Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[8.6] [Security Solution][Bug fix] alerts table over 10k results (#145441) #145482

Merged
merged 1 commit into from
Nov 17, 2022
Merged

[8.6] [Security Solution][Bug fix] alerts table over 10k results (#145441) #145482

merged 1 commit into from
Nov 17, 2022

Conversation

kibanamachine
Copy link
Contributor

Backport

This will backport the following commits from main to 8.6:

Questions ?

Please refer to the Backport tool documentation

@christineweng
[Security Solution][Bug fix] alerts table over 10k results (elastic#1…
5b8ff62 
…45441)

This PR aims to address:
- elastic#142965

### Background
On Alerts page -> Events table -> Event Rendered view, when there are
over 10,000 alerts, upon clicking the last page, a warning message
appears.

<img width="800" alt="image"
src="https://user-images.githubusercontent.com/18648970/202265598-5d9d657c-4918-408e-9f92-bcaafc904757.png">

The pop up is expected behavior according to documentation from:
https://www.elastic.co/guide/en/elasticsearch/reference/current/paginate-search-results.html
.

> By default, you cannot use from and size to page through more than
10,000 hits. This limit is a safeguard set by the
[index.max_result_window](https://www.elastic.co/guide/en/elasticsearch/reference/current/index-modules.html#index-max-result-window)
index setting.

### After
Currently the Grid view has a safeguard in place, where if there are
more than 10k results, it will not show the last page, hence preventing
user from clicking it and seeing the error pop up.
- This PR applies the same approach by wrapping the `EventRenderView`
component with the `EuiDataGridContainer`.
- This PR also renamed `EuiDataGridContainer` to
`EuiEventTableContainer` to indicate broader use.

When there are over 10k records, last page is not available in
pagination, and it is the same in Event Rendered View as in Grid view:

https://user-images.githubusercontent.com/18648970/202271379-309cbb3c-5da6-4c46-9814-beeca39d1f36.mov
(cherry picked from commit 3c77ec0)
@kibanamachine kibanamachine enabled auto-merge (squash) November 16, 2022 23:43
@kibanamachine kibanamachine mentioned this pull request Nov 16, 2022
Merged
@kibanamachine kibanamachine merged commit fa95c97 into elastic:8.6 Nov 17, 2022
@kibana-ci
Copy link
Collaborator

💚 Build Succeeded

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
timelines 74.7KB 74.8KB +47.0B
Unknown metric groups

ESLint disabled in files

id before after diff
osquery 1 2 +1

ESLint disabled line counts

id before after diff
enterpriseSearch 19 21 +2
fleet 59 65 +6
osquery 108 113 +5
securitySolution 441 447 +6
total +19

Total ESLint disabled count

id before after diff
enterpriseSearch 20 22 +2
fleet 67 73 +6
osquery 109 115 +6
securitySolution 518 524 +6
total +20

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @christineweng

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@christineweng christineweng

Labels
backport
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kibanamachine @kibana-ci @christineweng