feat: audit and auto-capitalize searches (#115)

* audit search and auto-capitalize them * updating shared package
logrhythm · Jan 29, 2020 · f66468f · f66468f
1 parent 7f356dc
commit f66468f
Show file tree

Hide file tree

Showing 3 changed files with 51 additions and 6 deletions.
diff --git a/package.json b/package.json
@@ -127,7 +127,7 @@
     "@kbn/test-subj-selector": "0.2.1",
     "@kbn/ui-framework": "1.0.0",
     "@logrhythm/icons": "^1.19.0",
-    "@logrhythm/nm-web-shared": "^1.8.1",
+    "@logrhythm/nm-web-shared": "^1.10.0",
     "@logrhythm/webui": "^5.9.15",
     "@types/json-stable-stringify": "^1.0.32",
     "@types/lodash.clonedeep": "^4.5.4",

diff --git a/src/legacy/ui/public/courier/fetch/fetch_now.js b/src/legacy/ui/public/courier/fetch/fetch_now.js
@@ -24,6 +24,11 @@ import { ContinueIncompleteProvider } from './continue_incomplete';
 import { RequestStatus } from './req_status';
 import { i18n } from '@kbn/i18n';
 
+import moment from 'moment';
+import { auditSearch } from '@logrhythm/nm-web-shared/services/audit';
+
+const auditTimeFormat = 'YYYY/MM/DD HH:mm:ss';
+
 /**
  * Fetch now provider should be used if you want the results searched and returned immediately.
  * This can be slightly inefficient if a large number of requests are queued up, we can batch these
@@ -106,8 +111,48 @@ export function FetchNowProvider(Private, Promise) {
       });
   }
 
+  async function auditFetch(searchSource) {
+    const searchSourceFields = searchSource.getFields();
+
+    let queryToAudit = '';
+    if(Array.isArray(searchSourceFields.query)) {
+      queryToAudit = searchSourceFields.query[searchSourceFields.query.length - 1].query || '';
+    } else {
+      queryToAudit = searchSourceFields.query.query || '';
+    }
+
+    const dateFilter = Object.values(searchSource.getParent().getFields().filter().range)[0];
+
+    if (
+      !queryToAudit ||
+      queryToAudit.trim() === '*' ||
+      !dateFilter ||
+      !dateFilter.gte ||
+      !dateFilter.lte
+    ) {
+      return;
+    }
+
+    const formattedFrom = moment(dateFilter.gte).format(auditTimeFormat);
+    const formattedTo = moment(dateFilter.lte).format(auditTimeFormat);
+
+    await auditSearch({
+      query: queryToAudit,
+      from: formattedFrom,
+      to: formattedTo
+    });
+  }
+
   function startRequests(searchRequests) {
-    return Promise.map(searchRequests, function(searchRequest) {
+    if(searchRequests.length > 0) {
+      try {
+        auditFetch(searchRequests[0].source);
+      } catch (err) {
+        console.warn('An error occurred trying to audit the query.', err); // eslint-disable-line
+      }
+    }
+
+    return Promise.map(searchRequests, function (searchRequest) {
       if (searchRequest === ABORTED) {
         return searchRequest;
       }

diff --git a/yarn.lock b/yarn.lock
@@ -1957,10 +1957,10 @@
   resolved "https://logrhythm.jfrog.io/logrhythm/api/npm/npm-virtual/@logrhythm/lucene-parser/-/@logrhythm/lucene-parser-3.4.0.tgz#19274929b73c83713c3597febe71a0c62ff2a5e9"
   integrity sha1-GSdJKbc8g3E8NZf+vnGgxi/ypek=
 
-"@logrhythm/nm-web-shared@^1.8.1":
-  version "1.8.1"
-  resolved "https://logrhythm.jfrog.io/logrhythm/api/npm/npm-virtual/@logrhythm/nm-web-shared/-/@logrhythm/nm-web-shared-1.8.1.tgz#2e0129b1b01a4ee8ef7f2cf0537590f2d4447e85"
-  integrity sha1-LgEpsbAaTujvfyzwU3WQ8tREfoU=
+"@logrhythm/nm-web-shared@^1.10.0":
+  version "1.10.0"
+  resolved "https://logrhythm.jfrog.io/logrhythm/api/npm/npm-virtual/@logrhythm/nm-web-shared/-/@logrhythm/nm-web-shared-1.10.0.tgz#7d8686afd3571f536cba0fc36a5625deafd3fae7"
+  integrity sha1-fYaGr9NXH1Nsug/DalYl3q/T+uc=
 
 "@logrhythm/webui@^5.9.15":
   version "5.9.15"