From 5fcea2ea341c02744af3cd9e8bec54bdf748ae78 Mon Sep 17 00:00:00 2001
From: Michael Wolf <michael.wolf@elastic.co>
Date: Mon, 20 Jan 2025 16:24:17 -0800
Subject: [PATCH] Increase maximum Osquery timeout to 24 hours.

Some Osquery queries are expected to be long running. To accommodate
this, increase the maximum timeout in the query creation UI to 24 hours
(86400 seconds).

24 hours should allow most long-running queries, while still having a
limit that ensures misbehaving queries do not block others for an
extremely long time.
---
 x-pack/platform/plugins/shared/osquery/common/constants.ts  | 2 +-
 .../plugins/shared/osquery/cypress/e2e/all/live_query.cy.ts | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/x-pack/platform/plugins/shared/osquery/common/constants.ts b/x-pack/platform/plugins/shared/osquery/common/constants.ts
index b45c1cb082d03..29f3bf45e7398 100644
--- a/x-pack/platform/plugins/shared/osquery/common/constants.ts
+++ b/x-pack/platform/plugins/shared/osquery/common/constants.ts
@@ -32,5 +32,5 @@ export const API_VERSIONS = {
 
 export enum QUERY_TIMEOUT {
   DEFAULT = 60, // 60 seconds
-  MAX = 60 * 15,
+  MAX = 60 * 60 * 24, // 24 hours
 }
diff --git a/x-pack/platform/plugins/shared/osquery/cypress/e2e/all/live_query.cy.ts b/x-pack/platform/plugins/shared/osquery/cypress/e2e/all/live_query.cy.ts
index 6f551ad39b196..07599d064d649 100644
--- a/x-pack/platform/plugins/shared/osquery/cypress/e2e/all/live_query.cy.ts
+++ b/x-pack/platform/plugins/shared/osquery/cypress/e2e/all/live_query.cy.ts
@@ -37,12 +37,12 @@ describe('ALL - Live Query', { tags: ['@ess', '@serverless'] }, () => {
     cy.contains('Query is a required field').should('not.exist');
     checkResults();
     getAdvancedButton().click();
-    fillInQueryTimeout('910');
+    fillInQueryTimeout('86410');
     submitQuery();
-    cy.contains('The timeout value must be 900 seconds or or lower.');
+    cy.contains('The timeout value must be 86400 seconds or or lower.');
     fillInQueryTimeout('890');
     submitQuery();
-    cy.contains('The timeout value must be 900 seconds or or lower.').should('not.exist');
+    cy.contains('The timeout value must be 86400 seconds or or lower.').should('not.exist');
     typeInOsqueryFieldInput('days{downArrow}{enter}');
     submitQuery();
     cy.contains('ECS field is required.');