From a702e9c82c54cd56ec7ef14bc2bee6db325e0cdc Mon Sep 17 00:00:00 2001
From: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Date: Fri, 31 Jan 2025 13:06:12 +1100
Subject: [PATCH] [8.16] Increase maximum Osquery timeout to 24 hours (#207276)
 (#209035)

# Backport

This will backport the following commits from `main` to `8.16`:
- [Increase maximum Osquery timeout to 24 hours
(#207276)](https://github.com/elastic/kibana/pull/207276)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Michael
Wolf","email":"michael.wolf@elastic.co"},"sourceCommit":{"committedDate":"2025-01-31T00:18:47Z","message":"Increase
maximum Osquery timeout to 24 hours (#207276)\n\nSome Osquery queries
are expected to be long running. To accommodate\r\nthis, increase the
maximum timeout in the query creation UI to 24 hours\r\n(86400
seconds).\r\n\r\n24 hours should allow most long-running queries, while
still having a\r\nlimit that ensures misbehaving queries do not block
others for an\r\nextremely long time.\r\n\r\nRelates to
https://github.com/elastic/beats/issues/42352. Osquerybeat\r\nwill also
increase its timeout limit to 24h, this change will allow the\r\nhigher
timeout to be set by users in
Kibana.","sha":"81a57e005ed0a6b72a254056813b1c6ee633da1f","branchLabelMapping":{"^v9.0.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:enhancement","v9.0.0","backport:prev-major"],"title":"Increase
maximum Osquery timeout to 24
hours","number":207276,"url":"https://github.com/elastic/kibana/pull/207276","mergeCommit":{"message":"Increase
maximum Osquery timeout to 24 hours (#207276)\n\nSome Osquery queries
are expected to be long running. To accommodate\r\nthis, increase the
maximum timeout in the query creation UI to 24 hours\r\n(86400
seconds).\r\n\r\n24 hours should allow most long-running queries, while
still having a\r\nlimit that ensures misbehaving queries do not block
others for an\r\nextremely long time.\r\n\r\nRelates to
https://github.com/elastic/beats/issues/42352. Osquerybeat\r\nwill also
increase its timeout limit to 24h, this change will allow the\r\nhigher
timeout to be set by users in
Kibana.","sha":"81a57e005ed0a6b72a254056813b1c6ee633da1f"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/207276","number":207276,"mergeCommit":{"message":"Increase
maximum Osquery timeout to 24 hours (#207276)\n\nSome Osquery queries
are expected to be long running. To accommodate\r\nthis, increase the
maximum timeout in the query creation UI to 24 hours\r\n(86400
seconds).\r\n\r\n24 hours should allow most long-running queries, while
still having a\r\nlimit that ensures misbehaving queries do not block
others for an\r\nextremely long time.\r\n\r\nRelates to
https://github.com/elastic/beats/issues/42352. Osquerybeat\r\nwill also
increase its timeout limit to 24h, this change will allow the\r\nhigher
timeout to be set by users in
Kibana.","sha":"81a57e005ed0a6b72a254056813b1c6ee633da1f"}}]}]
BACKPORT-->

Co-authored-by: Michael Wolf <michael.wolf@elastic.co>
---
 x-pack/plugins/osquery/common/constants.ts              | 2 +-
 x-pack/plugins/osquery/cypress/e2e/all/live_query.cy.ts | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/x-pack/plugins/osquery/common/constants.ts b/x-pack/plugins/osquery/common/constants.ts
index b45c1cb082d03..29f3bf45e7398 100644
--- a/x-pack/plugins/osquery/common/constants.ts
+++ b/x-pack/plugins/osquery/common/constants.ts
@@ -32,5 +32,5 @@ export const API_VERSIONS = {
 
 export enum QUERY_TIMEOUT {
   DEFAULT = 60, // 60 seconds
-  MAX = 60 * 15,
+  MAX = 60 * 60 * 24, // 24 hours
 }
diff --git a/x-pack/plugins/osquery/cypress/e2e/all/live_query.cy.ts b/x-pack/plugins/osquery/cypress/e2e/all/live_query.cy.ts
index 6f551ad39b196..07599d064d649 100644
--- a/x-pack/plugins/osquery/cypress/e2e/all/live_query.cy.ts
+++ b/x-pack/plugins/osquery/cypress/e2e/all/live_query.cy.ts
@@ -37,12 +37,12 @@ describe('ALL - Live Query', { tags: ['@ess', '@serverless'] }, () => {
     cy.contains('Query is a required field').should('not.exist');
     checkResults();
     getAdvancedButton().click();
-    fillInQueryTimeout('910');
+    fillInQueryTimeout('86410');
     submitQuery();
-    cy.contains('The timeout value must be 900 seconds or or lower.');
+    cy.contains('The timeout value must be 86400 seconds or or lower.');
     fillInQueryTimeout('890');
     submitQuery();
-    cy.contains('The timeout value must be 900 seconds or or lower.').should('not.exist');
+    cy.contains('The timeout value must be 86400 seconds or or lower.').should('not.exist');
     typeInOsqueryFieldInput('days{downArrow}{enter}');
     submitQuery();
     cy.contains('ECS field is required.');