fix 400 error on initial signals search (#70618)

### Summary On initial render of the SIEM pages, a 400 error was showing for POST http://localhost:5601/api/detection_engine/signals/search. This PR is a temporary fix for this bug. This initial call is being used to populate the Last alert text that shows at the top of a number of the pages. The reason the size was 0 is because we weren't interested in the signals themselves, just the timestamp of the last alert. Teamed up with @XavierM and it seems to us that the issue is the server side validation. It may be Hapi misreading the 0 as false or our updated validation not accepting size 0.
2020-07-02 17:04:48 -04:00 · 2020-07-02 17:04:48 -04:00 · 6a33a78f31
parent e7749210b4
commit 6a33a78f31
1 changed files with 2 additions and 1 deletions
--- a/x-pack/plugins/security_solution/public/alerts/components/alerts_info/query.dsl.ts
+++ b/x-pack/plugins/security_solution/public/alerts/components/alerts_info/query.dsl.ts
@ -10,6 +10,7 @@ export const buildLastAlertsQuery = (ruleId: string | undefined | null) => {
      bool: { should: [{ match: { 'signal.status': 'open' } }], minimum_should_match: 1 },
    },
  ];
+
  return {
    aggs: {
      lastSeen: { max: { field: '@timestamp' } },
@ -30,7 +31,7 @@ export const buildLastAlertsQuery = (ruleId: string | undefined | null) => {
            : queryFilter,
      },
    },
-    size: 0,
+    size: 1,
    track_total_hits: true,
  };
 };