Skip to content

Commit

Permalink
fix 400 error on initial signals search (#70618)
Browse files Browse the repository at this point in the history
### Summary

On initial render of the SIEM pages, a 400 error was showing for POST http://localhost:5601/api/detection_engine/signals/search. This PR is a temporary fix for this bug. This initial call is being used to populate the Last alert text that shows at the top of a number of the pages. The reason the size was 0 is because we weren't interested in the signals themselves, just the timestamp of the last alert. Teamed up with @XavierM and it seems to us that the issue is the server side validation. It may be Hapi misreading the 0 as false or our updated validation not accepting size 0.
  • Loading branch information
yctercero authored Jul 2, 2020
1 parent e774921 commit 6a33a78
Showing 1 changed file with 2 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ export const buildLastAlertsQuery = (ruleId: string | undefined | null) => {
bool: { should: [{ match: { 'signal.status': 'open' } }], minimum_should_match: 1 },
},
];

return {
aggs: {
lastSeen: { max: { field: '@timestamp' } },
Expand All @@ -30,7 +31,7 @@ export const buildLastAlertsQuery = (ruleId: string | undefined | null) => {
: queryFilter,
},
},
size: 0,
size: 1,
track_total_hits: true,
};
};

0 comments on commit 6a33a78

Please sign in to comment.