search

elastic / kibana

Your window into the Elastic Stack
https://www.elastic.co/products/kibana
Other
19.76k stars 8.16k forks source link

[ResponseOps][Alerts] DSL query filters does not work properly when using the alerts KQL filter bar #183908

Open cnasikas opened 4 months ago

cnasikas commented 4 months ago

The AlertsSearchBar component exposed by the @kbn/alerts-ui-shared package is used by various solutions to filter alerts using KQL. Underneath the component use the SearchBar component exposed by the unifiedSearch plugin. The DSL filters are not working properly. The UI shows filter value is invalid or incomplete for DSL filters even though they are valid. This is because the AlertsSearchBar overrides the default behavior of the component by passing the onFiltersUpdated prop. This bug applies to all solutions using the AlertsSearchBar. Also, the MW throws an error if you use a wildcard DSL query. Example:

{
  "wildcard": {
    "kibana.alert.instance.id": {
      "value": "development*"
    }
  }
}

https://github.com/elastic/kibana/assets/7871006/048c6b2b-bc24-4ca7-98ed-fe1e3116158e

elasticmachine commented 4 months ago

Pinging @elastic/response-ops (Team:ResponseOps)