search

elastic / kibana

Your window into the Elastic Stack
https://www.elastic.co/products/kibana
Other
19.6k stars 8.22k forks source link

[Security Solution]show top modal of Observed data Table field have raw event by default #177878

Closed ghost closed 7 months ago

ghost commented 8 months ago

Describe the bug: show top modal of Observed data Table field have raw event by default

Kibana/Elasticsearch Stack version

Version: 8.13.0 BC2
Commit: c2fc8da128504d437897970d142efd4d06970c0b
Build: 71815

Functional Area: Asset Criticality

precondition

Steps to reproduce

Additional Result

Current Result

Expected Result

Screen-Shot:

image

https://github.com/elastic/kibana/assets/59917825/bcbf5828-da4f-418e-952b-caa79597d7f5

elasticmachine commented 8 months ago

Pinging @elastic/security-solution (Team: SecuritySolution)

amolnater-qasource commented 8 months ago

Reviewed & assigned to @MadameSheema

elasticmachine commented 8 months ago

Pinging @elastic/security-entity-analytics (Team:Entity Analytics)

machadoum commented 8 months ago

I tested the old flyout, and it also preselects raw events inside the top-n visualization:

https://github.com/elastic/kibana/assets/1490444/dacd69cf-0e6c-4b37-828b-d2bed92f6821

I believe this feature is working as expected. The alerts table shows data from the alerts data view, so when investigating a field inside the table, it preselects "Detection and Alerts". But the entity flyout shows data from the security solution data view, so when investigating a field inside the flyout, it preselects "Raw events". In the video below, you can see how the index patterns are consistent.

https://github.com/elastic/kibana/assets/1490444/9e9deae4-33f4-42e0-96db-d99937bbc6ce

@karanbirsingh-qasource Please let me know if I am missing something here; otherwise, we can close the issue.

ghost commented 7 months ago

thanks @machadoum for sharing the insight we are closing this issue as expected.