New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution] [Endpoint] Allow filtering activity log with date range #104085
[Security Solution] [Endpoint] Allow filtering activity log with date range #104085
Conversation
@ashokaditya - looks great! Since this is a new feature that isn't budgeted in the test plan, we'll delay it to |
for some reason TS was complaining earlier with `undefined`
Pinging @elastic/security-onboarding-and-lifecycle-mgt (Team:Onboarding and Lifecycle Mgt) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That looks awesome!! A few comments added but it looks like a very good job so far! 🔥
x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/middleware.ts
Show resolved
Hide resolved
...olution/public/management/pages/endpoint_hosts/view/details/components/date_range_picker.tsx
Outdated
Show resolved
Hide resolved
import moment, { Moment } from 'moment'; | ||
import { EuiFlexGroup, EuiFlexItem, EuiDatePicker, EuiDatePickerRange } from '@elastic/eui'; | ||
|
||
import * as i18 from '../../translations'; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are you using all the translations there? Otherwise you should import just the needed ones
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it's just the two translations, but they are deep nested within the export object.
...olution/public/management/pages/endpoint_hosts/view/details/components/date_range_picker.tsx
Outdated
Show resolved
Hide resolved
...olution/public/management/pages/endpoint_hosts/view/details/components/date_range_picker.tsx
Outdated
Show resolved
Hide resolved
...olution/public/management/pages/endpoint_hosts/view/details/components/date_range_picker.tsx
Outdated
Show resolved
Hide resolved
...urity_solution/public/management/pages/endpoint_hosts/view/details/endpoint_activity_log.tsx
Outdated
Show resolved
Hide resolved
...urity_solution/public/management/pages/endpoint_hosts/view/details/endpoint_activity_log.tsx
Outdated
Show resolved
Hide resolved
refs f551b67
@elasticmachine merge upstream |
@elasticmachine merge upstream |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Few more comments added after the changes but in any case, this is looking 🔥
x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/middleware.ts
Outdated
Show resolved
Hide resolved
...gement/pages/endpoint_hosts/view/details/components/activity_log_date_range_picker/index.tsx
Outdated
Show resolved
Hide resolved
...gement/pages/endpoint_hosts/view/details/components/activity_log_date_range_picker/index.tsx
Outdated
Show resolved
Hide resolved
...gement/pages/endpoint_hosts/view/details/components/activity_log_date_range_picker/index.tsx
Outdated
Show resolved
Hide resolved
...gement/pages/endpoint_hosts/view/details/components/activity_log_date_range_picker/index.tsx
Show resolved
Hide resolved
…ponent review changes
@elasticmachine merge upstream |
One last thing. I checked it locally and seems the date range inside the input is a little bit covered by the clear button. Apart from that, when the search doesn't return any result the |
Can't do much about that except create a ticket in the Eui repo for it. It's how the date picker works.
I see your point but I think this is okay. I'll make a tiny fix anyway so that we show this message right below the dates. Although I think it is okay as it is, and follows the same pattern when there's a small list of actions/responses then users have to scroll down to see that there's nothing more to see. I guess we can improve the UX or make it consistent later. |
@elasticmachine merge upstream |
|
set |
review changes
done @dasansol92 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks awesome! Shiiiip this! 🔥 🚢 🥳
PD: About full width input, I found this mockups in figma with a full width input -> https://www.figma.com/file/BeTJy7bpHRPtHiNJtWU7Pj/OLM-7.12%2B?node-id=4835%3A558081
Nice. I somehow missed that mock. 😅 I was looking at the earlier version where there's also a search bar. |
💚 Build SucceededMetrics [docs]Module Count
Async chunks
History
To update your PR or re-run it, just comment with: cc @ashokaditya |
… range (elastic#104085) * use date range in search query fixes elastic/security-team/issues/1137 * make any date selection fetch matching log fixes elastic/security-team/issues/1137 * use a single action for updating paging info and fetching data fixes elastic/security-team/issues/1137 * use consistent types for some reason TS was complaining earlier with `undefined` * reset date picker on tab load fixes elastic/security-team/issues/1137 * refactor date pickers into a component refs elastic/security-team/issues/1137 * clear dates on change of endpoint fixes elastic/security-team/issues/1137 * do not show empty state if date filtering results return empty data fixes elastic/security-team/issues/1137 * add tests fixes elastic/security-team/issues/1137 * review changes * update comment refs f551b67 * store invalidDateRange on redux store and decouple logic from the component review changes * fix test * fix lint * review changes * expand date picker to use the full width of the flyout review changes Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
💚 Backport successful
This backport PR will be merged automatically after passing CI. |
… range (#104085) (#105093) * use date range in search query fixes elastic/security-team/issues/1137 * make any date selection fetch matching log fixes elastic/security-team/issues/1137 * use a single action for updating paging info and fetching data fixes elastic/security-team/issues/1137 * use consistent types for some reason TS was complaining earlier with `undefined` * reset date picker on tab load fixes elastic/security-team/issues/1137 * refactor date pickers into a component refs elastic/security-team/issues/1137 * clear dates on change of endpoint fixes elastic/security-team/issues/1137 * do not show empty state if date filtering results return empty data fixes elastic/security-team/issues/1137 * add tests fixes elastic/security-team/issues/1137 * review changes * update comment refs f551b67 * store invalidDateRange on redux store and decouple logic from the component review changes * fix test * fix lint * review changes * expand date picker to use the full width of the flyout review changes Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Ashokaditya <am.struktr@gmail.com>
Summary
Allow users to fetch activity logs where actions and responses have a
timestamp
>= start date
,<= end
date or with a date range where start and end dates are included.Changes:
Frontend
activityLog.paging
Backend
start_date
orend_date
are present in the request query.start_date
orend_date
are present in the request query then elasticsearch query uses{ range: { '@timestamp': { gte: startDate } } }
and{ range: { '@timestamp': { lte: endDate } } }
respectively to query with those params.startDate
,endDate
or both, that is used to update the redux store in the frontend.Clip
Checklist
Delete any items that are not applicable to this PR.
Risk Matrix
Delete this section if it is not applicable to this PR.
Before closing this PR, invite QA, stakeholders, and other developers to identify risks that should be tested prior to the change/feature release.
When forming the risk matrix, consider some of the following examples and how they may potentially impact the change: