-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution][Detections] Update signals template if outdated and rollover indices #80019
[Security Solution][Detections] Update signals template if outdated and rollover indices #80019
Conversation
Pinging @elastic/siem (Team:SIEM) |
@elasticmachine merge upstream |
@@ -121,6 +125,7 @@ describe('useSignalIndex', () => { | |||
loading: false, | |||
signalIndexExists: false, | |||
signalIndexName: null, | |||
signalIndexTemplateOutdated: null, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should there be a test for when signalIndexTemplateOutdated === true
?
…ana into update-signals-template
jenkins test this |
@elasticmachine merge upstream |
💚 Build SucceededMetrics [docs]async chunks size
distributable file count
History
To update your PR or re-run it, just comment with: |
…nd rollover indices (elastic#80019) * Modify create_index_route to update template in place if outdated * Update frontend to always call create_index_route * Add template status to GET route * Clean up parameter type * Fix tests and types * Add test Co-authored-by: Kibana Machine <[email protected]>
…nd rollover indices (elastic#80019) * Modify create_index_route to update template in place if outdated * Update frontend to always call create_index_route * Add template status to GET route * Clean up parameter type * Fix tests and types * Add test Co-authored-by: Kibana Machine <[email protected]>
* master: (102 commits) [Resolver] Fix flaky test (elastic#80576) Update Security Solution Bug Report Template (elastic#80668) [Observability] Kibana home page Observability link pointing to `/landing` (elastic#80636) [APM] Update User Experience app callout code to reflect new name (elastic#80641) [APM] Add missing ML privileges (elastic#80553) [DOCS] Adds intro line to the ML plugin readme file (elastic#80631) [ML] Functional tests - fix and re-enable validation API tests (elastic#80617) remove non-existing dependency from uptime plugin (elastic#80623) [ML] Fix job selection flyout overflow (elastic#80621) Move dashboard code in codeowner files to canvas team (elastic#80345) [Security Solution][Detections] Update signals template if outdated and rollover indices (elastic#80019) Sort service list by TPM if health is not shown (elastic#80447) Add in cluster version for sec telemetry sender. (elastic#80545) [Usage Collection] Usage collection add saved objects client to collector fetch context (elastic#80554) Change tag from experimental to beta (elastic#80443) [Metrics UI] Inventory view cleanup (elastic#79881) [Security Solutions][Detection Engine] Critical bug where value lists were not operational (elastic#80368) [Security Solution] Fix networkTopNFlow search strategy response (elastic#80362) [build] Retry docker pull (elastic#80432) add template for Security Solution bugs (elastic#80574) ...
…nd rollover indices (#80019) (#80615) * Modify create_index_route to update template in place if outdated * Update frontend to always call create_index_route * Add template status to GET route * Clean up parameter type * Fix tests and types * Add test Co-authored-by: Kibana Machine <[email protected]> Co-authored-by: Kibana Machine <[email protected]>
…nd rollover indices (#80019) (#80616) * Modify create_index_route to update template in place if outdated * Update frontend to always call create_index_route * Add template status to GET route * Clean up parameter type * Fix tests and types * Add test Co-authored-by: Kibana Machine <[email protected]> Co-authored-by: Kibana Machine <[email protected]>
@marshallmain For this PR to be included in the breaking changes doc, I need a write up with a paragraphs on details and impact. See this breaking changes doc for an example: |
Details: The Security Solution now checks the Impact: |
Pinging @elastic/security-solution (Team: SecuritySolution) |
Summary
This PR updates create_index_route so that it checks if the template needs to be upgraded before creating the index if it doesn't exist. In the case where the index already exists but the template was upgraded, the index rolls over so that the write index has the upgraded mapping.
This will cause a breaking change with old mappings that have
risk_score
mapped as a keyword in some places. In the current mapping,signal.rule.risk_score
is a float so after rolling over there will be a conflict between the old and newsignal.rule.risk_score
for some features like aggregations.Checklist
Delete any items that are not applicable to this PR.
For maintainers