Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Search API for rules does not support returning specific fields #331

Closed
amsiglan opened this issue Feb 16, 2023 · 2 comments
Closed

[BUG] Search API for rules does not support returning specific fields #331

amsiglan opened this issue Feb 16, 2023 · 2 comments
Labels
bug Something isn't working v2.7.0

Comments

@amsiglan
Copy link
Collaborator

amsiglan commented Feb 16, 2023
edited
Loading

What is the bug?
Search API for rules does not support returning specific fields when the _source field is specified as part of the request body.

How can one reproduce the bug?
Steps to reproduce the behavior:

  1. Make following search REST API call
POST /_plugins/_security_analytics/rules/_search
{
  "query": {
    "nested": {
      "path": "rule",
      "query": {
        "term": {
          "rule.category": {
            "value": "network"
          }
        }
      }
    }
  },
  "_source": ["rule.title"]
}

It should only return the title field

{
  ...
    "hits": [
      {
        "_index": ".opensearch-sap-pre-packaged-rules-config",
        "_id": "503fe26e-b5f2-4944-a126-eab405cc06e5",
        "_score": 3.9827108,
        "_source": {
          "title": "Kerberos Network Traffic RC4 Ticket Encryption"
        }
      },
     ...
    ]
  }
}

but it returns all the fields as part of source

What is the expected behavior?
Only specified fields should be returned

What is your host/environment?
Opensearch 2.5

Do you have any screenshots?
NA

Do you have any additional context?
The underlying index does support this, so if the call is made against .opensearch-sap-pre-packaged-rules-config index, it works correctly
@amsiglan amsiglan added bug Something isn't working untriaged labels Feb 16, 2023
@lezzago lezzago removed the untriaged label Feb 17, 2023
This was referenced Mar 14, 2023
Merged
Closed
@eirsep eirsep added the v2.7.0 label Apr 3, 2023
@eirsep
Copy link
Member

eirsep commented Apr 3, 2023

@petardz

@sbcd90
Copy link
Collaborator

sbcd90 commented May 8, 2023

issue fixed by pr #374. closing this.

@sbcd90 sbcd90 closed this as completed May 8, 2023
riysaxen-amzn pushed a commit to riysaxen-amzn/security-analytics that referenced this issue Mar 25, 2024
@getsaurabh02 @adityaj1107
Commented out flaky test in favor of known issue to unblock build (op…
a5c5cb3 
…ensearch-project#331)

* Commented out flaky test in favor of known issue opensearch-project#300 to unblock build process.

Signed-off-by: Saurabh Singh <sisurab@amazon.com>

* Commenting out another test

Signed-off-by: Aditya Jindal <13850971+aditjind@users.noreply.github.com>

Co-authored-by: Saurabh Singh <sisurab@amazon.com>
Co-authored-by: Aditya Jindal <13850971+aditjind@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working v2.7.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@sbcd90 @eirsep @lezzago @amsiglan