From f9f8562a539335d58b8a730ff46dacdcfc5b01a4 Mon Sep 17 00:00:00 2001 From: Frank Hassanabad Date: Wed, 10 Feb 2021 21:27:33 -0700 Subject: [PATCH] Fixes track_total_hits in the body not having an effect when using search strategy (#91068) ## Summary Moves `track_total_hits` from body messages of our queries into the params section of our queries. Several of our `track_total_hits: false` were not taking effect and instead were being set to `track_total_hits: true` when being executed within the Kibana search strategy vs. previously when they were regular Elasticsearch queries and always took effect. When teams port over their searches to the search strategies provided by Kibana, they are required to move any and all `track_total_hits` from their `body` sections of their code into the `params` part of their code. The reason for this is that the search strategy maintains a backwards compatibility with earlier versions of searches before Elasticsearch introduced the `track_total_hits`. However, the code does not detect if you put the `track_total_hits` in your body, it only checks the params section and forces it to `true` if it is not found in the params section. If the search strategy does not see a `track_total_hits` within the params section of the query, it will force add one and that one will override any within the body of the query. For example, if you had a `track_total_hits` in your body and not in the params section, then search strategy would execute the query like so: ```ts GET someindex-*/_search?track_total_hits=true { // some query here "track_total_hits": false } ``` The forced parameter of `?track_total_hits=true` overrides the `track_total_hits: false` within the body of your query regardless of what the `track_total_hits` is set to and you always get the true. This bug has existed since 7.10.0 when we ported over queries to search strategy. You can see the code which sets this parameter if you do not here for master, 7.11, 7.10: https://github.com/elastic/kibana/blob/master/src/plugins/data/server/search/es_search/request_utils.ts#L31 https://github.com/elastic/kibana/blob/7.11/src/plugins/data/server/search/es_search/request_utils.ts#L31 https://github.com/elastic/kibana/blob/7.10/src/plugins/data/server/search/es_search/get_default_search_params.ts#L42 Comments about the behavior from 7.10: https://github.com/elastic/kibana/pull/75728#pullrequestreview-479367296 When running this code you can open dev tools and inspect the data and now notice when the total hits does not get set vs. before when it was getting set: before fix where total shows up for queries with `track_total_hits` in the body: event_view_before after fix where total no longer shows up for queries with `track_total_hits` moved to the params section: event_view_after ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --- .../server/lib/hosts/query.detail_host.dsl.ts | 2 +- .../server/lib/hosts/query.hosts.dsl.ts | 2 +- .../server/lib/hosts/query.last_first_seen_host.dsl.ts | 2 +- .../factory/hosts/all/__mocks__/index.ts | 4 ++-- .../factory/hosts/all/query.all_hosts.dsl.ts | 2 +- .../factory/hosts/details/__mocks__/index.ts | 4 ++-- .../factory/hosts/details/query.host_details.dsl.ts | 2 +- .../query.hosts_kpi_authentications.dsl.ts | 2 +- .../hosts/kpi/hosts/query.hosts_kpi_hosts.dsl.ts | 2 +- .../kpi/unique_ips/query.hosts_kpi_unique_ips.dsl.ts | 2 +- .../factory/hosts/last_first_seen/__mocks__/index.ts | 4 ++-- .../last_first_seen/query.last_first_seen_host.dsl.ts | 2 +- .../factory/hosts/overview/__mocks__/index.ts | 4 ++-- .../factory/hosts/overview/query.overview_host.dsl.ts | 2 +- .../factory/matrix_histogram/__mocks__/index.ts | 10 +++++----- .../factory/matrix_histogram/alerts/__mocks__/index.ts | 2 +- .../alerts/query.alerts_histogram.dsl.ts | 2 +- .../matrix_histogram/anomalies/__mocks__/index.ts | 2 +- .../anomalies/query.anomalies_histogram.dsl.ts | 2 +- .../authentications/__mocks__/index.ts | 2 +- .../query.authentications_histogram.dsl.ts | 2 +- .../factory/matrix_histogram/events/__mocks__/index.ts | 6 +++--- .../events/query.events_histogram.dsl.ts | 2 +- .../factory/network/details/__mocks__/index.ts | 4 ++-- .../network/details/query.details_network.dsl.ts | 2 +- .../network/kpi/dns/query.network_kpi_dns.dsl.ts | 2 +- .../query.network_kpi_network_events.dsl.ts | 2 +- .../query.network_kpi_tls_handshakes.dsl.ts | 2 +- .../unique_flows/query.network_kpi_unique_flows.dsl.ts | 2 +- .../query.network_kpi_unique_private_ips.dsl.ts | 2 +- .../factory/network/overview/__mocks__/index.ts | 2 +- .../network/overview/query.overview_network.dsl.ts | 2 +- .../factory/network/tls/__mocks__/index.ts | 4 ++-- .../factory/network/tls/query.tls_network.dsl.ts | 2 +- .../factory/network/users/__mocks__/index.ts | 4 ++-- .../factory/network/users/query.users_network.dsl.ts | 2 +- .../query.events_last_event_time.dsl.ts | 6 +++--- 37 files changed, 52 insertions(+), 52 deletions(-) diff --git a/x-pack/plugins/security_solution/server/lib/hosts/query.detail_host.dsl.ts b/x-pack/plugins/security_solution/server/lib/hosts/query.detail_host.dsl.ts index 2c1c39259aae38..4dd5a86e46bf61 100644 --- a/x-pack/plugins/security_solution/server/lib/hosts/query.detail_host.dsl.ts +++ b/x-pack/plugins/security_solution/server/lib/hosts/query.detail_host.dsl.ts @@ -39,13 +39,13 @@ export const buildHostOverviewQuery = ({ allowNoIndices: true, index: defaultIndex, ignoreUnavailable: true, + track_total_hits: false, body: { aggregations: { ...buildFieldsTermAggregation(esFields.filter((field) => !['@timestamp'].includes(field))), }, query: { bool: { filter } }, size: 0, - track_total_hits: false, }, }; diff --git a/x-pack/plugins/security_solution/server/lib/hosts/query.hosts.dsl.ts b/x-pack/plugins/security_solution/server/lib/hosts/query.hosts.dsl.ts index d83b4c9f9fd80f..16c53aa6a85eba 100644 --- a/x-pack/plugins/security_solution/server/lib/hosts/query.hosts.dsl.ts +++ b/x-pack/plugins/security_solution/server/lib/hosts/query.hosts.dsl.ts @@ -44,6 +44,7 @@ export const buildHostsQuery = ({ allowNoIndices: true, index: defaultIndex, ignoreUnavailable: true, + track_total_hits: false, body: { ...(!isEmpty(docValueFields) ? { docvalue_fields: docValueFields } : {}), aggregations: { @@ -72,7 +73,6 @@ export const buildHostsQuery = ({ }, query: { bool: { filter } }, size: 0, - track_total_hits: false, }, }; diff --git a/x-pack/plugins/security_solution/server/lib/hosts/query.last_first_seen_host.dsl.ts b/x-pack/plugins/security_solution/server/lib/hosts/query.last_first_seen_host.dsl.ts index e7e9ec48fc5344..a047be8ed26745 100644 --- a/x-pack/plugins/security_solution/server/lib/hosts/query.last_first_seen_host.dsl.ts +++ b/x-pack/plugins/security_solution/server/lib/hosts/query.last_first_seen_host.dsl.ts @@ -19,6 +19,7 @@ export const buildLastFirstSeenHostQuery = ({ allowNoIndices: true, index: defaultIndex, ignoreUnavailable: true, + track_total_hits: false, body: { ...(!isEmpty(docValueFields) ? { docvalue_fields: docValueFields } : {}), aggregations: { @@ -27,7 +28,6 @@ export const buildLastFirstSeenHostQuery = ({ }, query: { bool: { filter } }, size: 0, - track_total_hits: false, }, }; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/all/__mocks__/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/all/__mocks__/index.ts index 96082ee1b4be81..b6a5435a0e0461 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/all/__mocks__/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/all/__mocks__/index.ts @@ -621,6 +621,7 @@ export const formattedSearchStrategyResponse = { 'winlogbeat-*', ], ignoreUnavailable: true, + track_total_hits: false, body: { docvalue_fields: mockOptions.docValueFields, aggregations: { @@ -656,7 +657,6 @@ export const formattedSearchStrategyResponse = { }, }, size: 0, - track_total_hits: false, }, }, null, @@ -782,6 +782,7 @@ export const mockBuckets: HostAggEsItem = { export const expectedDsl = { allowNoIndices: true, + track_total_hits: false, body: { aggregations: { host_count: { cardinality: { field: 'host.name' } }, @@ -817,7 +818,6 @@ export const expectedDsl = { }, docvalue_fields: mockOptions.docValueFields, size: 0, - track_total_hits: false, }, ignoreUnavailable: true, index: [ diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/all/query.all_hosts.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/all/query.all_hosts.dsl.ts index 5196eaa2574441..08c97117949784 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/all/query.all_hosts.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/all/query.all_hosts.dsl.ts @@ -43,6 +43,7 @@ export const buildHostsQuery = ({ allowNoIndices: true, index: defaultIndex, ignoreUnavailable: true, + track_total_hits: false, body: { ...