diff --git a/x-pack/solutions/security/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/__mocks__/index.ts b/x-pack/solutions/security/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/__mocks__/index.ts index 24550f2694f5b..eca43ded63955 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/__mocks__/index.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/__mocks__/index.ts @@ -450,11 +450,7 @@ export const formattedSearchStrategyResponse = { aggs: { timestamp: { max: { field: '@timestamp' } } }, }, host_ip: { - terms: { - script: { source: "doc['host.ip']", lang: 'painless' }, - size: 10, - order: { timestamp: 'desc' }, - }, + terms: { field: 'host.ip', value_type: 'ip', size: 10, order: { timestamp: 'desc' } }, aggs: { timestamp: { max: { field: '@timestamp' } } }, }, host_mac: { @@ -623,10 +619,8 @@ export const expectedDsl = { }, host_ip: { terms: { - script: { - source: "doc['host.ip']", - lang: 'painless', - }, + field: 'host.ip', + value_type: 'ip', size: 10, order: { timestamp: 'desc', diff --git a/x-pack/solutions/security/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/helper.test.ts b/x-pack/solutions/security/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/helper.test.ts index ea06aad9d829e..1bc97c610951c 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/helper.test.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/helper.test.ts @@ -58,10 +58,8 @@ describe('#Host details search strategy helpers', () => { }, host_ip: { terms: { - script: { - source: "doc['host.ip']", - lang: 'painless', - }, + field: 'host.ip', + value_type: 'ip', size: 10, order: { timestamp: Direction.desc, diff --git a/x-pack/solutions/security/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/helpers.ts b/x-pack/solutions/security/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/helpers.ts index fbd0bd39d413b..49c1fe538a952 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/helpers.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/helpers.ts @@ -65,15 +65,8 @@ const getTermsAggregationTypeFromField = (field: string): AggregationRequest => return { host_ip: { terms: { - script: { - // We might be able to remove this when PR is fixed in Elasticsearch: https://github.com/elastic/elasticsearch/issues/72276 - // Currently we cannot use "value_type" with an aggregation when we have a mapping conflict which is why this painless script exists - // See public ticket: https://github.com/elastic/kibana/pull/78912 - // See private ticket: https://github.com/elastic/security-team/issues/333 - // for more details on the use cases and causes of the conflicts and why this is here. - source: "doc['host.ip']", - lang: 'painless', - }, + field: 'host.ip', + value_type: 'ip', size: 10, order: { timestamp: Direction.desc, diff --git a/x-pack/solutions/security/plugins/security_solution/server/search_strategy/security_solution/factory/users/observed_details/__snapshots__/index.test.ts.snap b/x-pack/solutions/security/plugins/security_solution/server/search_strategy/security_solution/factory/users/observed_details/__snapshots__/index.test.ts.snap index 301688ce91b7e..2919b06879114 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/search_strategy/security_solution/factory/users/observed_details/__snapshots__/index.test.ts.snap +++ b/x-pack/solutions/security/plugins/security_solution/server/search_strategy/security_solution/factory/users/observed_details/__snapshots__/index.test.ts.snap @@ -78,10 +78,8 @@ Object { }, \\"host_ip\\": { \\"terms\\": { - \\"script\\": { - \\"source\\": \\"doc['host.ip']\\", - \\"lang\\": \\"painless\\" - }, + \\"field\\": \\"host.ip\\", + \\"value_type\\": \\"ip\\", \\"size\\": 10, \\"order\\": { \\"timestamp\\": \\"desc\\" diff --git a/x-pack/solutions/security/plugins/security_solution/server/search_strategy/security_solution/factory/users/observed_details/__snapshots__/query.observed_user_details.dsl.test.ts.snap b/x-pack/solutions/security/plugins/security_solution/server/search_strategy/security_solution/factory/users/observed_details/__snapshots__/query.observed_user_details.dsl.test.ts.snap index cbc5fe7913989..1ac5d3cb1f503 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/search_strategy/security_solution/factory/users/observed_details/__snapshots__/query.observed_user_details.dsl.test.ts.snap +++ b/x-pack/solutions/security/plugins/security_solution/server/search_strategy/security_solution/factory/users/observed_details/__snapshots__/query.observed_user_details.dsl.test.ts.snap @@ -12,14 +12,12 @@ Object { }, }, "terms": Object { + "field": "host.ip", "order": Object { "timestamp": "desc", }, - "script": Object { - "lang": "painless", - "source": "doc['host.ip']", - }, "size": 10, + "value_type": "ip", }, }, "host_os_family": Object {