const getHostFieldValue = (fieldName: string, bucket: HostAggEsItem): string | string[] | null => {
const aggField = hostFieldsMap[fieldName]
? hostFieldsMap[fieldName].replace(/\./g, '_')
: fieldName.replace(/\./g, '_');
if (
[
'host.ip',
'host.mac',
'cloud.instance.id',
'cloud.machine.type',
'cloud.provider',
'cloud.region',
].includes(fieldName) &&
has(aggField, bucket)
) {
const data: HostBuckets = get(aggField, bucket);
return data.buckets.map(obj => obj.key);
} else if (has(`${aggField}.buckets`, bucket)) {
return getFirstItem(get(`${aggField}`, bucket));
} else if (has(aggField, bucket)) {
const valueObj: HostValue = get(aggField, bucket);
return valueObj.value_as_string;
}
return null;
};
export const hasDocumentation = (index: string, path: string): boolean => {
if (index === 'unknown') {
return false;
}
const splitPath = path.split('.');
const category = splitPath.length > 0 ? splitPath[0] : null;
if (category === null) {
return false;
}
if (splitPath.length > 1) {
return has([category, 'fields', path], getIndexSchemaDoc(index));
}
return has(category, getIndexSchemaDoc(index));
};
export const mergeFieldsWithHit = <T>(
fieldName: string,
flattenedFields: T,
fieldMap: Readonly<Record<string, string>>,
hit: { _source: {} }
) => {
if (fieldMap[fieldName] != null) {
const esField = fieldMap[fieldName];
if (has(esField, hit._source)) {
const objectWithProperty = {
node: {
...get('node', flattenedFields),
...fieldName
.split('.')
.reduceRight((obj, next) => ({ [next]: obj }), get(esField, hit._source)),
},
};
return merge(flattenedFields, objectWithProperty);
} else {
return flattenedFields;
}
} else {
return flattenedFields;
}
};
Object.keys(timelineInput).reduce<TimelineInput>((acc, key) => {
if (has(key, timeline)) {
if (key === 'kqlQuery') {
return set(`${key}.filterQuery`, get(`${key}.filterQuery`, timeline), acc);
} else if (key === 'dateRange') {
return set(`${key}`, { start: timelineTimeRange.from, end: timelineTimeRange.to }, acc);
} else if (key === 'columns' && get(key, timeline) != null) {
return set(
key,
get(key, timeline).map((col: ColumnHeader) => omit(['width', '__typename'], col)),
acc
);
}
return set(key, get(key, timeline), acc);
}
return acc;
}, timelineInput);
const mergeTimelineFieldsWithHit = <T>(
fieldName: string,
flattenedFields: T,
fieldMap: Readonly<Record<string, string>>,
hit: { _source: {} },
dataFields: ReadonlyArray<string>,
ecsFields: ReadonlyArray<string>
) => {
if (fieldMap[fieldName] != null || dataFields.includes(fieldName)) {
const esField = dataFields.includes(fieldName) ? fieldName : fieldMap[fieldName];
if (has(esField, hit._source) || specialFields.includes(esField)) {
const objectWithProperty = {
node: {
...get('node', flattenedFields),
data: dataFields.includes(fieldName)
? [
...get('node.data', flattenedFields),
{
field: fieldName,
value: specialFields.includes(esField)
? get(esField, hit)
: get(esField, hit._source),
},
]
: get('node.data', flattenedFields),
ecs: ecsFields.includes(fieldName)
? {
...get('node.ecs', flattenedFields),
...fieldName
.split('.')
.reduceRight((obj, next) => ({ [next]: obj }), get(esField, hit._source)),
}
: get('node.ecs', flattenedFields),
},
};
return merge(flattenedFields, objectWithProperty);
} else {
return flattenedFields;
}
} else {
return flattenedFields;
}
};