maxmustermann/kibana
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

One liner to expose the EQL query for debugging for users (#100565)

Browse source 
## Summary

Expose the EQL query in the Kibana logs for detections when they are being run when Kibana in debug mode.
This commit is contained in:
Frank Hassanabad 2021-05-25 11:35:52 -06:00 committed by GitHub
parent bca1c14f9c
commit 5dc85c69b7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/eql.ts
View file

@ -92,6 +92,11 @@ export const eqlExecutor = async ({
ruleParams.eventCategoryOverride
);
const eqlSignalSearchStart = performance.now();
logger.debug(
`EQL query request path: ${request.path}, method: ${request.method}, body: ${JSON.stringify(
request.body
)}`
);
// TODO: fix this later
const { body: response } = (await services.scopedClusterClient.asCurrentUser.transport.request(
request