Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SIEM] Source & Destination IP tables show 0 for bytes when documents are missing bytes fields #66495

Open
spong opened this issue May 13, 2020 · 3 comments
Open

[SIEM] Source & Destination IP tables show 0 for bytes when documents are missing bytes fields #66495

spong opened this issue May 13, 2020 · 3 comments
Labels
bug Fixes for quality problems that affect the customer experience impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:SIEM Team:Threat Hunting Security Solution Threat Hunting Team UX

Comments

@spong
Copy link
Member

spong commented May 13, 2020

As uncovered in this community issue, when displaying APM transaction data (which lacks source.bytes and destination.bytes) on the Source & Destination IP tables, the Bytes in & Bytes out columns will show 0B even though none of the records have the corresponding fields. The table should instead display a -- to indicate the empty set, and that no data was found.

This is a by-product of using the sum aggregation in the query, which will return 0 when aggregating across a field that does not exist (in comparison to the avg agg, which will return null if the field is not present).

image
@spong spong added bug Fixes for quality problems that affect the customer experience Team:SIEM UX labels May 13, 2020
@elasticmachine
Copy link
Contributor

Pinging @elastic/siem (Team:SIEM)

@spong
Copy link
Member Author

spong commented Jun 25, 2020

@MadameSheema this is still an issue as of the latest 7.9.0-snapshot.

@MadameSheema MadameSheema added the Team:Detections and Resp Security Detection Response Team label Oct 1, 2020
@MindyRS MindyRS added the Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. label Oct 15, 2020
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-security (Team:Security Solution)

@peluja1012 peluja1012 added Team:Threat Hunting Security Solution Threat Hunting Team impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. and removed Team:Detections and Resp Security Detection Response Team labels Oct 28, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Fixes for quality problems that affect the customer experience impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:SIEM Team:Threat Hunting Security Solution Threat Hunting Team UX
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@peluja1012 @MindyRS @spong @elasticmachine @MadameSheema