fix 400 error on initial signals search (#70618)
### Summary On initial render of the SIEM pages, a 400 error was showing for POST http://localhost:5601/api/detection_engine/signals/search. This PR is a temporary fix for this bug. This initial call is being used to populate the Last alert text that shows at the top of a number of the pages. The reason the size was 0 is because we weren't interested in the signals themselves, just the timestamp of the last alert. Teamed up with @XavierM and it seems to us that the issue is the server side validation. It may be Hapi misreading the 0 as false or our updated validation not accepting size 0.
This commit is contained in:
parent
e7749210b4
commit
6a33a78f31
1 changed files with 2 additions and 1 deletions
|
@ -10,6 +10,7 @@ export const buildLastAlertsQuery = (ruleId: string | undefined | null) => {
|
|||
bool: { should: [{ match: { 'signal.status': 'open' } }], minimum_should_match: 1 },
|
||||
},
|
||||
];
|
||||
|
||||
return {
|
||||
aggs: {
|
||||
lastSeen: { max: { field: '@timestamp' } },
|
||||
|
@ -30,7 +31,7 @@ export const buildLastAlertsQuery = (ruleId: string | undefined | null) => {
|
|||
: queryFilter,
|
||||
},
|
||||
},
|
||||
size: 0,
|
||||
size: 1,
|
||||
track_total_hits: true,
|
||||
};
|
||||
};
|
||||
|
|
Loading…
Reference in a new issue