[Security Solution]Error while Bulk index delete operation on Rule with Data view #136006
Comments
ghost
added
bug
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
ghost
added
the
impact:medium
MadameSheema
added
Team:Detections and Resp
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
banderror
added
Feature:Rule Management
|
@vitaliidm @dhurley14 -- just FYI that we have this bug. I think we should get it fixed in the next dev cycle, but please feel free to do it sooner if you like. Also, I'm thinking about what we could have done to prevent it from happening - maybe rule params schema could be expressed in a different way?.. |
|
hmm wouldn't the user also get this bug if they bulk delete all of index patterns configured for a regular rule (not necessarily a "data view" rule)? @karanbirsingh-qasource would you mind testing this scenario? |
|
sure @peluja1012 in that scenario issue is not occuring and the selected index got removed from the rule index pattern. Please find below detailed observations
Rules.-.Kibana.Mozilla.Firefox.2022-07-22.10-02-37.mp4 |
|
@karanbirsingh-qasource Screen.Recording.2022-07-22.at.10.14.34.movIt seemed also, a root cause of the reported issue. Before introducing data views, rules couldn't have empty index patterns |
|
correct @vitaliidm yes in that case we face the error on bulk delete with normal rule created with index pattern. Rules.-.Kibana.Mozilla.Firefox.2022-07-22.15-51-56.mp4 |
|
Since it looks like it might be easy to fix this one (#137029 (comment)), I moved this ticket to Todo on our board. |
|
@karanbirsingh-qasource This bug has been fixed in #137585 and will be available in the next BC. Please note that there's another one that is similar to but a little bit trickier than this one: #137585 (review). |
… data view id (elastic#137585) ## Summary - fixes elastic#136006 - in this PR, bulk delete index will only be applied to rule, if index pattern exists - small code cleanup around dataViewId and index patterns actions - adds unit/functional tests ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios (cherry picked from commit b93d4fb)
… data view id (elastic#137585) ## Summary - fixes elastic#136006 - in this PR, bulk delete index will only be applied to rule, if index pattern exists - small code cleanup around dataViewId and index patterns actions - adds unit/functional tests ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
… data view id (elastic#137585) (elastic#138380) ## Summary - fixes elastic#136006 - in this PR, bulk delete index will only be applied to rule, if index pattern exists - small code cleanup around dataViewId and index patterns actions - adds unit/functional tests ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios (cherry picked from commit b93d4fb) Co-authored-by: Vitalii Dmyterko <[email protected]>
|
Hi @banderror we have validated this issue on 8.4.0 BC3 and issue is fixed now ✔️ Build Details: Scenarios:
ksingh.-.ec2-54-172-240-11.compute-1.amazonaws.com.-.Remote.Desktop.Connection.2022-08-11.10-36-51.mp4
ksingh.-.ec2-54-172-240-11.compute-1.amazonaws.com.-.Remote.Desktop.Connection.2022-08-11.10-45-18.mp4Hence we are closing this issue and adding "QA:Valdiated" tag to it. thanks !! |
Describe the bug
Error while Bulk index delete operation on Rule with Data view
Build Details:
Steps
Screen-Cast
Rules.-.Kibana.Mozilla.Firefox.2022-07-08.17-55-28.mp4
Rule Export fiIe:
rules_export.zip
Error logs:
The text was updated successfully, but these errors were encountered: