Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] Event count is not preserved if sorting is done on empty columns under the timeline #87088

Closed
muskangulati-qasource opened this issue Dec 31, 2020 · 4 comments · Fixed by #87241
Closed

[Security Solution] Event count is not preserved if sorting is done on empty columns under the timeline #87088

muskangulati-qasource opened this issue Dec 31, 2020 · 4 comments · Fixed by #87241
Labels
bug Fixes for quality problems that affect the customer experience Feature:Timeline Security Solution Timeline feature impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting Security Solution Threat Hunting Team v7.10.2 v7.11.0

Comments

@muskangulati-qasource
Copy link

Describe the bug
Event count is not preserved if sorting is done on empty columns under the timeline

Build Details:

Platform: Staging
Version: 7.10.2-SNAPSHOT
Commit: 733d0aa29750868a043ec307f27a0506d9a3ed62
Build number: 36123
Artifact: https://artifacts-api.elastic.co/v1/search/7.10.2-SNAPSHOT

Browser Details
All

Preconditions

  1. Cloud environment on staging should exist.
  2. Endpoint should be deployed and events should be generated.

Steps to Reproduce

  1. Navigate to Kibana URL on Browser.
  2. Click on the "Timeline" tab under Security from the left navigation bar.
  3. Create a new timeline and observe the count of events.
  4. Observe that if sorting is done for any empty column, the count of events is decreased and not preserved.

Test data
N/A

Impacted Test case(s)
N/A

Actual Result
Event count is not preserved if sorting is done on empty columns under the timeline

Expected Result
Event count should be preserved if sorting is done on any column under the timeline

What's Working
N/A

What's not Working
N/A

Screenshots

  • Timeline data for default sorting:
    TimelineDataBeforeSorting

-Timeline data after sorting with empty fields.
TimelineDataAfterSorting

Logs
N/A
@muskangulati-qasource muskangulati-qasource added bug Fixes for quality problems that affect the customer experience Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Feature:Timeline Security Solution Timeline feature labels Dec 31, 2020
@muskangulati-qasource
Copy link
Author

@manishgupta-qasource please review!

@manishgupta-qasource manishgupta-qasource added the impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. label Dec 31, 2020
@manishgupta-qasource
Copy link

Reviewed & Assigned to @MadameSheema

@MadameSheema MadameSheema added the Team:Threat Hunting Security Solution Threat Hunting Team label Jan 4, 2021
@MadameSheema
Copy link
Member

@XavierM can you please help to prioritise this? thanks :)

@patrykkopycinski patrykkopycinski mentioned this issue Jan 4, 2021
Merged
@muskangulati-qasource
Copy link
Author

Hi @MadameSheema,

We have validated this ticket on both 7.10.2-BC1 & 7.11.0-BC2 builds and found that issue is now fixed:

Build details:

  • Kibana version: 7.11.0-BC2
Build: 37605
Commit: a5126f7a280a6f4a27dc3aca65c1c89ccd1ac694
  • Kibana version: 7.10.2-BC
BUILD 36136
COMMIT a0b793698735eb1d0ab1038f8e5d7a951524e929

Refer screenshots:

  • Kibana version: 7.11.0-BC2

  • Total count:
    5519

  • After filtering:
    5519Filtered

  • Kibana version: 7.10.2-BC

  • Total count:
    7 10 2_Unfiltered

  • After filtering:
    7 10 2_filtered

Hence, we are closing this ticket!!

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Fixes for quality problems that affect the customer experience Feature:Timeline Security Solution Timeline feature impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting Security Solution Threat Hunting Team v7.10.2 v7.11.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[Security Solution] Fix sorting on unmapped fields in Timeline Events… patrykkopycinski/kibana
3 participants
@MadameSheema @manishgupta-qasource @muskangulati-qasource