Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security Cases Alerts table fails with pagination on 100 Alerts #144619

Closed
EricDavisX opened this issue Nov 4, 2022 · 1 comment
Closed

Security Cases Alerts table fails with pagination on 100 Alerts #144619

EricDavisX opened this issue Nov 4, 2022 · 1 comment
Assignees
@XavierM
Labels
bug Fixes for quality problems that affect the customer experience Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams)

Comments

@EricDavisX
Copy link
Contributor

EricDavisX commented Nov 4, 2022
edited
Loading

Kibana version: 8.6.0-snapshot, kibana commit: 3f62042
Update: Bug was confirmed as still reproducible in 8.5.0 GA on cloud-prod .

Original install method (e.g. download page, yum, from source, etc.):
Tested on cloud-deploy to staging

Describe the bug:
If you browse to a security case that has 100 alerts attached and view the alerts table and change pagination to 100 the calls timeout and the ui shows strange grey bars for the 100 alert rows

Steps to reproduce:

  1. create a security case
  2. create one or more security rules and trigger 100 alerts from them
  3. attach the alerts to the security case, and browse to the Alerts table
  4. select '50' alerts pagination, this works. select 100 and the UI hangs, and repeated /internal/bsearch?compress=true calls are made

Expected behavior:
ui renders the 100 alerts

Screenshots (if relevant):
100-alerts-pagination-in-security-case

and if you click the arrows-expand icon while the UI is hung, it blows up, as seen:
dont-click-or-see-these-errors

Errors in browser console (if relevant):
the UI keeps calling /internal/besearch?compress=true with payload like the below:
bsearch-internal-calls

example payload:
payload.txt

Any additional context:

  • it works with 75 alerts attached to the case and viewing all of them, and is quite quick - so it doesn't 'feel' like purely a load problem with getting 100 alerts versus the sl;ightly smaller 75
  • testing this with the env-bootstrap 'rac100' call is helpful, it creates all the rules and alerts, you just need to bulk enable them to create the alerts
@EricDavisX EricDavisX added bug Fixes for quality problems that affect the customer experience Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) labels Nov 4, 2022
@elasticmachine
Copy link
Contributor

Pinging @elastic/response-ops (Team:ResponseOps)

@XavierM XavierM self-assigned this Nov 14, 2022
@XavierM XavierM mentioned this issue Nov 18, 2022
Merged
1 task
XavierM added a commit that referenced this issue Nov 21, 2022
@XavierM @kibanamachine
[RAM] need to return the async id to avoid new request (#145731)
58a3747 
## Summary

Fix: #129219 &
#144619


### Checklist

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
kibanamachine pushed a commit to kibanamachine/kibana that referenced this issue Nov 21, 2022
@XavierM
[RAM] need to return the async id to avoid new request (elastic#145731)
0fee068 
## Summary

Fix: elastic#129219 &
elastic#144619

### Checklist

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
(cherry picked from commit 58a3747)
kibanamachine added a commit that referenced this issue Nov 21, 2022
@kibanamachine @XavierM
[8.6] [RAM] need to return the async id to avoid new request (#145731) (
33fe536 
#145930)

# Backport

This will backport the following commits from `main` to `8.6`:
- [[RAM] need to return the async id to avoid new request
(#145731)](#145731)

<!--- Backport version: 8.9.7 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Xavier
Mouligneau","email":"xavier.mouligneau@elastic.co"},"sourceCommit":{"committedDate":"2022-11-21T20:02:06Z","message":"[RAM]
need to return the async id to avoid new request (#145731)\n\n##
Summary\r\n\r\nFix: #129219
&\r\nhttps://github.com//issues/144619\r\n\r\n\r\n###
Checklist\r\n\r\n- [x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common
scenarios\r\n\r\nCo-authored-by: Kibana Machine
<42973632+kibanamachine@users.noreply.github.com>","sha":"58a374799b41108929527a239bae68b3ac7cc346","branchLabelMapping":{"^v8.7.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:skip","impact:high","Team:ResponseOps","ci:cloud-deploy","ci:cloud-redeploy","v8.6.0","v8.7.0"],"number":145731,"url":"https://github.com/elastic/kibana/pull/145731","mergeCommit":{"message":"[RAM]
need to return the async id to avoid new request (#145731)\n\n##
Summary\r\n\r\nFix: #129219
&\r\nhttps://github.com//issues/144619\r\n\r\n\r\n###
Checklist\r\n\r\n- [x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common
scenarios\r\n\r\nCo-authored-by: Kibana Machine
<42973632+kibanamachine@users.noreply.github.com>","sha":"58a374799b41108929527a239bae68b3ac7cc346"}},"sourceBranch":"main","suggestedTargetBranches":["8.6"],"targetPullRequestStates":[{"branch":"8.6","label":"v8.6.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.7.0","labelRegex":"^v8.7.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/145731","number":145731,"mergeCommit":{"message":"[RAM]
need to return the async id to avoid new request (#145731)\n\n##
Summary\r\n\r\nFix: #129219
&\r\nhttps://github.com//issues/144619\r\n\r\n\r\n###
Checklist\r\n\r\n- [x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common
scenarios\r\n\r\nCo-authored-by: Kibana Machine
<42973632+kibanamachine@users.noreply.github.com>","sha":"58a374799b41108929527a239bae68b3ac7cc346"}}]}]
BACKPORT-->

Co-authored-by: Xavier Mouligneau <xavier.mouligneau@elastic.co>
@XavierM XavierM closed this as completed Dec 5, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@XavierM XavierM

Labels
bug Fixes for quality problems that affect the customer experience Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams)
Projects
No open projects
AppEx: ResponseOps - Rules & Alerts Management
Status: Done
Milestone
No milestone
Development

No branches or pull requests
3 participants
@XavierM @EricDavisX @elasticmachine