[Security Solution] ES|QL tab under Timelines shows only elastic logo when user import the Timeline with having ES|QL query and Results. #182823
Assignees
Labels
bug
Fixes for quality problems that affect the customer experience
fixed
impact:high
Addressing this issue will have a high level of impact on the quality/strength of our product.
QA:Validated
Issue has been validated by QA
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Team:Threat Hunting:Investigations
Security Solution Investigations Team
Team:Threat Hunting
Security Solution Threat Hunting Team
v8.14.0
Comments
arvindersingh-qasource
added
bug
|
Pinging @elastic/security-threat-hunting (Team:Threat Hunting) |
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
|
Pinging @elastic/security-threat-hunting-investigations (Team:Threat Hunting:Investigations) |
|
@karanbirsingh-qasource Please review this ticket. Thanks. |
logeekal
added a commit
that referenced
this issue
May 9, 2024
## Summary Handles #182823 This PR resolves the issue where user opens a timeline with a `savedSearchId` which no longer exists. ## Desk Testing Guide 1. Create an `Untitled Timeline` and add `ESQL` query and save the timeline. 2. Make sure `Saved Objects` in Stack Management contains a new saved object. with name - `Saved search for timeline - <name_of_timeline_above>`. 3. Export the above created timeline as `ndjson` as shown below.  5. Delete the above created timeline 6. Make sure that corresponding saved objects is also deleted in `Saved Objects` in Stack Management. 7. `Import` the timeline export in Step 3 on the Timelines Page. 8. Once imported.. Navigate to ESQL tab and save a arbitrary query. 9. Save the timeline... Switch to another timeline and then back. 10. The query you saved should be restored. --------- Co-authored-by: Jan Monschke <janmonschke@fastmail.com>
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this issue
May 9, 2024
## Summary Handles elastic#182823 This PR resolves the issue where user opens a timeline with a `savedSearchId` which no longer exists. ## Desk Testing Guide 1. Create an `Untitled Timeline` and add `ESQL` query and save the timeline. 2. Make sure `Saved Objects` in Stack Management contains a new saved object. with name - `Saved search for timeline - <name_of_timeline_above>`. 3. Export the above created timeline as `ndjson` as shown below.  5. Delete the above created timeline 6. Make sure that corresponding saved objects is also deleted in `Saved Objects` in Stack Management. 7. `Import` the timeline export in Step 3 on the Timelines Page. 8. Once imported.. Navigate to ESQL tab and save a arbitrary query. 9. Save the timeline... Switch to another timeline and then back. 10. The query you saved should be restored. --------- Co-authored-by: Jan Monschke <janmonschke@fastmail.com> (cherry picked from commit 02a22fd)
kibanamachine
added a commit
that referenced
this issue
May 9, 2024
…83059) # Backport This will backport the following commits from `main` to `8.14`: - [[Security Solution] Handle invalid savedSearchId (#182937)](#182937) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Jatin Kathuria","email":"jatin.kathuria@elastic.co"},"sourceCommit":{"committedDate":"2024-05-09T15:44:33Z","message":"[Security Solution] Handle invalid savedSearchId (#182937)\n\n## Summary\n\nHandles #182823 PR resolves the issue where user opens a timeline with a\n`savedSearchId` which no longer exists.\n\n\n## Desk Testing Guide\n\n1. Create an `Untitled Timeline` and add `ESQL` query and save the\ntimeline.\n2. Make sure `Saved Objects` in Stack Management contains a new saved\nobject. with name - `Saved search for timeline -\n<name_of_timeline_above>`.\n3. Export the above created timeline as `ndjson` as shown below. \n\n5. Delete the above created timeline\n6. Make sure that corresponding saved objects is also deleted in `Saved\nObjects` in Stack Management.\n7. `Import` the timeline export in Step 3 on the Timelines Page. \n8. Once imported.. Navigate to ESQL tab and save a arbitrary query.\n9. Save the timeline... Switch to another timeline and then back.\n10. The query you saved should be restored.