-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution] Fix an error with nested fields being treated as keyword #201473
[Security Solution] Fix an error with nested fields being treated as keyword #201473
Conversation
Pinging @elastic/security-threat-hunting-investigations (Team:Threat Hunting:Investigations) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks for fixing this!
Starting backport for target branches: 8.15, 8.16, 8.17, 8.x |
💛 Build succeeded, but was flaky
Failed CI StepsTest FailuresMetrics [docs]
|
…keyword (elastic#201473) ## Summary When formatting elasticsearch responses for the frontend, the timelines search strategies will treat unmapped fields as type: keyword. If the underlying field is actually an object, but is seen as a string in the code, this for (key in source) loop will fail, as it's trying to loop over a string. Fix below should have minimal effect as the data is accessible at the further nested keys. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios (cherry picked from commit c6cb059)
…keyword (elastic#201473) ## Summary When formatting elasticsearch responses for the frontend, the timelines search strategies will treat unmapped fields as type: keyword. If the underlying field is actually an object, but is seen as a string in the code, this for (key in source) loop will fail, as it's trying to loop over a string. Fix below should have minimal effect as the data is accessible at the further nested keys. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios (cherry picked from commit c6cb059)
…keyword (elastic#201473) ## Summary When formatting elasticsearch responses for the frontend, the timelines search strategies will treat unmapped fields as type: keyword. If the underlying field is actually an object, but is seen as a string in the code, this for (key in source) loop will fail, as it's trying to loop over a string. Fix below should have minimal effect as the data is accessible at the further nested keys. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios (cherry picked from commit c6cb059)
💔 Some backports could not be created
Note: Successful backport PRs will be merged automatically after passing CI. Manual backportTo create the backport manually run:
Questions ?Please refer to the Backport tool documentation |
…ted as keyword (#201473) (#201482) # Backport This will backport the following commits from `main` to `8.16`: - [[Security Solution] Fix an error with nested fields being treated as keyword (#201473)](#201473) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Kevin Qualters","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-11-23T00:11:12Z","message":"[Security Solution] Fix an error with nested fields being treated as keyword (#201473)\n\n## Summary\r\nWhen formatting elasticsearch responses for the frontend, the timelines\r\nsearch strategies will treat unmapped fields as type: keyword. If the\r\nunderlying field is actually an object, but is seen as a string in the\r\ncode, this for (key in source) loop will fail, as it's trying to loop\r\nover a string. Fix below should have minimal effect as the data is\r\naccessible at the further nested keys.\r\n\r\n\r\n\r\n### Checklist\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios","sha":"c6cb05996188ec7613d38f10de57dade356d12f7","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Threat Hunting:Investigations","backport:prev-major"],"title":"[Security Solution] Fix an error with nested fields being treated as keyword","number":201473,"url":"https://github.com/elastic/kibana/pull/201473","mergeCommit":{"message":"[Security Solution] Fix an error with nested fields being treated as keyword (#201473)\n\n## Summary\r\nWhen formatting elasticsearch responses for the frontend, the timelines\r\nsearch strategies will treat unmapped fields as type: keyword. If the\r\nunderlying field is actually an object, but is seen as a string in the\r\ncode, this for (key in source) loop will fail, as it's trying to loop\r\nover a string. Fix below should have minimal effect as the data is\r\naccessible at the further nested keys.\r\n\r\n\r\n\r\n### Checklist\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios","sha":"c6cb05996188ec7613d38f10de57dade356d12f7"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/201473","number":201473,"mergeCommit":{"message":"[Security Solution] Fix an error with nested fields being treated as keyword (#201473)\n\n## Summary\r\nWhen formatting elasticsearch responses for the frontend, the timelines\r\nsearch strategies will treat unmapped fields as type: keyword. If the\r\nunderlying field is actually an object, but is seen as a string in the\r\ncode, this for (key in source) loop will fail, as it's trying to loop\r\nover a string. Fix below should have minimal effect as the data is\r\naccessible at the further nested keys.\r\n\r\n\r\n\r\n### Checklist\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios","sha":"c6cb05996188ec7613d38f10de57dade356d12f7"}}]}] BACKPORT--> Co-authored-by: Kevin Qualters <[email protected]>
…ted as keyword (#201473) (#201483) # Backport This will backport the following commits from `main` to `8.17`: - [[Security Solution] Fix an error with nested fields being treated as keyword (#201473)](#201473) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Kevin Qualters","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-11-23T00:11:12Z","message":"[Security Solution] Fix an error with nested fields being treated as keyword (#201473)\n\n## Summary\r\nWhen formatting elasticsearch responses for the frontend, the timelines\r\nsearch strategies will treat unmapped fields as type: keyword. If the\r\nunderlying field is actually an object, but is seen as a string in the\r\ncode, this for (key in source) loop will fail, as it's trying to loop\r\nover a string. Fix below should have minimal effect as the data is\r\naccessible at the further nested keys.\r\n\r\n\r\n\r\n### Checklist\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios","sha":"c6cb05996188ec7613d38f10de57dade356d12f7","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Threat Hunting:Investigations","backport:prev-major"],"title":"[Security Solution] Fix an error with nested fields being treated as keyword","number":201473,"url":"https://github.com/elastic/kibana/pull/201473","mergeCommit":{"message":"[Security Solution] Fix an error with nested fields being treated as keyword (#201473)\n\n## Summary\r\nWhen formatting elasticsearch responses for the frontend, the timelines\r\nsearch strategies will treat unmapped fields as type: keyword. If the\r\nunderlying field is actually an object, but is seen as a string in the\r\ncode, this for (key in source) loop will fail, as it's trying to loop\r\nover a string. Fix below should have minimal effect as the data is\r\naccessible at the further nested keys.\r\n\r\n\r\n\r\n### Checklist\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios","sha":"c6cb05996188ec7613d38f10de57dade356d12f7"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/201473","number":201473,"mergeCommit":{"message":"[Security Solution] Fix an error with nested fields being treated as keyword (#201473)\n\n## Summary\r\nWhen formatting elasticsearch responses for the frontend, the timelines\r\nsearch strategies will treat unmapped fields as type: keyword. If the\r\nunderlying field is actually an object, but is seen as a string in the\r\ncode, this for (key in source) loop will fail, as it's trying to loop\r\nover a string. Fix below should have minimal effect as the data is\r\naccessible at the further nested keys.\r\n\r\n\r\n\r\n### Checklist\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios","sha":"c6cb05996188ec7613d38f10de57dade356d12f7"}}]}] BACKPORT--> Co-authored-by: Kevin Qualters <[email protected]>
…ed as keyword (#201473) (#201484) # Backport This will backport the following commits from `main` to `8.x`: - [[Security Solution] Fix an error with nested fields being treated as keyword (#201473)](#201473) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Kevin Qualters","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-11-23T00:11:12Z","message":"[Security Solution] Fix an error with nested fields being treated as keyword (#201473)\n\n## Summary\r\nWhen formatting elasticsearch responses for the frontend, the timelines\r\nsearch strategies will treat unmapped fields as type: keyword. If the\r\nunderlying field is actually an object, but is seen as a string in the\r\ncode, this for (key in source) loop will fail, as it's trying to loop\r\nover a string. Fix below should have minimal effect as the data is\r\naccessible at the further nested keys.\r\n\r\n\r\n\r\n### Checklist\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios","sha":"c6cb05996188ec7613d38f10de57dade356d12f7","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Threat Hunting:Investigations","backport:prev-major"],"title":"[Security Solution] Fix an error with nested fields being treated as keyword","number":201473,"url":"https://github.com/elastic/kibana/pull/201473","mergeCommit":{"message":"[Security Solution] Fix an error with nested fields being treated as keyword (#201473)\n\n## Summary\r\nWhen formatting elasticsearch responses for the frontend, the timelines\r\nsearch strategies will treat unmapped fields as type: keyword. If the\r\nunderlying field is actually an object, but is seen as a string in the\r\ncode, this for (key in source) loop will fail, as it's trying to loop\r\nover a string. Fix below should have minimal effect as the data is\r\naccessible at the further nested keys.\r\n\r\n\r\n\r\n### Checklist\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios","sha":"c6cb05996188ec7613d38f10de57dade356d12f7"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/201473","number":201473,"mergeCommit":{"message":"[Security Solution] Fix an error with nested fields being treated as keyword (#201473)\n\n## Summary\r\nWhen formatting elasticsearch responses for the frontend, the timelines\r\nsearch strategies will treat unmapped fields as type: keyword. If the\r\nunderlying field is actually an object, but is seen as a string in the\r\ncode, this for (key in source) loop will fail, as it's trying to loop\r\nover a string. Fix below should have minimal effect as the data is\r\naccessible at the further nested keys.\r\n\r\n\r\n\r\n### Checklist\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios","sha":"c6cb05996188ec7613d38f10de57dade356d12f7"}}]}] BACKPORT--> Co-authored-by: Kevin Qualters <[email protected]>
…keyword (elastic#201473) ## Summary When formatting elasticsearch responses for the frontend, the timelines search strategies will treat unmapped fields as type: keyword. If the underlying field is actually an object, but is seen as a string in the code, this for (key in source) loop will fail, as it's trying to loop over a string. Fix below should have minimal effect as the data is accessible at the further nested keys. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
…keyword (elastic#201473) ## Summary When formatting elasticsearch responses for the frontend, the timelines search strategies will treat unmapped fields as type: keyword. If the underlying field is actually an object, but is seen as a string in the code, this for (key in source) loop will fail, as it's trying to loop over a string. Fix below should have minimal effect as the data is accessible at the further nested keys. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
Summary
When formatting elasticsearch responses for the frontend, the timelines search strategies will treat unmapped fields as type: keyword. If the underlying field is actually an object, but is seen as a string in the code, this for (key in source) loop will fail, as it's trying to loop over a string. Fix below should have minimal effect as the data is accessible at the further nested keys.
Checklist