[EQL] Remove usage of ignore:400 for syntax validation · elastic/kibana#169042

(5 评论) (0 反应) (1 负责人)TypeScript (19,065 star) (8,021 fork)batch import

Team: SecuritySolutionTeam:Detection Enginebuggood first issue

描述

Describe the bug:

Currently, the EQL search strategy adds "ignore": [400] to the params sent to the elasticsearch-js client which causes the client to treat 400 errors as expected:

https://github.com/elastic/kibana/blob/6efef0496077f4e61d49e4e43f75941ff3d98d9e/x-pack/plugins/security_solution/public/common/hooks/eql/api.ts#L42

As a result, the response back may indeed be a 400 error but it is returned as a normal 200 response.

This may have been necessary at some point but now ES properly sends a message back indicating syntax errors:

贡献者指南

技术栈: typescriptnodejsrest api
领域: backendapisearch
议题类型: bug
难度: 1
预计时间: under 1 hour
活动状态: blocked
清晰度: clear
前置要求: TypeScript basicsElasticsearch client understanding
新手友好度: 40
研究方向: The issue requires modifying the file `x pack/plugins/security solution/public/common/hooks/eql/api.ts` to remove the `'ignore': [400]` parameter from the request options. After removal, ensure that 400 errors are properly surfaced as errors rather than successful responses. The change is small and localized.