[SECURITY SOLUTION] Add our first search strategy for all host query #75439
Conversation
…ion-search-strategy
…ion-search-strategy
…ion-search-strategy
XavierM
added
release_note:skip
|
Pinging @elastic/siem (Team:SIEM) |
| return this.searchInterceptor.search(request, options); | ||
| }; | ||
| }) as ISearchGeneric; |
There was a problem hiding this comment.
@lukasolson, not really proud of this cast, but I did not know how to stop the type bleeding on me :(.
There was a problem hiding this comment.
I just played around again trying to get rid of this cast and it was fruitless, so I'm fine with this for now.
| const [ | ||
| loading, | ||
| { hosts, totalCount, pageInfo, loadPage, id, inspect, isInspected, refetch }, | ||
| ] = useAllHost({ docValueFields, endDate, filterQuery, startDate, type }); |
There was a problem hiding this comment.
Took a look at this today and tried to play around to get rid of the as but wasn't successful. I wanted to chat about this with @lizozom before I gave it the LGTM but things are looking good so far.
| return this.searchInterceptor.search(request, options); | ||
| }; | ||
| }) as ISearchGeneric; |
There was a problem hiding this comment.
I just played around again trying to get rid of this cast and it was fruitless, so I'm fine with this for now.
|
@elasticmachine merge upstream |
Co-authored-by: Lukas Olson <[email protected]>
| export type StrategyResponseType<T extends FactoryQueryTypes> = T extends 'host_all' | ||
| ? HostsStrategyResponse | ||
| : T extends 'host_details' | ||
| ? HostDetailsStrategyResponse |
There was a problem hiding this comment.
Please consider rename HostDetailsStrategyResponse into HostOverviewRequestResponse.
I think the response of host details would be more generic and may include more info than HostOverviewRequestResponse/
There was a problem hiding this comment.
Not a big fan of the Overview naming but It makes sense to keep it the same to not confuse people so I will change it back.
| TimerangeInput, | ||
| } from '..'; | ||
|
|
||
| export type HostsQueries = 'host_all' | 'host_details'; |
There was a problem hiding this comment.
Could we rename host_details into host_overview?
As in x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/index.ts line 72, the query for host details is actually host overview.
Or I'm also thinking about having an enum that contains all the queries we have in security app,
for example
enum SecuritySolutionQuries = {
host = 'host',
hostOverview = 'hostOverview'
}
type HostQueries = SecuritySolutionQuries.host | SecuritySolutionQuries.hostOverview
say the same query in host page is reused in network page in the future, we could do
type NetworkQueries = SecuritySolutionQuries... | SecuritySolutionQuries.hostOverview
There was a problem hiding this comment.
and in x-pack/plugins/security_solution/public/hosts/containers/hosts/index.tsx Line 69
we could put the enum we defined as well.
There was a problem hiding this comment.
I think you are right we should use an enum, but I still think we should create the enum of the queries in their respective folder and then combine them back the way we are doing it with FactoryQueryTypes
There was a problem hiding this comment.
That's HUUGEE @XavierM 💪
I've pulled down the branch and gave it a try to implement a search strategy for the timeline and everything went smooth 🧈
Well done!
|
@elasticmachine merge upstream |
There was a problem hiding this comment.
LGTM, minor nits below.
Also wanted to mention our conversation today that I'm still not super excited about the prospect of sending the entire search request in requests after the initial request. I understand the use case, but for our default ES search strategy, we only need the ID. I think we can come up with a better mechanism for this, so I've scheduled a discussion.
x-pack/plugins/security_solution/public/hosts/containers/hosts/index.tsx
Outdated
Show resolved
Hide resolved
| } | ||
| searchSubscription$.unsubscribe(); | ||
| } else if (response.isPartial && !response.isRunning) { | ||
| if (!didCancel) { |
There was a problem hiding this comment.
I don't believe you have to check didCancel here (or above) since if the request is aborted, it should immediately hit the error case below.
There was a problem hiding this comment.
the didCancel is more about if the component gets unmount and the request comeback after the component has been unmounted like if you change the route on security solution app.
I do agree with you, that we can have a better mechanism and I will love to implement it in follow up PR. Thank you for being flexible with us. It is much appreciated! |
XavierM
force-pushed
the
securiy-solution-search-strategy
branch
from
a2c7e4e to
63cde69
Compare
|
@elasticmachine merge upstream |
XavierM
force-pushed
the
securiy-solution-search-strategy
branch
from
9a0b7fb to
d70def0
Compare
💚 Build SucceededBuild metrics@kbn/optimizer bundle module count
async chunks size
page load bundle size
History
To update your PR or re-run it, just comment with: |
…lastic#75439) * add security solution search strategy on server side * get security solution search strategy in the public app for all host * fix types * fix Check core API changes * thank you cypress test * Remove any by the right type IESearchRequest Co-authored-by: Lukas Olson <[email protected]> * add translation and filter error when we abort the query * pr review * fix translation * review II * fix merge issue Co-authored-by: Elastic Machine <[email protected]> Co-authored-by: Lukas Olson <[email protected]>
…75439) (#75720) * add security solution search strategy on server side * get security solution search strategy in the public app for all host * fix types * fix Check core API changes * thank you cypress test * Remove any by the right type IESearchRequest Co-authored-by: Lukas Olson <[email protected]> * add translation and filter error when we abort the query * pr review * fix translation * review II * fix merge issue Co-authored-by: Elastic Machine <[email protected]> Co-authored-by: Lukas Olson <[email protected]> Co-authored-by: Elastic Machine <[email protected]> Co-authored-by: Lukas Olson <[email protected]>
MindyRS
added
the
Team: SecuritySolution
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
Summary
Bringing our own search strategy for our security solution app, to refactor most of our graphQL / apollo query call to get our data.
We created our own security solution search strategy with a factory design to avoid creating multiple search strategies for every queries that we have in our plugin. We replace our first graphQL query by our first search strategy, it just makes sense ;).