const getHostFieldValue = (fieldName: string, bucket: HostAggEsItem): string | string[] | null => { const aggField = hostFieldsMap[fieldName] ? hostFieldsMap[fieldName].replace(/\./g, '_') : fieldName.replace(/\./g, '_'); if ( [ 'host.ip', 'host.mac', 'cloud.instance.id', 'cloud.machine.type', 'cloud.provider', 'cloud.region', ].includes(fieldName) && has(aggField, bucket) ) { const data: HostBuckets = get(aggField, bucket); return data.buckets.map(obj => obj.key); } else if (has(`${aggField}.buckets`, bucket)) { return getFirstItem(get(`${aggField}`, bucket)); } else if (has(aggField, bucket)) { const valueObj: HostValue = get(aggField, bucket); return valueObj.value_as_string; } return null; };
export const hasDocumentation = (index: string, path: string): boolean => { if (index === 'unknown') { return false; } const splitPath = path.split('.'); const category = splitPath.length > 0 ? splitPath[0] : null; if (category === null) { return false; } if (splitPath.length > 1) { return has([category, 'fields', path], getIndexSchemaDoc(index)); } return has(category, getIndexSchemaDoc(index)); };
export const mergeFieldsWithHit = <T>( fieldName: string, flattenedFields: T, fieldMap: Readonly<Record<string, string>>, hit: { _source: {} } ) => { if (fieldMap[fieldName] != null) { const esField = fieldMap[fieldName]; if (has(esField, hit._source)) { const objectWithProperty = { node: { ...get('node', flattenedFields), ...fieldName .split('.') .reduceRight((obj, next) => ({ [next]: obj }), get(esField, hit._source)), }, }; return merge(flattenedFields, objectWithProperty); } else { return flattenedFields; } } else { return flattenedFields; } };
Object.keys(timelineInput).reduce<TimelineInput>((acc, key) => { if (has(key, timeline)) { if (key === 'kqlQuery') { return set(`${key}.filterQuery`, get(`${key}.filterQuery`, timeline), acc); } else if (key === 'dateRange') { return set(`${key}`, { start: timelineTimeRange.from, end: timelineTimeRange.to }, acc); } else if (key === 'columns' && get(key, timeline) != null) { return set( key, get(key, timeline).map((col: ColumnHeader) => omit(['width', '__typename'], col)), acc ); } return set(key, get(key, timeline), acc); } return acc; }, timelineInput);
const mergeTimelineFieldsWithHit = <T>( fieldName: string, flattenedFields: T, fieldMap: Readonly<Record<string, string>>, hit: { _source: {} }, dataFields: ReadonlyArray<string>, ecsFields: ReadonlyArray<string> ) => { if (fieldMap[fieldName] != null || dataFields.includes(fieldName)) { const esField = dataFields.includes(fieldName) ? fieldName : fieldMap[fieldName]; if (has(esField, hit._source) || specialFields.includes(esField)) { const objectWithProperty = { node: { ...get('node', flattenedFields), data: dataFields.includes(fieldName) ? [ ...get('node.data', flattenedFields), { field: fieldName, value: specialFields.includes(esField) ? get(esField, hit) : get(esField, hit._source), }, ] : get('node.data', flattenedFields), ecs: ecsFields.includes(fieldName) ? { ...get('node.ecs', flattenedFields), ...fieldName .split('.') .reduceRight((obj, next) => ({ [next]: obj }), get(esField, hit._source)), } : get('node.ecs', flattenedFields), }, }; return merge(flattenedFields, objectWithProperty); } else { return flattenedFields; } } else { return flattenedFields; } };