[Security Solution] Fix host details query when missing IP #78912

patrykkopycinski · 2020-09-30T08:22:27Z

Summary

Error

{
  "error" : {
    "root_cause" : [
      {
        "type" : "illegal_argument_exception",
        "reason" : "encoded bytes are of incorrect length"
      }
    ],
    "type" : "illegal_argument_exception",
    "reason" : "encoded bytes are of incorrect length",
    "caused_by" : {
      "type" : "unknown_host_exception",
      "reason" : "addr is of illegal length"
    }
  },
  "status" : 400
}

Query

GET _search
{
    "aggregations": {
      "host_ip": {
        "terms": {
          "field": "host.ip",
          "size": 10,
          "order": {
            "timestamp": "desc"
          }
        },
        "aggs": {
          "timestamp": {
            "max": {
              "field": "@timestamp"
            }
          }
        }
      }
    },
    "query": {
      "bool": {
        "filter": [
          {
            "term": {
              "host.name": "siem-kibana"
            }
          },
          {
            "range": {
              "@timestamp": {
                "format": "strict_date_optional_time",
                "gte": "2020-09-29T07:25:51.161Z",
                "lte": "2020-09-30T07:25:51.161Z"
              }
            }
          }
        ]
      }
    }
}

Solution
elastic/elasticsearch#27788

Checklist

Unit or functional tests were updated or added to match the most common scenarios

elasticmachine · 2020-09-30T08:22:29Z

Pinging @elastic/siem (Team:SIEM)

patrykkopycinski · 2020-10-02T08:46:57Z

@elasticmachine merge upstream

patrykkopycinski · 2020-11-03T10:00:50Z

@elasticmachine merge upstream

kibanamachine · 2020-11-03T11:46:12Z

💚 Build Succeeded

continuous-integration/kibana-ci/pull-request
Commit: 129ac45

Metrics [docs]

✅ unchanged

History

💛 Build #79069 was flaky 6bdb796
💚 Build #78524 succeeded 7433355
💔 Build #78469 failed 63c8801
💔 Build #78203 failed d1e7634
💔 Build #78189 failed 3bed15a

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

…8912)

…82491)

…82490)

## Summary Adds dev documentation about a painless script in our code and when we could remove it. See: elastic/elasticsearch#72276 #78912

## Summary Adds dev documentation about a painless script in our code and when we could remove it. See: elastic/elasticsearch#72276 elastic#78912

## Summary Adds dev documentation about a painless script in our code and when we could remove it. See: elastic/elasticsearch#72276 #78912 Co-authored-by: Frank Hassanabad <frank.hassanabad@elastic.co>

elasticmachine · 2021-09-23T14:24:19Z

Pinging @elastic/security-solution (Team: SecuritySolution)

patrykkopycinski added 2 commits September 30, 2020 10:12

[Security Solution] Fix host details query with missing IP

b6943a2

add unit test

3bed15a

patrykkopycinski added bug Fixes for quality problems that affect the customer experience release_note:fix Team:SIEM v8.0.0 v7.10.0 labels Sep 30, 2020

patrykkopycinski requested review from a team as code owners September 30, 2020 08:22

patrykkopycinski self-assigned this Sep 30, 2020

patrykkopycinski added 3 commits September 30, 2020 11:13

types

d1e7634

better solution

63c8801

fix mocks

7433355

Merge branch 'master' into fix/host-details-missing-ip

6bdb796

patrykkopycinski closed this Oct 12, 2020

patrykkopycinski reopened this Nov 3, 2020

Merge branch 'master' into fix/host-details-missing-ip

129ac45

XavierM approved these changes Nov 3, 2020

View reviewed changes

patrykkopycinski merged commit 1117800 into elastic:master Nov 3, 2020

patrykkopycinski deleted the fix/host-details-missing-ip branch November 3, 2020 19:50

patrykkopycinski mentioned this pull request Nov 3, 2020

[7.x] [Security Solution] Fix host details query when missing IP (#78912) #82490

Merged

patrykkopycinski added a commit to patrykkopycinski/kibana that referenced this pull request Nov 3, 2020

[Security Solution] Fix host details query when missing IP (elastic#7…

5d69ce3

…8912)

patrykkopycinski added a commit to patrykkopycinski/kibana that referenced this pull request Nov 3, 2020

[Security Solution] Fix host details query when missing IP (elastic#7…

9b997c3

…8912)

patrykkopycinski mentioned this pull request Nov 3, 2020

[7.10] [Security Solution] Fix host details query when missing IP (#78912) #82491

Merged

patrykkopycinski added a commit that referenced this pull request Nov 3, 2020

[Security Solution] Fix host details query when missing IP (#78912) (#…

e227f05

…82491)

patrykkopycinski added a commit that referenced this pull request Nov 3, 2020

[Security Solution] Fix host details query when missing IP (#78912) (#…

249e4f3

…82490)

This was referenced Apr 26, 2021

Using IP in date histogram aggregate causes array_index_out_of_bounds_exception elastic/elasticsearch#72040

Closed

[Security Solutions] Adds dev documentation about a painless script in our code #98509

Merged

FrankHassanabad added a commit that referenced this pull request Apr 27, 2021

Adds documentation about a painless script (#98509)

6c635b3

## Summary Adds dev documentation about a painless script in our code and when we could remove it. See: elastic/elasticsearch#72276 #78912

MindyRS added the Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. label Sep 23, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Security Solution] Fix host details query when missing IP #78912

[Security Solution] Fix host details query when missing IP #78912

patrykkopycinski commented Sep 30, 2020

elasticmachine commented Sep 30, 2020

patrykkopycinski commented Oct 2, 2020

patrykkopycinski commented Nov 3, 2020

kibanamachine commented Nov 3, 2020

elasticmachine commented Sep 23, 2021

[Security Solution] Fix host details query when missing IP #78912

[Security Solution] Fix host details query when missing IP #78912

Conversation

patrykkopycinski commented Sep 30, 2020

Summary

Checklist

elasticmachine commented Sep 30, 2020

patrykkopycinski commented Oct 2, 2020

patrykkopycinski commented Nov 3, 2020

kibanamachine commented Nov 3, 2020

💚 Build Succeeded

Metrics [docs]

History

elasticmachine commented Sep 23, 2021