(!isEmpty(docValueFields) ? { docvalue_fields: docValueFields } : {}), aggregations: { @@ -71,7 +72,6 @@ export const buildHostsQuery = ({ }, query: { bool: { filter } }, size: 0, - track_total_hits: false, }, }; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/__mocks__/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/__mocks__/index.ts index 9c3380191507c2..7561682e070fc5 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/__mocks__/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/__mocks__/index.ts @@ -1311,6 +1311,7 @@ export const formattedSearchStrategyResponse = { 'winlogbeat-*', ], ignoreUnavailable: true, + track_total_hits: false, body: { aggregations: { host_architecture: { @@ -1387,7 +1388,6 @@ export const formattedSearchStrategyResponse = { }, }, size: 0, - track_total_hits: false, }, }, null, @@ -1410,6 +1410,7 @@ export const expectedDsl = { 'winlogbeat-*', ], ignoreUnavailable: true, + track_total_hits: false, body: { aggregations: { host_architecture: { @@ -1645,6 +1646,5 @@ export const expectedDsl = { }, }, size: 0, - track_total_hits: false, }, }; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/query.host_details.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/query.host_details.dsl.ts index fa720825bb3f9b..f340e4d9056662 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/query.host_details.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/query.host_details.dsl.ts @@ -36,13 +36,13 @@ export const buildHostDetailsQuery = ({ allowNoIndices: true, index: defaultIndex, ignoreUnavailable: true, + track_total_hits: false, body: { aggregations: { ...buildFieldsTermAggregation(esFields.filter((field) => !['@timestamp'].includes(field))), }, query: { bool: { filter } }, size: 0, - track_total_hits: false, }, }; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/kpi/authentications/query.hosts_kpi_authentications.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/kpi/authentications/query.hosts_kpi_authentications.dsl.ts index 455eeed5ba80f2..a5c82688e01ba2 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/kpi/authentications/query.hosts_kpi_authentications.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/kpi/authentications/query.hosts_kpi_authentications.dsl.ts @@ -41,6 +41,7 @@ export const buildHostsKpiAuthenticationsQuery = ({ index: defaultIndex, allowNoIndices: true, ignoreUnavailable: true, + track_total_hits: false, body: { aggs: { authentication_success: { @@ -94,7 +95,6 @@ export const buildHostsKpiAuthenticationsQuery = ({ }, }, size: 0, - track_total_hits: false, }, }; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/kpi/hosts/query.hosts_kpi_hosts.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/kpi/hosts/query.hosts_kpi_hosts.dsl.ts index 21e862e3858d05..0e0cbd8a2649d0 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/kpi/hosts/query.hosts_kpi_hosts.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/kpi/hosts/query.hosts_kpi_hosts.dsl.ts @@ -30,6 +30,7 @@ export const buildHostsKpiHostsQuery = ({ index: defaultIndex, allowNoIndices: true, ignoreUnavailable: true, + track_total_hits: false, body: { aggregations: { hosts: { @@ -57,7 +58,6 @@ export const buildHostsKpiHostsQuery = ({ }, }, size: 0, - track_total_hits: false, }, }; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/kpi/unique_ips/query.hosts_kpi_unique_ips.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/kpi/unique_ips/query.hosts_kpi_unique_ips.dsl.ts index 815a2644355eb1..a702982ab8253d 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/kpi/unique_ips/query.hosts_kpi_unique_ips.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/kpi/unique_ips/query.hosts_kpi_unique_ips.dsl.ts @@ -30,6 +30,7 @@ export const buildHostsKpiUniqueIpsQuery = ({ index: defaultIndex, allowNoIndices: true, ignoreUnavailable: true, + track_total_hits: false, body: { aggregations: { unique_source_ips: { @@ -75,7 +76,6 @@ export const buildHostsKpiUniqueIpsQuery = ({ }, }, size: 0, - track_total_hits: false, }, }; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/last_first_seen/__mocks__/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/last_first_seen/__mocks__/index.ts index b43727e977a126..0cad31bffb2a19 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/last_first_seen/__mocks__/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/last_first_seen/__mocks__/index.ts @@ -69,6 +69,7 @@ export const formattedSearchStrategyResponse = { 'winlogbeat-*', ], ignoreUnavailable: true, + track_total_hits: false, body: { aggregations: { firstSeen: { min: { field: '@timestamp' } }, @@ -76,7 +77,6 @@ export const formattedSearchStrategyResponse = { }, query: { bool: { filter: [{ term: { 'host.name': 'siem-kibana' } }] } }, size: 0, - track_total_hits: false, }, }, null, @@ -100,6 +100,7 @@ export const expectedDsl = { 'winlogbeat-*', ], ignoreUnavailable: true, + track_total_hits: false, body: { aggregations: { firstSeen: { min: { field: '@timestamp' } }, @@ -107,6 +108,5 @@ export const expectedDsl = { }, query: { bool: { filter: [{ term: { 'host.name': 'siem-kibana' } }] } }, size: 0, - track_total_hits: false, }, }; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/last_first_seen/query.last_first_seen_host.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/last_first_seen/query.last_first_seen_host.dsl.ts index f14727f94b30a7..d601a5905dd6e2 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/last_first_seen/query.last_first_seen_host.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/last_first_seen/query.last_first_seen_host.dsl.ts @@ -20,6 +20,7 @@ export const buildFirstLastSeenHostQuery = ({ allowNoIndices: true, index: defaultIndex, ignoreUnavailable: true, + track_total_hits: false, body: { ...(!isEmpty(docValueFields) ? { docvalue_fields: docValueFields } : {}), aggregations: { @@ -28,7 +29,6 @@ export const buildFirstLastSeenHostQuery = ({ }, query: { bool: { filter } }, size: 0, - track_total_hits: false, }, }; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/overview/__mocks__/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/overview/__mocks__/index.ts index 1105914fa5d7fc..987754420430d6 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/overview/__mocks__/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/overview/__mocks__/index.ts @@ -127,6 +127,7 @@ export const formattedSearchStrategyResponse = { 'winlogbeat-*', ], ignoreUnavailable: true, + track_total_hits: false, body: { aggregations: { auditd_count: { filter: { term: { 'event.module': 'auditd' } } }, @@ -299,7 +300,6 @@ export const formattedSearchStrategyResponse = { }, }, size: 0, - track_total_hits: false, }, }, null, @@ -339,6 +339,7 @@ export const expectedDsl = { 'winlogbeat-*', ], ignoreUnavailable: true, + track_total_hits: false, body: { aggregations: { auditd_count: { filter: { term: { 'event.module': 'auditd' } } }, @@ -511,6 +512,5 @@ export const expectedDsl = { }, }, size: 0, - track_total_hits: false, }, }; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/overview/query.overview_host.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/overview/query.overview_host.dsl.ts index d7c9b2b25f35e6..2c237ab75bcbbe 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/overview/query.overview_host.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/overview/query.overview_host.dsl.ts @@ -31,6 +31,7 @@ export const buildOverviewHostQuery = ({ allowNoIndices: true, index: defaultIndex, ignoreUnavailable: true, + track_total_hits: false, body: { aggregations: { auditd_count: { @@ -289,7 +290,6 @@ export const buildOverviewHostQuery = ({ }, }, size: 0, - track_total_hits: false, }, }; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/__mocks__/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/__mocks__/index.ts index b43bd7e378fa65..07ae64bc63f19a 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/__mocks__/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/__mocks__/index.ts @@ -42,6 +42,7 @@ export const formattedAlertsSearchStrategyResponse: MatrixHistogramStrategyRespo ], allowNoIndices: true, ignoreUnavailable: true, + track_total_hits: true, body: { aggregations: { alertsGroup: { @@ -113,7 +114,6 @@ export const formattedAlertsSearchStrategyResponse: MatrixHistogramStrategyRespo }, }, size: 0, - track_total_hits: true, }, }, null, @@ -127,6 +127,7 @@ export const formattedAlertsSearchStrategyResponse: MatrixHistogramStrategyRespo export const expectedDsl = { allowNoIndices: true, + track_total_hits: false, body: { aggregations: { host_count: { cardinality: { field: 'host.name' } }, @@ -161,7 +162,6 @@ export const expectedDsl = { }, }, size: 0, - track_total_hits: false, }, ignoreUnavailable: true, index: [ @@ -208,6 +208,7 @@ export const formattedAnomaliesSearchStrategyResponse: MatrixHistogramStrategyRe ], allowNoIndices: true, ignoreUnavailable: true, + track_total_hits: true, body: { aggs: { anomalyActionGroup: { @@ -258,7 +259,6 @@ export const formattedAnomaliesSearchStrategyResponse: MatrixHistogramStrategyRe }, }, size: 0, - track_total_hits: true, }, }, null, @@ -390,6 +390,7 @@ export const formattedAuthenticationsSearchStrategyResponse: MatrixHistogramStra ], allowNoIndices: true, ignoreUnavailable: true, + track_total_hits: true, body: { aggregations: { eventActionGroup: { @@ -429,7 +430,6 @@ export const formattedAuthenticationsSearchStrategyResponse: MatrixHistogramStra }, }, size: 0, - track_total_hits: true, }, }, null, @@ -956,6 +956,7 @@ export const formattedEventsSearchStrategyResponse: MatrixHistogramStrategyRespo ], allowNoIndices: true, ignoreUnavailable: true, + track_total_hits: true, body: { aggregations: { eventActionGroup: { @@ -994,7 +995,6 @@ export const formattedEventsSearchStrategyResponse: MatrixHistogramStrategyRespo }, }, size: 0, - track_total_hits: true, }, }, null, diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/alerts/__mocks__/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/alerts/__mocks__/index.ts index 74b7e8b18028bc..86006c31554477 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/alerts/__mocks__/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/alerts/__mocks__/index.ts @@ -36,6 +36,7 @@ export const expectedDsl = { ], allowNoIndices: true, ignoreUnavailable: true, + track_total_hits: true, body: { aggregations: { alertsGroup: { @@ -104,6 +105,5 @@ export const expectedDsl = { }, }, size: 0, - track_total_hits: true, }, }; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/alerts/query.alerts_histogram.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/alerts/query.alerts_histogram.dsl.ts index 7dd867b19f284a..54ee066b64119b 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/alerts/query.alerts_histogram.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/alerts/query.alerts_histogram.dsl.ts @@ -85,6 +85,7 @@ export const buildAlertsHistogramQuery = ({ index: defaultIndex, allowNoIndices: true, ignoreUnavailable: true, + track_total_hits: true, body: { aggregations: getHistogramAggregation(), query: { @@ -93,7 +94,6 @@ export const buildAlertsHistogramQuery = ({ }, }, size: 0, - track_total_hits: true, }, }; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/anomalies/__mocks__/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/anomalies/__mocks__/index.ts index 561e2fb1f00585..81da78a132084a 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/anomalies/__mocks__/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/anomalies/__mocks__/index.ts @@ -36,6 +36,7 @@ export const expectedDsl = { ], allowNoIndices: true, ignoreUnavailable: true, + track_total_hits: true, body: { aggs: { anomalyActionGroup: { @@ -83,6 +84,5 @@ export const expectedDsl = { }, }, size: 0, - track_total_hits: true, }, }; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/anomalies/query.anomalies_histogram.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/anomalies/query.anomalies_histogram.dsl.ts index 34e5831b52b92f..78fc0a30d04778 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/anomalies/query.anomalies_histogram.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/anomalies/query.anomalies_histogram.dsl.ts @@ -66,6 +66,7 @@ export const buildAnomaliesHistogramQuery = ({ index: defaultIndex, allowNoIndices: true, ignoreUnavailable: true, + track_total_hits: true, body: { aggs: getHistogramAggregation(), query: { @@ -74,7 +75,6 @@ export const buildAnomaliesHistogramQuery = ({ }, }, size: 0, - track_total_hits: true, }, }; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/authentications/__mocks__/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/authentications/__mocks__/index.ts index 169f1569adc37f..5cf667a0085fa7 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/authentications/__mocks__/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/authentications/__mocks__/index.ts @@ -35,6 +35,7 @@ export const expectedDsl = { ], allowNoIndices: true, ignoreUnavailable: true, + track_total_hits: true, body: { aggregations: { eventActionGroup: { @@ -74,6 +75,5 @@ export const expectedDsl = { }, }, size: 0, - track_total_hits: true, }, }; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/authentications/query.authentications_histogram.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/authentications/query.authentications_histogram.dsl.ts index 4a208f2ab341e8..8661fff574b4a7 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/authentications/query.authentications_histogram.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/authentications/query.authentications_histogram.dsl.ts @@ -78,6 +78,7 @@ export const buildAuthenticationsHistogramQuery = ({ index: defaultIndex, allowNoIndices: true, ignoreUnavailable: true, + track_total_hits: true, body: { aggregations: getHistogramAggregation(), query: { @@ -86,7 +87,6 @@ export const buildAuthenticationsHistogramQuery = ({ }, }, size: 0, - track_total_hits: true, }, }; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/events/__mocks__/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/events/__mocks__/index.ts index 312c0d528f20ba..0bf1118835414a 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/events/__mocks__/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/events/__mocks__/index.ts @@ -40,6 +40,7 @@ export const expectedDsl = { ], allowNoIndices: true, ignoreUnavailable: true, + track_total_hits: true, body: { aggregations: { eventActionGroup: { @@ -78,7 +79,6 @@ export const expectedDsl = { }, }, size: 0, - track_total_hits: true, }, }; @@ -94,6 +94,7 @@ export const expectedThresholdDsl = { ], allowNoIndices: true, ignoreUnavailable: true, + track_total_hits: true, body: { aggregations: { eventActionGroup: { @@ -132,7 +133,6 @@ export const expectedThresholdDsl = { }, }, size: 0, - track_total_hits: true, }, }; @@ -148,6 +148,7 @@ export const expectedThresholdMissingFieldDsl = { ], allowNoIndices: true, ignoreUnavailable: true, + track_total_hits: true, body: { aggregations: { eventActionGroup: { @@ -187,6 +188,5 @@ export const expectedThresholdMissingFieldDsl = { }, }, size: 0, - track_total_hits: true, }, }; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/events/query.events_histogram.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/events/query.events_histogram.dsl.ts index aa1e1d47c87c6a..04b428f9de89e2 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/events/query.events_histogram.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/events/query.events_histogram.dsl.ts @@ -97,6 +97,7 @@ export const buildEventsHistogramQuery = ({ index: defaultIndex, allowNoIndices: true, ignoreUnavailable: true, + track_total_hits: true, body: { aggregations: getHistogramAggregation(), query: { @@ -105,7 +106,6 @@ export const buildEventsHistogramQuery = ({ }, }, size: 0, - track_total_hits: true, }, }; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/details/__mocks__/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/details/__mocks__/index.ts index 46d9c23321a8fc..1cea4c3eb63bcf 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/details/__mocks__/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/details/__mocks__/index.ts @@ -314,6 +314,7 @@ export const formattedSearchStrategyResponse = { 'winlogbeat-*', ], ignoreUnavailable: true, + track_total_hits: false, body: { docvalue_fields: mockOptions.docValueFields, aggs: { @@ -390,7 +391,6 @@ export const formattedSearchStrategyResponse = { }, query: { bool: { should: [] } }, size: 0, - track_total_hits: false, }, }, null, @@ -455,6 +455,7 @@ export const expectedDsl = { 'winlogbeat-*', ], ignoreUnavailable: true, + track_total_hits: false, body: { aggs: { source: { @@ -521,6 +522,5 @@ export const expectedDsl = { docvalue_fields: mockOptions.docValueFields, query: { bool: { should: [] } }, size: 0, - track_total_hits: false, }, }; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/details/query.details_network.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/details/query.details_network.dsl.ts index b20de12624db47..d1d0c44d9b61b0 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/details/query.details_network.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/details/query.details_network.dsl.ts @@ -106,6 +106,7 @@ export const buildNetworkDetailsQuery = ({ allowNoIndices: true, index: defaultIndex, ignoreUnavailable: true, + track_total_hits: false, body: { ...(!isEmpty(docValueFields) ? { docvalue_fields: docValueFields } : {}), aggs: { @@ -119,7 +120,6 @@ export const buildNetworkDetailsQuery = ({ }, }, size: 0, - track_total_hits: false, }, }; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/dns/query.network_kpi_dns.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/dns/query.network_kpi_dns.dsl.ts index 0c4379fa89fd8c..1d1aa50cc3ee2b 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/dns/query.network_kpi_dns.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/dns/query.network_kpi_dns.dsl.ts @@ -58,6 +58,7 @@ export const buildDnsQuery = ({ index: defaultIndex, allowNoIndices: true, ignoreUnavailable: true, + track_total_hits: true, body: { query: { bool: { @@ -65,7 +66,6 @@ export const buildDnsQuery = ({ }, }, size: 0, - track_total_hits: true, }, }; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/network_events/query.network_kpi_network_events.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/network_events/query.network_kpi_network_events.dsl.ts index 7222519bb0ac0d..3d5607c8b443a8 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/network_events/query.network_kpi_network_events.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/network_events/query.network_kpi_network_events.dsl.ts @@ -32,6 +32,7 @@ export const buildNetworkEventsQuery = ({ index: defaultIndex, allowNoIndices: true, ignoreUnavailable: true, + track_total_hits: true, body: { query: { bool: { @@ -39,7 +40,6 @@ export const buildNetworkEventsQuery = ({ }, }, size: 0, - track_total_hits: true, }, }; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/tls_handshakes/query.network_kpi_tls_handshakes.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/tls_handshakes/query.network_kpi_tls_handshakes.dsl.ts index d8d27a8ad7e35e..0a826938e95b86 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/tls_handshakes/query.network_kpi_tls_handshakes.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/tls_handshakes/query.network_kpi_tls_handshakes.dsl.ts @@ -58,6 +58,7 @@ export const buildTlsHandshakeQuery = ({ index: defaultIndex, allowNoIndices: true, ignoreUnavailable: true, + track_total_hits: true, body: { query: { bool: { @@ -65,7 +66,6 @@ export const buildTlsHandshakeQuery = ({ }, }, size: 0, - track_total_hits: true, }, }; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/unique_flows/query.network_kpi_unique_flows.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/unique_flows/query.network_kpi_unique_flows.dsl.ts index 13a404ec3720b7..ec8de30cfff852 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/unique_flows/query.network_kpi_unique_flows.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/unique_flows/query.network_kpi_unique_flows.dsl.ts @@ -32,6 +32,7 @@ export const buildUniqueFlowsQuery = ({ index: defaultIndex, allowNoIndices: true, ignoreUnavailable: true, + track_total_hits: false, body: { aggregations: { unique_flow_id: { @@ -46,7 +47,6 @@ export const buildUniqueFlowsQuery = ({ }, }, size: 0, - track_total_hits: false, }, }; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/unique_private_ips/query.network_kpi_unique_private_ips.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/unique_private_ips/query.network_kpi_unique_private_ips.dsl.ts index e12ccf5b7889b6..590e7117826d73 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/unique_private_ips/query.network_kpi_unique_private_ips.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/unique_private_ips/query.network_kpi_unique_private_ips.dsl.ts @@ -87,6 +87,7 @@ export const buildUniquePrivateIpsQuery = ({ allowNoIndices: true, index: defaultIndex, ignoreUnavailable: true, + track_total_hits: false, body: { aggregations: { ...getAggs('source'), @@ -98,7 +99,6 @@ export const buildUniquePrivateIpsQuery = ({ }, }, size: 0, - track_total_hits: false, }, }; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/overview/__mocks__/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/overview/__mocks__/index.ts index 79ad6489558de9..fcb30be7a403d6 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/overview/__mocks__/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/overview/__mocks__/index.ts @@ -111,6 +111,7 @@ export const formattedSearchStrategyResponse = { 'winlogbeat-*', ], ignoreUnavailable: true, + track_total_hits: false, body: { aggregations: { unique_flow_count: { filter: { term: { type: 'flow' } } }, @@ -182,7 +183,6 @@ export const formattedSearchStrategyResponse = { }, }, size: 0, - track_total_hits: false, }, }, null, diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/overview/query.overview_network.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/overview/query.overview_network.dsl.ts index c5e2892bd9f823..7e35ae2fd4308f 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/overview/query.overview_network.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/overview/query.overview_network.dsl.ts @@ -31,6 +31,7 @@ export const buildOverviewNetworkQuery = ({ allowNoIndices: true, index: defaultIndex, ignoreUnavailable: true, + track_total_hits: false, body: { aggregations: { unique_flow_count: { @@ -99,7 +100,6 @@ export const buildOverviewNetworkQuery = ({ }, }, size: 0, - track_total_hits: false, }, }; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/tls/__mocks__/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/tls/__mocks__/index.ts index 5028e4a27c93e3..16750acc5adeed 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/tls/__mocks__/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/tls/__mocks__/index.ts @@ -69,6 +69,7 @@ export const formattedSearchStrategyResponse = { 'winlogbeat-*', ], ignoreUnavailable: true, + track_total_hits: false, body: { aggs: { count: { cardinality: { field: 'tls.server.hash.sha1' } }, @@ -99,7 +100,6 @@ export const formattedSearchStrategyResponse = { }, }, size: 0, - track_total_hits: false, }, }, null, @@ -123,6 +123,7 @@ export const expectedDsl = { 'winlogbeat-*', ], ignoreUnavailable: true, + track_total_hits: false, body: { aggs: { count: { cardinality: { field: 'tls.server.hash.sha1' } }, @@ -153,6 +154,5 @@ export const expectedDsl = { }, }, size: 0, - track_total_hits: false, }, }; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/tls/query.tls_network.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/tls/query.tls_network.dsl.ts index ff5fe20f685f1d..be60b33ae2d226 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/tls/query.tls_network.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/tls/query.tls_network.dsl.ts @@ -78,6 +78,7 @@ export const buildNetworkTlsQuery = ({ allowNoIndices: true, index: defaultIndex, ignoreUnavailable: true, + track_total_hits: false, body: { aggs: { ...getAggs(querySize, sort), @@ -88,7 +89,6 @@ export const buildNetworkTlsQuery = ({ }, }, size: 0, - track_total_hits: false, }, }; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/users/__mocks__/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/users/__mocks__/index.ts index 252f165f11ad9b..3837afabe57993 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/users/__mocks__/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/users/__mocks__/index.ts @@ -129,6 +129,7 @@ export const formattedSearchStrategyResponse = { 'winlogbeat-*', ], ignoreUnavailable: true, + track_total_hits: false, body: { aggs: { user_count: { cardinality: { field: 'user.name' } }, @@ -160,7 +161,6 @@ export const formattedSearchStrategyResponse = { }, }, size: 0, - track_total_hits: false, }, }, null, @@ -174,6 +174,7 @@ export const formattedSearchStrategyResponse = { export const expectedDsl = { allowNoIndices: true, + track_total_hits: false, body: { aggs: { user_count: { cardinality: { field: 'user.name' } }, @@ -205,7 +206,6 @@ export const expectedDsl = { }, }, size: 0, - track_total_hits: false, }, ignoreUnavailable: true, index: [ diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/users/query.users_network.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/users/query.users_network.dsl.ts index 57cb6093ae355c..2b02b25292a32c 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/users/query.users_network.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/users/query.users_network.dsl.ts @@ -37,6 +37,7 @@ export const buildUsersQuery = ({ allowNoIndices: true, index: defaultIndex, ignoreUnavailable: true, + track_total_hits: false, body: { aggs: { user_count: { @@ -84,7 +85,6 @@ export const buildUsersQuery = ({ }, }, size: 0, - track_total_hits: false, }, }; diff --git a/x-pack/plugins/security_solution/server/search_strategy/timeline/factory/events/last_event_time/query.events_last_event_time.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/timeline/factory/events/last_event_time/query.events_last_event_time.dsl.ts index 1e7b531d7fcf1c..ccc156af84922e 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/timeline/factory/events/last_event_time/query.events_last_event_time.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/timeline/factory/events/last_event_time/query.events_last_event_time.dsl.ts @@ -40,6 +40,7 @@ export const buildLastEventTimeQuery = ({ allowNoIndices: true, index: indicesToQuery.network, ignoreUnavailable: true, + track_total_hits: false, body: { ...(!isEmpty(docValueFields) ? { docvalue_fields: docValueFields } : {}), aggregations: { @@ -47,7 +48,6 @@ export const buildLastEventTimeQuery = ({ }, query: { bool: { should: getIpDetailsFilter(details.ip) } }, size: 0, - track_total_hits: false, }, }; } @@ -58,6 +58,7 @@ export const buildLastEventTimeQuery = ({ allowNoIndices: true, index: indicesToQuery.hosts, ignoreUnavailable: true, + track_total_hits: false, body: { ...(!isEmpty(docValueFields) ? { docvalue_fields: docValueFields } : {}), aggregations: { @@ -65,7 +66,6 @@ export const buildLastEventTimeQuery = ({ }, query: { bool: { filter: getHostDetailsFilter(details.hostName) } }, size: 0, - track_total_hits: false, }, }; } @@ -76,6 +76,7 @@ export const buildLastEventTimeQuery = ({ allowNoIndices: true, index: indicesToQuery[indexKey], ignoreUnavailable: true, + track_total_hits: false, body: { ...(!isEmpty(docValueFields) ? { docvalue_fields: docValueFields } : {}), aggregations: { @@ -83,7 +84,6 @@ export const buildLastEventTimeQuery = ({ }, query: { match_all: {} }, size: 0, - track_total_hits: false, }, }; default: