[Cases] Expand search in all cases page#245321
Conversation
christineweng
force-pushed
the
cases-all-cases-search
branch
from
3ba0777 to
0a92c39
Compare
christineweng
added
release_note:enhancement
backport:skip
|
Pinging @elastic/kibana-cases (Team:Cases) |
christineweng
added
ci:cloud-deploy
christineweng
force-pushed
the
cases-all-cases-search
branch
2 times, most recently
from
25b5e23 to
5d04809
Compare
christineweng
force-pushed
the
cases-all-cases-search
branch
from
ad95ba9 to
2c1691f
Compare
x-pack/platform/plugins/shared/cases/server/services/cases/index.ts
Outdated
Show resolved
Hide resolved
| }, new Map<string, Case>()); | ||
|
|
||
| // TODO: imported cases do not have populate stats when importing | ||
| // Remove once https://github.com/elastic/kibana/issues/245939 is fixed |
There was a problem hiding this comment.
I have added this to our next iteration so that we can try to add this during bug fixing before the next release
There was a problem hiding this comment.
@christineweng I was looking more into this and I think we should do this differently. Here are some things I observed:
- When I imported a case, it did contain the correct stats, so it's not clear to me how to reproduce these.
- The call to
attachmentService.getter.getCaseAttatchmentStatsis happening for all cases in the result set, even for the ones that have the correct stats. We should filter out the ones that have the correct stats, to make this query faster. To me it seems like an edge-case that there are imported cases. The stats query can become quite expensive for large sets of cases with lots of attachments.
There was a problem hiding this comment.
When I imported a case, it did contain the correct stats, so it's not clear to me how to reproduce these.
Was it a recent case? I imported a 8.1 case and the stats are -1s. Maybe it just happens to cases without stat fields at the time
There was a problem hiding this comment.
It was a recent case, might be different for old cases.
christineweng
force-pushed
the
cases-all-cases-search
branch
from
fb487cb to
2c5b5e6
Compare
| owner: ['cases'], | ||
| }); | ||
| await find(findRequest, clientArgs, casesClientMock); | ||
| await expect(clientArgs.services.caseService.findCasesGroupedByID).toHaveBeenCalled(); |
There was a problem hiding this comment.
For all of these, I think it would be worth it to confirm the expected fields passed to the mockFindRequest are actually used in the call. Similar to what you did on lines 101 and 102 here
| const traverse = (ast: KueryNode): void => { | ||
| // Handle literal nodes with string values (field paths) | ||
| if (ast.type === 'literal' && typeof ast.value === 'string') { | ||
| ast.value = ast.value.replace(/\.attributes\./g, '.'); |
There was a problem hiding this comment.
Will we need to have attributes as a protected keyword in the custom fields work, or does this only target the top level attributes field? Fyi @lgestc?
x-pack/platform/plugins/shared/cases/server/services/cases/index.ts
Outdated
Show resolved
Hide resolved
x-pack/platform/plugins/shared/cases/server/services/cases/index.ts
Outdated
Show resolved
Hide resolved
|
|
||
| expect(stringifyUrlParams(urlParams)).toMatchInlineSnapshot( | ||
| `"cases=(assignees:!(),category:!(),customFields:(my_field:!(foo,bar)),from:now-30d,owner:!(),page:1,perPage:10,reporters:!(),search:'',searchFields:!(title,description,incremental_id.text),severity:!(),sortField:createdAt,sortOrder:desc,status:!(),tags:!(),to:now)"` | ||
| `"cases=(assignees:!(),category:!(),customFields:(my_field:!(foo,bar)),from:now-30d,owner:!(),page:1,perPage:10,reporters:!(),search:'',searchFields:!(cases.title,cases.description,cases.incremental_id.text,cases.observables.value,cases.customFields.value,cases-comments.comment,cases-comments.alertId,cases-comments.eventId),severity:!(),sortField:createdAt,sortOrder:desc,status:!(),tags:!(),to:now)"` |
There was a problem hiding this comment.
Thinking about this, we won't hit it soon, but this is going to get pretty wild the more attachment types we add and are searchable 🤔. There should be a better way of tracking this. Will add a research ticket to our backlog
There was a problem hiding this comment.
I think it's just how this test was written. We only support a subset of filters in the url, searchFields is not included.
x-pack/platform/plugins/shared/cases/server/services/cases/transform.ts
Outdated
Show resolved
Hide resolved
|
A generic note, we'll need to inform customers on how they can search. You really can't use regex to search since the comment fields are mapped as type
|
christineweng
force-pushed
the
cases-all-cases-search
branch
from
0f5adb5 to
d7362b5
Compare
⏳ Build in-progress
History
|
christineweng
removed
ci:cloud-deploy
## Summary This PR introduce new SO search method in cases and added support of nested fields and attachment search in all cases search bar - Added `searchCases` to use the new SO search api - Expanded search in all cases to allow searching cases via: - alert id - event id - comment - observable value - custom field value [Architecture changes document ](https://docs.google.com/document/d/1ry_HSwhudKhuPDlE-7m1Y5FoivkvGBO8y-2dJpbSi4M/edit?usp=sharing) ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [x] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
8 participants
Summary
This PR introduce new SO search method in cases and added support of nested fields and attachment search in all cases search bar
searchCasesto use the new SO search apiArchitecture changes document
Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
release_note:breakinglabel should be applied in these situations.release_note:*label is applied per the guidelinesbackport:*labels.