[Security solution] Fix a couple spots where we had _source still, us…

…e fields api (#162278)
elastic · Jul 24, 2023 · 3be8f62 · 3be8f62
1 parent 5d25e4d
commit 3be8f62
Show file tree

Hide file tree

Showing 14 changed files with 77 additions and 1,702 deletions.
diff --git a/x-pack/plugins/security_solution/public/common/components/alert_count_by_status/mock_data.ts b/x-pack/plugins/security_solution/public/common/components/alert_count_by_status/mock_data.ts
@@ -19,8 +19,8 @@ export const mockAlertCountByRuleResult = {
             hits: {
               hits: [
                 {
-                  _source: {
-                    'kibana.alert.rule.uuid': '100',
+                  fields: {
+                    'kibana.alert.rule.uuid': ['100'],
                   },
                 },
               ],
@@ -34,8 +34,8 @@ export const mockAlertCountByRuleResult = {
             hits: {
               hits: [
                 {
-                  _source: {
-                    'kibana.alert.rule.uuid': '200',
+                  fields: {
+                    'kibana.alert.rule.uuid': ['200'],
                   },
                 },
               ],
@@ -49,8 +49,8 @@ export const mockAlertCountByRuleResult = {
             hits: {
               hits: [
                 {
-                  _source: {
-                    'kibana.alert.rule.uuid': '300',
+                  fields: {
+                    'kibana.alert.rule.uuid': ['300'],
                   },
                 },
               ],
@@ -64,8 +64,8 @@ export const mockAlertCountByRuleResult = {
             hits: {
               hits: [
                 {
-                  _source: {
-                    'kibana.alert.rule.uuid': '400',
+                  fields: {
+                    'kibana.alert.rule.uuid': ['400'],
                   },
                 },
               ],
@@ -79,8 +79,8 @@ export const mockAlertCountByRuleResult = {
             hits: {
               hits: [
                 {
-                  _source: {
-                    'kibana.alert.rule.uuid': '500',
+                  fields: {
+                    'kibana.alert.rule.uuid': ['500'],
                   },
                 },
               ],
@@ -94,8 +94,8 @@ export const mockAlertCountByRuleResult = {
             hits: {
               hits: [
                 {
-                  _source: {
-                    'kibana.alert.rule.uuid': '600',
+                  fields: {
+                    'kibana.alert.rule.uuid': ['600'],
                   },
                 },
               ],
@@ -109,8 +109,8 @@ export const mockAlertCountByRuleResult = {
             hits: {
               hits: [
                 {
-                  _source: {
-                    'kibana.alert.rule.uuid': '700',
+                  fields: {
+                    'kibana.alert.rule.uuid': ['700'],
                   },
                 },
               ],

diff --git a/...ution/public/common/components/alert_count_by_status/use_alert_count_by_rule_by_status.ts b/...ution/public/common/components/alert_count_by_status/use_alert_count_by_rule_by_status.ts
@@ -117,6 +117,8 @@ export const useAlertCountByRuleByStatus: UseAlertCountByRuleByStatus = ({
   return { items, isLoading, updatedAt };
 };
 
+export const KIBANA_RULE_ID = 'kibana.alert.rule.uuid';
+
 export const buildRuleAlertsByEntityQuery = ({
   additionalFilters = [],
   from,
@@ -133,6 +135,8 @@ export const buildRuleAlertsByEntityQuery = ({
   value: string;
 }) => ({
   size: 0,
+  _source: false,
+  fields: [KIBANA_RULE_ID],
   query: {
     bool: {
       filter: [
@@ -145,11 +149,15 @@ export const buildRuleAlertsByEntityQuery = ({
             },
           },
         },
-        {
-          terms: {
-            'kibana.alert.workflow_status': statuses,
-          },
-        },
+        ...(statuses?.length > 0
+          ? [
+              {
+                terms: {
+                  'kibana.alert.workflow_status': statuses,
+                },
+              },
+            ]
+          : []),
         {
           term: {
             [field]: value,
@@ -167,7 +175,8 @@ export const buildRuleAlertsByEntityQuery = ({
       aggs: {
         ruleUuid: {
           top_hits: {
-            _source: ['kibana.alert.rule.uuid'],
+            _source: false,
+            fields: [KIBANA_RULE_ID],
             size: 1,
           },
         },
@@ -181,8 +190,8 @@ interface RuleUuidData extends GenericBuckets {
     hits: {
       hits: [
         {
-          _source: {
-            'kibana.alert.rule.uuid': string;
+          fields: {
+            'kibana.alert.rule.uuid': string[];
           };
         }
       ];
@@ -201,7 +210,8 @@ const parseAlertCountByRuleItems = (
 ): AlertCountByRuleByStatusItem[] => {
   const buckets = aggregations?.[ALERTS_BY_RULE_AGG].buckets ?? [];
   return buckets.map<AlertCountByRuleByStatusItem>((bucket) => {
-    const uuid = bucket.ruleUuid.hits?.hits[0]?._source['kibana.alert.rule.uuid'] || '';
+    const uuid =
+      firstNonNullValue(bucket.ruleUuid.hits?.hits[0]?.fields['kibana.alert.rule.uuid']) ?? '';
     return {
       ruleName: firstNonNullValue(bucket.key) ?? '-',
       count: bucket.doc_count,

diff --git a/x-pack/plugins/security_solution/public/common/components/ml/anomaly/use_anomalies_search.ts b/x-pack/plugins/security_solution/public/common/components/ml/anomaly/use_anomalies_search.ts
@@ -125,7 +125,7 @@ function formatResultData(
 ): AnomaliesCount[] {
   const unsortedAnomalies: AnomaliesCount[] = anomaliesJobs.map((job) => {
     const bucket = buckets.find(({ key }) => key === job?.id);
-    const hasUserName = has("entity.hits.hits[0]._source['user.name']", bucket);
+    const hasUserName = has("entity.hits.hits[0].fields['user.name']", bucket);
 
     return {
       name: job?.customSettings?.security_app_display_name ?? job.id,