[Known Issue] Prevalence table in expanded alerts detail flyout showing no data if query runs long

elastic / security-docs

Elastic Security Documentation

Other

61 stars 178 forks source link

[Known Issue] Prevalence table in expanded alerts detail flyout showing no data if query runs long #3904

Closed christineweng closed 11 months ago

christineweng commented 11 months ago

Description

In the new alerts detail flyout, prevalence table in the left section, prevalence tab, shows "No prevalence data available" instead of the prevalence table. This is often observed in bigger clusters and when data streaming is enabled.

Area/Engineering team

Threat Hunting

Stack release

8.10

Release fixed

8.10.1

Workaround

No workaround

nastasha-solomon commented 11 months ago

Using the high-level description @paulewing suggested via Slack: The alert prevalence feature behaves inconsistently and may not produce accurate results.

cc: @PhilippeOberti @christineweng

nastasha-solomon commented 11 months ago

Added in 3c69c70.