Failing test: Detection Engine - Rule Execution Logic Integration Tests - ESS Env - Trial License.x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/machine_learning·ts - Rule execution logic API Detection Engine - Execution logic @ess @serverless @serverlessQA Machine learning type rules "before all" hook for "should create 1 alert from ML rule when record meets anomaly_threshold"

kibanamachine commented 2 months ago

A test failed on a tracked branch

AggregateError: 
    Error: Bulk doc failure [operation=index]:
      doc: {"actual":[1],"bucket_span":900,"by_field_name":"process.name","by_field_value":"store","detector_index":0,"function":"rare","function_description":"rare","host.name":["mothra"],"influencers":[{"influencer_field_name":"user.name","influencer_field_values":["root"]},{"influencer_field_name":"process.name","influencer_field_values":["store"]},{"influencer_field_name":"host.name","influencer_field_values":["mothra"]}],"initial_record_score":33.36147565024334,"is_interim":false,"job_id":"v3_linux_anomalous_network_activity","multi_bucket_impact":0,"probability":0.007820139656036713,"process.name":["store"],"record_score":33.36147565024334,"result_type":"record","timestamp":1605567488000,"typical":[0.007820139656036711],"user.name":["root"]}
      error: {"type":"document_parsing_exception","reason":"[1:177] failed to parse field [host] of type [keyword] in document with id 'v3_linux_anomalous_network_activity_record_1586274300000_900_0_-96106189301704594950079884115725560577_5'. Preview of field's value: '{name=[mothra]}'","caused_by":{"type":"illegal_state_exception","reason":"Can't get text on a START_OBJECT at 1:156"}}
        at Array.map (<anonymous>)
        at indexDocs (index_doc_records_stream.ts:64:13)
        at processTicksAndRejections (node:internal/process/task_queues:95:5)
        at Writable.write [as _write] (index_doc_records_stream.ts:78:9)
    at indexDocs (index_doc_records_stream.ts:64:13)
    at processTicksAndRejections (node:internal/process/task_queues:95:5)
    at Writable.write [as _write] (index_doc_records_stream.ts:78:9)

First failure: CI Build - main

elasticmachine commented 2 months ago

Pinging @elastic/security-detection-engine (Team:Detection Engine)

vitaliidm commented 1 month ago

issue is already under investigation in https://github.com/elastic/kibana/issues/171426, https://github.com/elastic/kibana/pull/182183

cc: @rylnd

rylnd commented 1 week ago

Closed by https://github.com/elastic/kibana/pull/188155.

elastic / kibana