-
Notifications
You must be signed in to change notification settings - Fork 8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution] Search button does not filter data under the exception list tab. #88450
Comments
@manishgupta-qasource Please review! |
Reviewed & Assigned to @MadameSheema |
@peluja1012 @spong can you please help to prioritise this? Thanks :) |
If simple we should fix for 7.11, and if not, hide the search bar until this can be fixed. @yctercero, would you be able to take a look at this next week please? |
… (#88784) ## Summary Temporarily addresses #88450 A follow PR will address full fix. ### Issue Exceptions table search not functioning as expected. ### Diagnostic The exception list SO properties are mapped as keywords, meaning ES does not tokenize them. Need to add a `text` mapping for fields we want to search on in order for search to work as expected. Expectations for exceptions table search being: - I can search `Endpoint Security` and get results that match `Endpoint` or `Security` - I can search `"Endpoint Security"` and it will conduct an exact match search It's too late in the release cycle for mappings updates - a follow up PR will properly fix search. ### Without Search <img width="1766" alt="Screen Shot 2021-01-19 at 7 52 01 PM" src="https://user-images.githubusercontent.com/10927944/105112279-aed64300-5a90-11eb-95fc-1922eb2055e9.png"> ### Checklist - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
…tic#88784 (elastic#88784) ## Summary Temporarily addresses elastic#88450 A follow PR will address full fix. ### Issue Exceptions table search not functioning as expected. ### Diagnostic The exception list SO properties are mapped as keywords, meaning ES does not tokenize them. Need to add a `text` mapping for fields we want to search on in order for search to work as expected. Expectations for exceptions table search being: - I can search `Endpoint Security` and get results that match `Endpoint` or `Security` - I can search `"Endpoint Security"` and it will conduct an exact match search It's too late in the release cycle for mappings updates - a follow up PR will properly fix search. ### Without Search <img width="1766" alt="Screen Shot 2021-01-19 at 7 52 01 PM" src="https://user-images.githubusercontent.com/10927944/105112279-aed64300-5a90-11eb-95fc-1922eb2055e9.png"> ### Checklist - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
…tic#88784 (elastic#88784) ## Summary Temporarily addresses elastic#88450 A follow PR will address full fix. ### Issue Exceptions table search not functioning as expected. ### Diagnostic The exception list SO properties are mapped as keywords, meaning ES does not tokenize them. Need to add a `text` mapping for fields we want to search on in order for search to work as expected. Expectations for exceptions table search being: - I can search `Endpoint Security` and get results that match `Endpoint` or `Security` - I can search `"Endpoint Security"` and it will conduct an exact match search It's too late in the release cycle for mappings updates - a follow up PR will properly fix search. ### Without Search <img width="1766" alt="Screen Shot 2021-01-19 at 7 52 01 PM" src="https://user-images.githubusercontent.com/10927944/105112279-aed64300-5a90-11eb-95fc-1922eb2055e9.png"> ### Checklist - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
… (#88784) (#88795) ## Summary Temporarily addresses #88450 A follow PR will address full fix. ### Issue Exceptions table search not functioning as expected. ### Diagnostic The exception list SO properties are mapped as keywords, meaning ES does not tokenize them. Need to add a `text` mapping for fields we want to search on in order for search to work as expected. Expectations for exceptions table search being: - I can search `Endpoint Security` and get results that match `Endpoint` or `Security` - I can search `"Endpoint Security"` and it will conduct an exact match search It's too late in the release cycle for mappings updates - a follow up PR will properly fix search. ### Without Search <img width="1766" alt="Screen Shot 2021-01-19 at 7 52 01 PM" src="https://user-images.githubusercontent.com/10927944/105112279-aed64300-5a90-11eb-95fc-1922eb2055e9.png"> ### Checklist - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios Co-authored-by: Yara Tercero <yctercero@users.noreply.github.com>
… (#88784) (#88794) ## Summary Temporarily addresses #88450 A follow PR will address full fix. ### Issue Exceptions table search not functioning as expected. ### Diagnostic The exception list SO properties are mapped as keywords, meaning ES does not tokenize them. Need to add a `text` mapping for fields we want to search on in order for search to work as expected. Expectations for exceptions table search being: - I can search `Endpoint Security` and get results that match `Endpoint` or `Security` - I can search `"Endpoint Security"` and it will conduct an exact match search It's too late in the release cycle for mappings updates - a follow up PR will properly fix search. ### Without Search <img width="1766" alt="Screen Shot 2021-01-19 at 7 52 01 PM" src="https://user-images.githubusercontent.com/10927944/105112279-aed64300-5a90-11eb-95fc-1922eb2055e9.png"> ### Checklist - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios Co-authored-by: Yara Tercero <yctercero@users.noreply.github.com>
Because fix included changes to mappings - simply removed search for 7.11. However fix for this is now included in #88701 |
…y name (#88701) Addresses #88450 Issue Search was not working as expected was because the exception list property name is mapped as a keyword - this means it does not get tokenized which is why one word searches were working but if the name included multiple words and was partial, it was not filtering properly.
…y name (elastic#88701) Addresses elastic#88450 Issue Search was not working as expected was because the exception list property name is mapped as a keyword - this means it does not get tokenized which is why one word searches were working but if the name included multiple words and was partial, it was not filtering properly.
…y name (#88701) (#91255) Addresses #88450 Issue Search was not working as expected was because the exception list property name is mapped as a keyword - this means it does not get tokenized which is why one word searches were working but if the name included multiple words and was partial, it was not filtering properly.
@muskangulati-qasource can you please validate this issue on 7.12? Thanks :) |
Hi @MadameSheema, We tested this ticket on the latest 7.12.0 BC2 and found that issue is now fixed. We are able to search the exception lists correctly. Please find details information below. Build Details:
Refer Screenshots: Hence closing this ticket and marking it as 'Validated'. Thanks!! |
Bug Conversion:Created 01 Test-Case for this Ticket Thanks!! |
Describe the bug
Search button does not filter data under the exception list tab.
Build Details:
Browser Details
All
Preconditions
Steps to Reproduce
Test data
N/A
Impacted Test case(s)
N/A
Actual Result
Search button does not filter data under the exception list tab.
Expected Result
Search button should filter data under the exception list tab.
What's Working
N/A
What's not Working
N/A
Screenshots
![Searching](https://user-images.githubusercontent.com/60252716/104724928-639df680-5757-11eb-8022-80b8f34218f8.PNG)
Logs
N/A
The text was updated successfully, but these errors were encountered: