[Fleet] Customise KQL search box field labels to not display the Saved Object prefix #185921
Labels
enhancement
New value added to drive a business result
Team:Fleet
Team label for Observability Data Collection Fleet team
Comments
jillguyonnet
added
enhancement
|
Pinging @elastic/fleet (Team:Fleet) |
jillguyonnet
added a commit
that referenced
this issue
Jun 18, 2024
## Summary Closes #178069 This PR fixes agent policies KQL filtering in Fleet UI. Because agent policy data is retrieved from Saved Objects, the policy fields require the SO prefix (`ingest-agent-policies`), which was removed in #161064, to be present (see #178069 (comment) for details). [A further ER](#185921) captures the requirements for displaying custom labels without the prefix. In Fleet UI, the `SearchBar` component that uses KQL filtering is used in three tabs: - Agents - Agent policies - Enrollment tokens Note that the search inputs in the Uninstall tokens and Data streams tabs are simple text filtering, not KQL. The filtering behaviour with this fix matches the one in 8.11.0 and is captured in the screen recording below: - Agents tab: agent fields (e.g. `policy_id` or `agent.version`) - Agent policies tab: agent policy fields prefixed with `ingest-agent-policies` (e.g. `ingest-agent-policies.name`) - Enrollment tokens tab: token fields (e.g. `name` or `policy_id`) ### Screen recording This screen recording shows working KQL filtering and suggestions for the three tabs (fixed for Agent policies): https://github.com/elastic/kibana/assets/23701614/db4a7de7-a098-497a-a3c8-075ed5d0425e ### Testing 1. Create a few agent policies and enroll a couple of agents. 2. Test that the expected fields are shown in the KQL search bars for agents, agent policies and enrollment tokens. For each, check that suggestions are shown when you select a particular field with existing values. 3. For agent policies in particular, also check that KQL syntax works as expect. For instance, if you have an agent policy named "Test agent policy", the query `ingest-agent-policies.name : *agent*` should correctly filter for it. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Followup to #178069
KQL filtering of agent policies was fixed in #183757 by re-adding Saved Object prefixes to query fields. This is an ER for displaying agent policy fields without the SO prefix.
Context and details of the investigation can be found in #178069 (comment). The requirement to display custom labels in the underlying
QueryStringInputcomponent owned by the Visualizations team has been captured in #184089.Acceptance criteria:
ingest-agent-policies.prefixThe text was updated successfully, but these errors were encountered: