyzer component in the flyout left panel Visualize tab. ### Context A few months ago we added the ability to select a different data view in the analyzer component that we render in the alert details flyout left panel. When we did this we never updated the analyzer preview component rendered in the alert details right panel Overview tab. Currently - if the document does not have the expected index - we fall back to the security solution default data view. ### Changes introduced in this PR The analyzer preview component is now using the data view selected in the analyzer component, if the document does not have the expected index. Combined with this data view being saved in local storage, this should improve performance. By default (meaning if no data view have been selected in the analyzer component - we use the default security solution data view (same behavior as in analyzer). No UI changes should be visible. ## How to test the PR As this should only happen with document that are missing the expected index, the change would only be visible for documents that don't have any value for the `kibana.alert.rule.indices` field. In those cases, the list of indices used in analyzer preview should be those from the selected data view in analyzer. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [x] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels.
denar50
added a commit
that referenced
this pull request
Mar 31, 2026
…#260258) ## Summary This [PR](#245002) introduced logic to persist the loaded DV ids in the local storage. However, DVs are space aware, and so whenever you switch from one space to another in current `main` you get the following error in the video below. https://github.com/user-attachments/assets/94089c8f-c35d-4734-b983-f49698e70351 This PR makes the key used to store the id in the local storage, space aware.
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Mar 31, 2026
…elastic#260258) ## Summary This [PR](elastic#245002) introduced logic to persist the loaded DV ids in the local storage. However, DVs are space aware, and so whenever you switch from one space to another in current `main` you get the following error in the video below. https://github.com/user-attachments/assets/94089c8f-c35d-4734-b983-f49698e70351 This PR makes the key used to store the id in the local storage, space aware. (cherry picked from commit 5f5decb)
kibanamachine
added a commit
that referenced
this pull request
Mar 31, 2026
… aware (#260258) (#260453) # Backport This will backport the following commits from `main` to `9.3`: - [[Security Solution] Make the dataview key in localstorage space aware (#260258)](#260258) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Edgar Santos","email":"edgar.santos@elastic.co"},"sourceCommit":{"committedDate":"2026-03-31T11:31:13Z","message":"[Security Solution] Make the dataview key in localstorage space aware (#260258)\n\n## Summary\nThis [PR](#245002) introduced\nlogic to persist the loaded DV ids in the local storage. However, DVs\nare space aware, and so whenever you switch from one space to another in\ncurrent `main` you get the following error in the video below.\n\n\nhttps://github.com/user-attachments/assets/94089c8f-c35d-4734-b983-f49698e70351\n\nThis PR makes the key used to store the id in the local storage, space\naware.","sha":"5f5decbc680787e84da42621cedf366d1bf1ebde","branchLabelMapping":{"^v9.4.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","backport:version","v9.2.0","v9.3.0","v9.4.0"],"title":"[Security Solution] Make the dataview key in localstorage space aware","number":260258,"url":"https://github.com/elastic/kibana/pull/260258","mergeCommit":{"message":"[Security Solution] Make the dataview key in localstorage space aware (#260258)\n\n## Summary\nThis [PR](#245002) introduced\nlogic to persist the loaded DV ids in the local storage. However, DVs\nare space aware, and so whenever you switch from one space to another in\ncurrent `main` you get the following error in the video below.\n\n\nhttps://github.com/user-attachments/assets/94089c8f-c35d-4734-b983-f49698e70351\n\nThis PR makes the key used to store the id in the local storage, space\naware.","sha":"5f5decbc680787e84da42621cedf366d1bf1ebde"}},"sourceBranch":"main","suggestedTargetBranches":["9.2","9.3"],"targetPullRequestStates":[{"branch":"9.2","label":"v9.2.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"9.3","label":"v9.3.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.4.0","branchLabelMappingKey":"^v9.4.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/260258","number":260258,"mergeCommit":{"message":"[Security Solution] Make the dataview key in localstorage space aware (#260258)\n\n## Summary\nThis [PR](#245002) introduced\nlogic to persist the loaded DV ids in the local storage. However, DVs\nare space aware, and so whenever you switch from one space to another in\ncurrent `main` you get the following error in the video below.\n\n\nhttps://github.com/user-attachments/assets/94089c8f-c35d-4734-b983-f49698e70351\n\nThis PR makes the key used to store the id in the local storage, space\naware.","sha":"5f5decbc680787e84da42621cedf366d1bf1ebde"}}]}] BACKPORT--> Co-authored-by: Edgar Santos <edgar.santos@elastic.co>
jeramysoucy
pushed a commit
to jeramysoucy/kibana
that referenced
this pull request
Apr 1, 2026
…elastic#260258) ## Summary This [PR](elastic#245002) introduced logic to persist the loaded DV ids in the local storage. However, DVs are space aware, and so whenever you switch from one space to another in current `main` you get the following error in the video below. https://github.com/user-attachments/assets/94089c8f-c35d-4734-b983-f49698e70351 This PR makes the key used to store the id in the local storage, space aware.
PhilippeOberti
pushed a commit
to PhilippeOberti/kibana
that referenced
this pull request
Apr 1, 2026
…elastic#260258) ## Summary This [PR](elastic#245002) introduced logic to persist the loaded DV ids in the local storage. However, DVs are space aware, and so whenever you switch from one space to another in current `main` you get the following error in the video below. https://github.com/user-attachments/assets/94089c8f-c35d-4734-b983-f49698e70351 This PR makes the key used to store the id in the local storage, space aware. (cherry picked from commit 5f5decb) # Conflicts: # x-pack/solutions/security/plugins/security_solution/public/data_view_manager/redux/listeners/data_view_selected.test.ts # x-pack/solutions/security/plugins/security_solution/public/data_view_manager/redux/listeners/data_view_selected.ts
paulinashakirova
pushed a commit
to paulinashakirova/kibana
that referenced
this pull request
Apr 2, 2026
…elastic#260258) ## Summary This [PR](elastic#245002) introduced logic to persist the loaded DV ids in the local storage. However, DVs are space aware, and so whenever you switch from one space to another in current `main` you get the following error in the video below. https://github.com/user-attachments/assets/94089c8f-c35d-4734-b983-f49698e70351 This PR makes the key used to store the id in the local storage, space aware.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR will persist analyzer (only for now, but easily extendible to other scopes) selected data view to local storage when it's set, by the user or some other dispatch of that action. If the data view this is set to is deleted, and the value is set in local storage, the first data view in the data view selection list is used. With a bit more logic we could probably fall back to security solution default, but I think the first is fine. If the key doesn't exist at all, the default is used in this case.
Checklist
#210926