Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution][DQD][API] Change /results route to support new api design (Phase 1) #182868

Closed
Tracked by #184158
kapral18 opened this issue May 7, 2024 · 4 comments · Fixed by #183696
Closed
Tracked by #184158

[Security Solution][DQD][API] Change /results route to support new api design (Phase 1) #182868

kapral18 opened this issue May 7, 2024 · 4 comments · Fixed by #183696
Assignees
@kapral18
Labels
8.15 candidate Team:Threat Hunting:Explore Team:Threat Hunting Security Solution Threat Hunting Team

Comments

@kapral18
Copy link
Contributor

kapral18 commented May 7, 2024
edited

This is a follow up ticket to #181945 with a new consensus /results api design.

  • GET /results/indices_latest/:pattern - get latest index results
    returns 
    {
 "indexName1": {latest_result}
 "indexName2": {latest_result}
}

Acceptance criteria:

  • refactor existing getting latest /results in DQD implementation on both server and client to support the new suggested api design above. Rename /results to /results/indices_latest/:pattern.
@kapral18 kapral18 self-assigned this May 7, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-threat-hunting-explore (Team:Threat Hunting:Explore)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)

@semd semd mentioned this issue May 8, 2024
Closed
@kapral18
Copy link
Contributor Author

kapral18 commented May 15, 2024
edited

update: since current /results api endpoint uses top_hits, top_hits has size limit of 100 and pagination adds to size, for example, size: 100 and from:20 will return an error. So we decided to use a separate endpoint for fetching index data and keep latest results endpoint intact but tweaking the name, details are in the updated description

kapral18 added a commit to kapral18/kibana that referenced this issue May 17, 2024
@kapral18
[Security Solution][DQD][API] update results API to use path params i…
8c38f94 
…nstead of query params

- Changed the `RESULTS_API_ROUTE` to `RESULTS_INDICES_LATEST_ROUTE` with path parameter `{pattern}`.
- Updated `getStorageResults` function to use the new route.
- Modified tests to reflect the new route and parameter usage.
- Updated server route validation to use path parameters instead of query parameters.

closes elastic#182868
This was referenced May 17, 2024
Merged
Closed
kapral18 added a commit to kapral18/kibana that referenced this issue May 17, 2024
@kapral18
[Security Solution][DQD][API] update results API to use path params i…
3d3f0b1 
…nstead of query params

- Changed the `RESULTS_API_ROUTE` to `RESULTS_INDICES_LATEST_ROUTE` with path parameter `{pattern}`.
- Updated `getStorageResults` function to use the new route.
- Modified tests to reflect the new route and parameter usage.
- Updated server route validation to use path parameters instead of query parameters.

closes elastic#182868
kapral18 added a commit that referenced this issue May 17, 2024
@kapral18
[Security Solution][DQD][API] update results API to use path params i…
3c4b33b 
…n place of query params (#183696)

- Changed the `RESULTS_API_ROUTE` to `RESULTS_INDICES_LATEST_ROUTE` with
path parameter `{pattern}`.
- Updated `getStorageResults` function to use the new route.
- Modified tests to reflect the new route and parameter usage.
- Updated server route validation to use path parameters instead of
query parameters.

closes #182868

**This is an internal route api change, so no breaking changes**

**Before**

![image](https://github.com/elastic/kibana/assets/1625373/248e07e0-2a10-4658-8541-24330e2dc2ad)

**After:**

![image](https://github.com/elastic/kibana/assets/1625373/d0469b33-d240-4de0-9a39-4ab510aa342b)
@kapral18 kapral18 mentioned this issue May 24, 2024
Open
@kapral18
Copy link
Contributor Author

This route has been further updated and simplified as part of #184297

@kapral18 kapral18 changed the title [Security Solution][DQD][API] Change /results route to support new api design [Security Solution][DQD][API] Change /results route to support new api design (Phase 1) May 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kapral18 kapral18

Labels
8.15 candidate Team:Threat Hunting:Explore Team:Threat Hunting Security Solution Threat Hunting Team
Projects
None yet
Milestone
No milestone
2 participants
@kapral18 @elasticmachine