const getHostFieldValue = (fieldName: string, bucket: HostAggEsItem): string | string[] | null => {
const aggField = hostFieldsMap[fieldName]
? hostFieldsMap[fieldName].replace(/\./g, '_')
: fieldName.replace(/\./g, '_');
if (
[
'host.ip',
'host.mac',
'cloud.instance.id',
'cloud.machine.type',
'cloud.provider',
'cloud.region',
].includes(fieldName) &&
has(aggField, bucket)
) {
const data: HostBuckets = get(aggField, bucket);
return data.buckets.map(obj => obj.key);
} else if (has(`${aggField}.buckets`, bucket)) {
return getFirstItem(get(`${aggField}`, bucket));
} else if (has(aggField, bucket)) {
const valueObj: HostValue = get(aggField, bucket);
return valueObj.value_as_string;
}
return null;
};
export const mergeFieldsWithHit = <T>(
fieldName: string,
flattenedFields: T,
fieldMap: Readonly<Record<string, string>>,
hit: { _source: {} }
) => {
if (fieldMap[fieldName] != null) {
const esField = fieldMap[fieldName];
if (has(esField, hit._source)) {
const objectWithProperty = {
node: {
...get('node', flattenedFields),
...fieldName
.split('.')
.reduceRight((obj, next) => ({ [next]: obj }), get(esField, hit._source)),
},
};
return merge(flattenedFields, objectWithProperty);
} else {
return flattenedFields;
}
} else {
return flattenedFields;
}
};
result => {
updateLoading(false);
updateFirstSeen(get('data.source.HostFirstLastSeen.firstSeen', result));
updateLastSeen(get('data.source.HostFirstLastSeen.lastSeen', result));
updateErrorMessage(null);
return result;
},
.case(setDuration, (state, { id, duration }) => ({
...state,
[id]: {
...get(id, state),
policy: {
...get(`${id}.policy`, state),
duration,
},
},
}))
.case(stopAutoReload, (state, { id }) => ({
...state,
[id]: {
...get(id, state),
policy: {
...get(`${id}.policy`, state),
kind: 'manual',
},
},
}))
.case(startAutoReload, (state, { id }) => ({
...state,
[id]: {
...get(id, state),
policy: {
...get(`${id}.policy`, state),
kind: 'interval',
},
},
}))
export const getDocumentation = (index: string, path: string) => {
if (index === 'unknown') {
return '';
}
const splitPath = path.split('.');
const category = splitPath.length > 0 ? splitPath[0] : null;
if (category === null) {
return '';
}
if (splitPath.length > 1) {
return get([category, 'fields', path], getIndexSchemaDoc(index)) || '';
}
return get(category, getIndexSchemaDoc(index)) || '';
};
public async getHostFirstLastSeen(
request: FrameworkRequest,
options: HostLastFirstSeenRequestOptions
): Promise<FirstLastSeenHost> {
const response = await this.framework.callWithRequest<HostAggEsData, TermAggregation>(
request,
'search',
buildLastFirstSeenHostQuery(options)
);
const aggregations: HostAggEsItem = get('aggregations', response) || {};
return {
firstSeen: get('firstSeen.value_as_string', aggregations),
lastSeen: get('lastSeen.value_as_string', aggregations),
};
}
filter(([checkAction, updatedTimeline]) => {
if (
checkAction.type === endTimelineSaving.type &&
updatedTimeline[get('payload.id', checkAction)].savedObjectId != null
) {
myEpicTimelineId.setTimelineId(
updatedTimeline[get('payload.id', checkAction)].savedObjectId
);
myEpicTimelineId.setTimelineVersion(
updatedTimeline[get('payload.id', checkAction)].version
);
return true;
}
return false;
})
public async getDomainsFirstLastSeen(
request: FrameworkRequest,
options: DomainFirstLastSeenRequestOptions
): Promise<FirstLastSeenDomain> {
const response = await this.framework.callWithRequest<SearchHit, TermAggregation>(
request,
'search',
buildFirstLastSeenDomainQuery(options)
);
const aggregations: DomainFirstLastSeenItem = get('aggregations', response) || {};
return {
firstSeen: get('firstSeen.value_as_string', aggregations),
lastSeen: get('lastSeen.value_as_string', aggregations),
};
}
