[7.11] [SECURITY SOLUTIONS] add property include_unmapped (#90341) (#…

…90394) * [SECURITY SOLUTIONS] add property include_unmapped (#90341) * simpler fix * remove fields capabilities to get unmapper fields * fix test * bring back test * Update timeline_details.ts Co-authored-by: Kibana Machine <[email protected]> Co-authored-by: Patryk Kopyciński <[email protected]>
elastic · Feb 5, 2021 · 3f71ce7 · 3f71ce7
1 parent 5636dbf
commit 3f71ce7
Show file tree

Hide file tree

Showing 4 changed files with 299 additions and 389 deletions.
diff --git a/...plugins/security_solution/server/search_strategy/timeline/factory/events/details/index.ts b/...plugins/security_solution/server/search_strategy/timeline/factory/events/details/index.ts
@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import { cloneDeep, merge, unionBy } from 'lodash/fp';
+import { cloneDeep, merge } from 'lodash/fp';
 
 import { IEsSearchResponse } from '../../../../../../../../../src/plugins/data/common';
 import {
@@ -17,7 +17,7 @@ import {
 import { inspectStringifyObject } from '../../../../../utils/build_query';
 import { SecuritySolutionTimelineFactory } from '../../types';
 import { buildTimelineDetailsQuery } from './query.events_details.dsl';
-import { getDataFromFieldsHits, getDataFromSourceHits } from './helpers';
+import { getDataFromSourceHits } from './helpers';
 
 export const timelineEventsDetails: SecuritySolutionTimelineFactory<TimelineEventsQueries.details> = {
   buildDsl: (options: TimelineEventsDetailsRequestOptions) => {
@@ -29,7 +29,7 @@ export const timelineEventsDetails: SecuritySolutionTimelineFactory<TimelineEven
     response: IEsSearchResponse<EventHit>
   ): Promise<TimelineEventsDetailsStrategyResponse> => {
     const { indexName, eventId, docValueFields = [] } = options;
-    const { _source, fields, ...hitsData } = cloneDeep(response.rawResponse.hits.hits[0] ?? {});
+    const { _source, ...hitsData } = cloneDeep(response.rawResponse.hits.hits[0] ?? {});
     const inspect = {
       dsl: [inspectStringifyObject(buildTimelineDetailsQuery(indexName, eventId, docValueFields))],
     };
@@ -42,13 +42,11 @@ export const timelineEventsDetails: SecuritySolutionTimelineFactory<TimelineEven
       };
     }
 
-    const sourceData = getDataFromSourceHits(_source);
-    const fieldsData = getDataFromFieldsHits(merge(fields, hitsData));
+    const sourceData = getDataFromSourceHits(merge(_source, hitsData));
 
-    const data = unionBy('field', fieldsData, sourceData);
     return {
       ...response,
-      data,
+      data: sourceData,
       inspect,
     };
   },

diff --git a/...n/server/search_strategy/timeline/factory/events/details/query.events_details.dsl.test.ts b/...n/server/search_strategy/timeline/factory/events/details/query.events_details.dsl.test.ts
@@ -0,0 +1,55 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { buildTimelineDetailsQuery } from './query.events_details.dsl';
+
+describe('buildTimelineDetailsQuery', () => {
+  it('returns the expected query', () => {
+    const indexName = '.siem-signals-default';
+    const eventId = 'f0a936d50b5b3a5a193d415459c14587fe633f7e519df7b5dc151d56142680e3';
+    const docValueFields = [
+      { field: '@timestamp' },
+      { field: 'agent.ephemeral_id' },
+      { field: 'agent.id' },
+      { field: 'agent.name' },
+    ];
+
+    const query = buildTimelineDetailsQuery(indexName, eventId, docValueFields);
+
+    expect(query).toMatchInlineSnapshot(`
+      Object {
+        "allowNoIndices": true,
+        "body": Object {
+          "docvalue_fields": Array [
+            Object {
+              "field": "@timestamp",
+            },
+            Object {
+              "field": "agent.ephemeral_id",
+            },
+            Object {
+              "field": "agent.id",
+            },
+            Object {
+              "field": "agent.name",
+            },
+          ],
+          "query": Object {
+            "terms": Object {
+              "_id": Array [
+                "f0a936d50b5b3a5a193d415459c14587fe633f7e519df7b5dc151d56142680e3",
+              ],
+            },
+          },
+        },
+        "ignoreUnavailable": true,
+        "index": ".siem-signals-default",
+        "size": 1,
+      }
+    `);
+  });
+});
diff --git a/...lution/server/search_strategy/timeline/factory/events/details/query.events_details.dsl.ts b/...lution/server/search_strategy/timeline/factory/events/details/query.events_details.dsl.ts
@@ -22,8 +22,6 @@ export const buildTimelineDetailsQuery = (
         _id: [id],
       },
     },
-    fields: ['*'],
-    _source: ['signal.*'],
   },
   size: 1,
 });