[SIEM] Source & Destination IP tables show 0 for bytes when documents are missing bytes fields #66495
Labels
bug
Fixes for quality problems that affect the customer experience
impact:medium
Addressing this issue will have a medium level of impact on the quality/strength of our product.
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Team:SIEM
Team:Threat Hunting
Security Solution Threat Hunting Team
UX
As uncovered in this community issue, when displaying APM transaction data (which lacks
source.bytes
anddestination.bytes
) on the Source & Destination IP tables, theBytes in
&Bytes out
columns will show0B
even though none of the records have the corresponding fields. The table should instead display a--
to indicate the empty set, and that no data was found.This is a by-product of using the
sum
aggregation in the query, which will return 0 when aggregating across a field that does not exist (in comparison to theavg
agg, which will returnnull
if the field is not present).The text was updated successfully, but these errors were encountered: