Skip to content

[8.19] [One Discover] Prevent search highlighting markup in logs overview field action filters (#227652)#229288

Merged
rStelmach merged 5 commits intoelastic:8.19from
kibanamachine:backport/8.19/pr-227652
Jul 25, 2025
Merged

[8.19] [One Discover] Prevent search highlighting markup in logs overview field action filters (#227652)#229288
rStelmach merged 5 commits intoelastic:8.19from
kibanamachine:backport/8.19/pr-227652

Conversation

@kibanamachine
Copy link
Contributor

@kibanamachine kibanamachine commented Jul 24, 2025

Backport

This will backport the following commits from main to 8.19:

Questions ?

Please refer to the Backport tool documentation
@rStelmach
[One Discover] Prevent search highlighting markup in logs overview fi…
e1eb042 
…eld action filters (elastic#227652)

closes : elastic#226375
## Summary 📚
Fixes an issue where HTML search highlighting markup (`<mark>` tags) was
incorrectly carried over into filter values when using field actions
"Filter for value" in the logs overview tab.

### Problem 🐛
When searching in Discover and using field actions in the logs overview
tab's content breakdown section, the generated filters would contain
HTML markup instead of clean field values.
The logs overview components were using the formatted/highlighted field
values (which contain ` <mark> ` tags for visual highlighting) directly
in field actions, instead of accessing the original, clean field values
from the raw document.

### Solution
Instead of trying to strip HTML markup (which could accidentally remove
legitimate HTML content from log messages), this fix implements a
cleaner approach which is passing raw document data.

## Demo 🎥

https://github.com/user-attachments/assets/286db889-e54b-4026-b5bc-0e3ca9e1ea58

## How to test 🔬

- Ingest log data (e.g by using Synthtrace node scripts/synthtrace.js
simple_logs)
- Write a search query that matches part or all of the message
- Open the doc flyout and use an action for the message field

## Open discussion 🗣️
This solution is also handling an edge case when a message can contain
`<mark>` html element and that's why we are passing raw doc message.
If that is too much we can just use regex to filter out `<mark>` html
markups caused by our highlighting. LMK

(cherry picked from commit d94e367)
@kibanamachine kibanamachine added the backport This PR is a backport of another PR label Jul 24, 2025
@kibanamachine kibanamachine enabled auto-merge (squash) July 24, 2025 10:42
@kibanamachine kibanamachine mentioned this pull request Jul 24, 2025
Merged
@rStelmach rStelmach disabled auto-merge July 24, 2025 12:19
@elasticmachine
Copy link
Contributor

elasticmachine commented Jul 24, 2025
edited
Loading

💔 Build Failed

Failed CI Steps

Test Failures

  • [job] [logs] FTR Configs #82 / Cloud Security Posture Agentless cloud should create agentless-agent
  • [job] [logs] FTR Configs #82 / Cloud Security Posture Agentless cloud should create agentless-agent
  • [job] [logs] FTR Configs #36 / Cloud Security Posture Test adding Cloud Security Posture Integrations CNVM CNVM AWS Hyperlink on PostInstallation Modal should have the correct URL
  • [job] [logs] FTR Configs #36 / Cloud Security Posture Test adding Cloud Security Posture Integrations CSPM AWS CIS_AWS Single Manual Shared Access CIS_AWS Single Manual Shared Access Workflow

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
unifiedDocViewer 238.7KB 238.8KB +105.0B

History

cc @rStelmach
@rStelmach rStelmach merged commit 4004e85 into elastic:8.19 Jul 25, 2025
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

backport This PR is a backport of another PR

3 participants

@kibanamachine @elasticmachine @rStelmach