elasticmachine
commented
1 year ago Pinging @elastic/security-solution (Team: SecuritySolution)
Open sukhwindersingh-qasource opened 1 year ago
elasticmachine
commented
1 year ago Pinging @elastic/security-solution (Team: SecuritySolution)
elasticmachine
commented
1 year ago Pinging @elastic/security-threat-hunting (Team:Threat Hunting)
logeekal
commented
1 year ago Update: It looks to be an issue with how Alert Table is fetching runtime fields. Adding same filter to the global query bar also results in empty table. Looks like issue with the Alerts Table since it is not using runtime mapping in the request.
Below is the runtimeMappings object, we are sending to timelineSearchStrategy and missing from Trigger actions alert table request.
{
"runtimeMappings": {
"Day": {
"script": {
"source": "emit(doc['@timestamp'].value.getDayOfWeekEnum().toString())"
},
"type": "keyword"
}
}
}https://user-images.githubusercontent.com/7485038/233675199-2c45ca13-7bfd-485f-9473-efed8977464e.mov
elasticmachine
commented
1 year ago Pinging @elastic/response-ops (Team:ResponseOps)
XavierM
commented
1 year ago @dhurley14 and I would have to fix it together because i need to be aware of the runtime fields to do that on the alert table.
cnasikas
commented
4 months ago Hey @sukhwindersingh-qasource! Is this still valid?
Describe the bug:
Build Details:
Preconditions
Dayswith set values define script as -emit(doc['@timestamp'].value.getDayOfWeekEnum().toString())Steps to Reproduce
Actual Result
Applying custom field filter on Alerts page filters is not showing alerts table.
Expected Result
Applying custom field filter on Alerts page filters should be showing alerts table.
Screen-Recording
https://user-images.githubusercontent.com/108654988/233600067-8450205a-b6dd-4267-a2c9-e9f76320babc.mp4