[Security Solution] Replace Search Strategy usage for fetching indexFields with dataView plugin fields API #142907
Labels
Team:Detection Engine
Security Solution Detection Engine Area
technical debt
Improvement of the software architecture and operational architecture
Comments
YulNaumenko
added
technical debt
8 tasks
dhurley14
added a commit
that referenced
this issue
Mar 31, 2023
…owser via EcsFlat from @kbn/ecs (#153498) ## Summary Ref: #142907 As part of our ongoing work to replace the sourcerer search strategy apis with equivalent apis provided by the data views service, we need to replace the [`browserFields`](https://github.com/elastic/kibana/blob/ca8848e00dbc5cfa0cd53e19d37979a6b8016bd3/x-pack/plugins/security_solution/public/common/containers/source/index.tsx#L154) property returned by the [search strategy](https://github.com/elastic/kibana/blob/ca8848e00dbc5cfa0cd53e19d37979a6b8016bd3/x-pack/plugins/timelines/server/search_strategy/index_fields/index.ts#L42). One of the blockers to removing this search strategy is the use of the browserFields' `description` and `category` properties which are used to populate the fields browser on the alerts table (used by both the Security Solution and Observability), timeline, and events viewer in the security solution. One of the added benefits of updating the source of the description data is we can provide this description to the Observability alerts table too. <img width="1512" alt="description_observability" src="https://user-images.githubusercontent.com/915763/227292448-6e5f9ec5-d620-42a3-89fd-7f99f4b5b16c.png"> ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
dhurley14
added a commit
that referenced
this issue
Apr 25, 2023
…ch strategy with api provided by kibana data views plugin (#149360) ## Summary Original outline: #138181 Issues outlining the objective of this pr: #142903 and #142907 #### Overview Since the data views plugin was introduced, maintaining our own apis for fetching sourcerer saved objects (data views) and additional types has become cumbersome and inefficient. The data views plugin provides both an efficient caching of data view saved objects and a unified interface for creating ad-hoc data views (see the changes to the `useFetchIndex` hook in this PR) so that our code can now rely on a single type of saved object to interface with when fetching data. This PR is another step towards replacing sourcerer with the data view picker provided by kibana platform (which benefits users by maintaining consistency around data source selection UX) and additionally provides benefits to developers in the security solution by allowing us to reduce state-management complexity in components that rely on old `indexPattern` types or data view types. --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
yctercero
added
Team:Detection Engine
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Based on the changes defined in the issues #142903 and #142904, we should be able to migrate from the usage of the Search Strategy calls to the dataView plugin fields, similar to Discover and Lens.
For now we are fetching
indexFieldsby the next way:This approach doesn't have enough caching functionality and should be unified how the other applications get the fields for the further extensibility.
The text was updated successfully, but these errors were encountered: