Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[8.5] [Security Solution][Bug fix] alerts table over 10k results (#145441) #145481

Merged
merged 1 commit into from
Nov 17, 2022
Merged

[8.5] [Security Solution][Bug fix] alerts table over 10k results (#145441) #145481

merged 1 commit into from
Nov 17, 2022

Conversation

kibanamachine
Copy link
Contributor

Backport

This will backport the following commits from main to 8.5:

Questions ?

Please refer to the Backport tool documentation

@christineweng
[Security Solution][Bug fix] alerts table over 10k results (elastic#1…
39ea497 
…45441)

This PR aims to address:
- elastic#142965

### Background
On Alerts page -> Events table -> Event Rendered view, when there are
over 10,000 alerts, upon clicking the last page, a warning message
appears.

<img width="800" alt="image"
src="https://user-images.githubusercontent.com/18648970/202265598-5d9d657c-4918-408e-9f92-bcaafc904757.png">

The pop up is expected behavior according to documentation from:
https://www.elastic.co/guide/en/elasticsearch/reference/current/paginate-search-results.html
.

> By default, you cannot use from and size to page through more than
10,000 hits. This limit is a safeguard set by the
[index.max_result_window](https://www.elastic.co/guide/en/elasticsearch/reference/current/index-modules.html#index-max-result-window)
index setting.

### After
Currently the Grid view has a safeguard in place, where if there are
more than 10k results, it will not show the last page, hence preventing
user from clicking it and seeing the error pop up.
- This PR applies the same approach by wrapping the `EventRenderView`
component with the `EuiDataGridContainer`.
- This PR also renamed `EuiDataGridContainer` to
`EuiEventTableContainer` to indicate broader use.

When there are over 10k records, last page is not available in
pagination, and it is the same in Event Rendered View as in Grid view:

https://user-images.githubusercontent.com/18648970/202271379-309cbb3c-5da6-4c46-9814-beeca39d1f36.mov
(cherry picked from commit 3c77ec0)
@kibanamachine kibanamachine enabled auto-merge (squash) November 16, 2022 23:43
@kibanamachine kibanamachine mentioned this pull request Nov 16, 2022
Merged
@kibanamachine kibanamachine merged commit c1818d3 into elastic:8.5 Nov 17, 2022
@kibana-ci
Copy link
Collaborator

💛 Build succeeded, but was flaky

Failed CI Steps

Test Failures

  • [job] [logs] Security Solution Tests #2 / Alerts detection rules table auto-refresh should disable auto refresh when any rule selected and enable it after rules unselected

Metrics [docs]

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
timelines 268.7KB 268.8KB +46.0B

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @christineweng

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@christineweng christineweng

Labels
backport
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kibanamachine @kibana-ci @christineweng