From 9b16a6b1b49bba691ef4156b6ede255509aadf4d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=B4mulo=20Farias?= Date: Wed, 20 May 2026 15:18:08 +0200 Subject: [PATCH 1/2] [Entity Store] Change default log cap behavior to drop --- .../domain/logs_extraction/ccs_logs_extraction_client.test.ts | 2 +- .../domain/logs_extraction/logs_extraction_client.test.ts | 2 +- .../server/domain/saved_objects/global_state/constants.ts | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/x-pack/solutions/security/plugins/entity_store/server/domain/logs_extraction/ccs_logs_extraction_client.test.ts b/x-pack/solutions/security/plugins/entity_store/server/domain/logs_extraction/ccs_logs_extraction_client.test.ts index f428ceab02467..9e300fce412fb 100644 --- a/x-pack/solutions/security/plugins/entity_store/server/domain/logs_extraction/ccs_logs_extraction_client.test.ts +++ b/x-pack/solutions/security/plugins/entity_store/server/domain/logs_extraction/ccs_logs_extraction_client.test.ts @@ -80,7 +80,7 @@ describe('CcsLogsExtractionClient', () => { // behavior is exercised by the dedicated tests at the end of this describe block. maxTimeWindowSize: '999d', maxLogsPerWindow: 0, - maxLogsPerWindowCapBehavior: 'defer' as const, + maxLogsPerWindowCapBehavior: 'drop' as const, }; beforeEach(() => { diff --git a/x-pack/solutions/security/plugins/entity_store/server/domain/logs_extraction/logs_extraction_client.test.ts b/x-pack/solutions/security/plugins/entity_store/server/domain/logs_extraction/logs_extraction_client.test.ts index 16879bdecf3ae..083d72bcd6001 100644 --- a/x-pack/solutions/security/plugins/entity_store/server/domain/logs_extraction/logs_extraction_client.test.ts +++ b/x-pack/solutions/security/plugins/entity_store/server/domain/logs_extraction/logs_extraction_client.test.ts @@ -982,7 +982,7 @@ describe('LogsExtractionClient', () => { delay: '1m', maxTimeWindowSize: '999d', maxLogsPerWindow: overrides.maxLogsPerWindow, - maxLogsPerWindowCapBehavior: overrides.maxLogsPerWindowCapBehavior ?? 'defer', + maxLogsPerWindowCapBehavior: overrides.maxLogsPerWindowCapBehavior ?? 'drop', }), } as EntityStoreGlobalState; mockGlobalStateClient.find.mockResolvedValue(globalState); diff --git a/x-pack/solutions/security/plugins/entity_store/server/domain/saved_objects/global_state/constants.ts b/x-pack/solutions/security/plugins/entity_store/server/domain/saved_objects/global_state/constants.ts index ebc83d13d3321..69e9a933d40dd 100644 --- a/x-pack/solutions/security/plugins/entity_store/server/domain/saved_objects/global_state/constants.ts +++ b/x-pack/solutions/security/plugins/entity_store/server/domain/saved_objects/global_state/constants.ts @@ -20,7 +20,7 @@ export const LOG_EXTRACTION_TIMEOUT_DEFAULT = '59s'; export const LOG_EXTRACTION_MAX_TIME_WINDOW_SIZE_DEFAULT = '15m'; // Max total raw log documents to process per task run; 0 = no cap export const LOG_EXTRACTION_MAX_LOGS_PER_WINDOW_DEFAULT = 500_000; -export const LOG_EXTRACTION_CAP_BEHAVIOR_DEFAULT = 'defer' as const; +export const LOG_EXTRACTION_CAP_BEHAVIOR_DEFAULT = 'drop' as const; export type LogExtractionConfig = z.infer; export const LogExtractionConfig = z.object({ From 2d0756a5208de3fc2edc48e99c6dde7d8634c7d2 Mon Sep 17 00:00:00 2001 From: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Date: Wed, 20 May 2026 13:50:38 +0000 Subject: [PATCH 2/2] Changes from make api-docs --- oas_docs/output/kibana.serverless.yaml | 2 +- oas_docs/output/kibana.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/oas_docs/output/kibana.serverless.yaml b/oas_docs/output/kibana.serverless.yaml index 23cc432f2f509..1709c6a16def1 100644 --- a/oas_docs/output/kibana.serverless.yaml +++ b/oas_docs/output/kibana.serverless.yaml @@ -76741,7 +76741,7 @@ paths: minimum: 0 type: integer maxLogsPerWindowCapBehavior: - default: defer + default: drop enum: - defer - drop diff --git a/oas_docs/output/kibana.yaml b/oas_docs/output/kibana.yaml index 381b7b7435db8..d3d2fd686332f 100644 --- a/oas_docs/output/kibana.yaml +++ b/oas_docs/output/kibana.yaml @@ -81950,7 +81950,7 @@ paths: minimum: 0 type: integer maxLogsPerWindowCapBehavior: - default: defer + default: drop enum: - defer - drop