\n\n---------\n\nCo-authored-by: Jan Monschke <janmonschke@fastmail.com>","sha":"02a22fd01acb56ff60512a31d4ed824b56b48d4e","branchLabelMapping":{"^v8.15.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Threat Hunting:Investigations","backport:prev-minor","v8.15.0"],"title":"[Security Solution] Handle invalid savedSearchId","number":182937,"url":"#182937 Solution] Handle invalid savedSearchId (#182937)\n\n## Summary\n\nHandles #182823 PR resolves the issue where user opens a timeline with a\n`savedSearchId` which no longer exists.\n\n\n## Desk Testing Guide\n\n1. Create an `Untitled Timeline` and add `ESQL` query and save the\ntimeline.\n2. Make sure `Saved Objects` in Stack Management contains a new saved\nobject. with name - `Saved search for timeline -\n<name_of_timeline_above>`.\n3. Export the above created timeline as `ndjson` as shown below. \n\n5. Delete the above created timeline\n6. Make sure that corresponding saved objects is also deleted in `Saved\nObjects` in Stack Management.\n7. `Import` the timeline export in Step 3 on the Timelines Page. \n8. Once imported.. Navigate to ESQL tab and save a arbitrary query.\n9. Save the timeline... Switch to another timeline and then back.\n10. The query you saved should be restored.\n\n---------\n\nCo-authored-by: Jan Monschke <janmonschke@fastmail.com>","sha":"02a22fd01acb56ff60512a31d4ed824b56b48d4e"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v8.15.0","branchLabelMappingKey":"^v8.15.0$","isSourceBranch":true,"state":"MERGED","url":"#182937 Solution] Handle invalid savedSearchId (#182937)\n\n## Summary\n\nHandles #182823 PR resolves the issue where user opens a timeline with a\n`savedSearchId` which no longer exists.\n\n\n## Desk Testing Guide\n\n1. Create an `Untitled Timeline` and add `ESQL` query and save the\ntimeline.\n2. Make sure `Saved Objects` in Stack Management contains a new saved\nobject. with name - `Saved search for timeline -\n<name_of_timeline_above>`.\n3. Export the above created timeline as `ndjson` as shown below. \n\n5. Delete the above created timeline\n6. Make sure that corresponding saved objects is also deleted in `Saved\nObjects` in Stack Management.\n7. `Import` the timeline export in Step 3 on the Timelines Page. \n8. Once imported.. Navigate to ESQL tab and save a arbitrary query.\n9. Save the timeline... Switch to another timeline and then back.\n10. The query you saved should be restored.\n\n---------\n\nCo-authored-by: Jan Monschke <janmonschke@fastmail.com>","sha":"02a22fd01acb56ff60512a31d4ed824b56b48d4e"}}]}] BACKPORT--> Co-authored-by: Jatin Kathuria <jatin.kathuria@elastic.co>
|
Hello It looks like the fix for this did not make it to BC4. But it should automatically be included in BC5. |
|
Hi @logeekal Thanks for the update. We have validated this ticket on latest kibana v8.14 BC build and found that issue is still reproducible. Please find the below observationsBuild DetailsObservations
Timelines.-.Kibana.-.Google.Chrome.2024-05-14.15-02-49.mp4Thanks. |
|
Hey @arvindersingh-qasource , Please see my comment here : #182823 (comment). Unfortunately bug did not make it to BC4 and it will make it to BC5 on 16th of May. |
|
Hi @logeekal Thanks for the update. We have validated this ticket on latest kibana v8.14 BC build and found that issue is now fixed Please find the below observationsBuild DetailsObservationsTimelines.-.Kibana.-.Google.Chrome.2024-05-21.13-12-17.mp4Hence, we are closing this ticket. Thanks. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
ES|QL tab under Timelines shows only elastic logo when user import the Timeline with having ES|QL query and Results.
Build Details
Browser Details
This issue is occurring on all browsers.
Preconditions
Steps to Reproduce
Security->Timelines.Importto import pre requisite Timeline.Actual Result
On removing column for result table under ES|QL query on Timeline, Column selector starts Flickering.
Expected Result
On removing column for result table under ES|QL query on Timeline, Column selector Should not Flicker.
What's Working
What's Not Working
Screen Recording
Timelines.-.Kibana.-.Google.Chrome.2024-05-07.17-53-06.mp4
The text was updated successfully, but these errors were encountered: