[Endpoint] Unifying the test index name for resolver and alerts (#59073)

* Unifying the test index name for resolver and alerts * Endpoint isn't sending the agent field so check for it Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
2020-03-06 09:43:52 -05:00 · 2020-03-06 09:43:52 -05:00 · 2e41a27c46
parent 4977e57a3e
commit 2e41a27c46
4 changed files with 5 additions and 5 deletions
--- a/x-pack/plugins/endpoint/common/types.ts
+++ b/x-pack/plugins/endpoint/common/types.ts
@ -31,9 +31,9 @@ export enum Direction {

 export class EndpointAppConstants {
  static BASE_API_URL = '/api/endpoint';
-  static ALERT_INDEX_NAME = 'my-index';
  static ENDPOINT_INDEX_NAME = 'endpoint-agent*';
-  static EVENT_INDEX_NAME = 'endpoint-events-*';
+  static ALERT_INDEX_NAME = 'events-endpoint-1';
+  static EVENT_INDEX_NAME = 'events-endpoint-*';
  static DEFAULT_TOTAL_HITS = 10000;
  /**
   * Legacy events are stored in indices with endgame-* prefix
--- a/x-pack/plugins/endpoint/server/routes/resolver/utils/normalize.ts
+++ b/x-pack/plugins/endpoint/server/routes/resolver/utils/normalize.ts
@ -7,7 +7,7 @@
 import { ResolverEvent, LegacyEndpointEvent } from '../../../../common/types';

 function isLegacyData(data: ResolverEvent): data is LegacyEndpointEvent {
-  return data.agent.type === 'endgame';
+  return data.agent?.type === 'endgame';
 }

 export function extractEventID(event: ResolverEvent) {
--- a/x-pack/test/functional/es_archives/endpoint/alerts/api_feature/data.json.gz
+++ b/x-pack/test/functional/es_archives/endpoint/alerts/api_feature/data.json.gz
--- a/x-pack/test/functional/es_archives/endpoint/alerts/api_feature/mappings.json
+++ b/x-pack/test/functional/es_archives/endpoint/alerts/api_feature/mappings.json
@ -3,7 +3,7 @@
  "value": {
    "aliases": {
    },
-    "index": "my-index",
+    "index": "events-endpoint-1",
    "mappings": {
      "_meta": {
        "version": "1.5.0-dev"
@ -5262,4 +5262,4 @@
      }
    }
  }
-}
+}