[EQL] Remove usage of ignore:400 for syntax validation · elastic/kibana#169042

(5 comments) (0 reactions) (1 assignee)TypeScript (19,065 stars) (8,021 forks)batch import

Team: SecuritySolutionTeam:Detection Enginebuggood first issue

説明

Describe the bug:

Currently, the EQL search strategy adds "ignore": [400] to the params sent to the elasticsearch-js client which causes the client to treat 400 errors as expected:

https://github.com/elastic/kibana/blob/6efef0496077f4e61d49e4e43f75941ff3d98d9e/x-pack/plugins/security_solution/public/common/hooks/eql/api.ts#L42

As a result, the response back may indeed be a 400 error but it is returned as a normal 200 response.

This may have been necessary at some point but now ES properly sends a message back indicating syntax errors:

コントリビューターガイド

技術スタック: typescriptnodejsrest api
領域: backendapisearch
Issue 種別: bug
難度: 1
推定時間: under 1 hour
活動状況: blocked
明確さ: clear
前提条件: TypeScript basicsElasticsearch client understanding
初心者向け度: 40
調査方針: The issue requires modifying the file `x pack/plugins/security solution/public/common/hooks/eql/api.ts` to remove the `'ignore': [400]` parameter from the request options. After removal, ensure that 400 errors are properly surfaced as errors rather than successful responses. The change is small and localized.