[Security Solution][Timeline]timeline date/time sync not working for timeline

[ghost]

Describe the bug timeline date/time sync not working for timeline

Build Details

Version: 8.0.0-SNAPSHOT
commit:002f9fae38acdf71d6df88d808a742976de22cc8
Build:48805

Steps

• Login to Kibana
• Navigate to Timeline Page and create few timelines
• open any one timeline and set time filter to let say today and click on lock icon and sync the time with the whole application
• now move to other areas like host page , cases etc and timeline lock works there
• come back to timeline page and open same timeline
• observed that timeline lock did not worked under same or other timelines too

Screen-cast

https://user-images.githubusercontent.com/59917825/147046301-80dd267e-785e-4672-b6aa-afeea28f7f3c.mp4

https://user-images.githubusercontent.com/59917825/147046342-6069ea18-5bee-4a66-8c5f-35083a6fd6b4.mp4

[elasticmachine]

Pinging @elastic/security-solution (Team: SecuritySolution)

[manishgupta-qasource]

Reviewed & assigned to @michaelolo24

CC: @MadameSheema

[michaelolo24]

@karanbirsingh-qasource from the language it would sound like the sync is supposed to take place with the underlying page views, not the individual timelines themselves. As long as the same timeline is open when the lock icon is clicked, then you'll be able to look at all the data in the pages and timeline in that same time range, but closing and re-opening a timeline would presumably reset it to it's original saved date range. Given that, I'm not sure this is a bug, but maybe more of an enhancement/feature request? Though not sure if that behavior would be ideal. @paulewing / @monina-n thoughts?

[ghost]

@karanbirsingh-qasource from the language it would sound like the sync is supposed to take place with the underlying page views, not the individual timelines themselves. As long as the same timeline is open when the lock icon is clicked, then you'll be able to look at all the data in the pages and timeline in that same time range, but closing and re-opening a timeline would presumably reset it to it's original saved date range. Given that, I'm not sure this is a bug, but maybe more of an enhancement/feature request? Though not sure if that behavior would be ideal. @paulewing / @monina-n thoughts?

sure @michaelolo24 we will wait for the response of other members about this ticket and thanks for providing the current functioning of time sync within timelines in detail.

[monina-n]

@michaelolo24 @paulewing yeah in terms of the behavior, from the concept of 'locking' a date range (regardless of what the tooltip says), I would assume that the specified time range would be saved when the lock icon is clicked, even when the timeline is opened and closed.

In terms of what is preferred, @paulewing do you know? but the current mechanism is misleading and probably confusing to the user as-is so we would need to be more clear on what it actually does

[paulewing]

@monina-n @michaelolo24 Yes, this time syncing was originally intended to assist the analyst when they wanted to visit other pages related to an active investigation from Timeline. I agree that this flow and the lock icon could lead to confusion. Let's revisit as an enhancement and rethink the workflow.

[elasticmachine]

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)

[PhilippeOberti]

this seems that it was solved over the last 3 years https://github.com/user-attachments/assets/6b535b4e-4d5d-4b13-9570-5a8bd634652b