fleet icon indicating copy to clipboard operation
fleet copied to clipboard
verified publisher icon fleetdm

[QA Wolf] Hosts counts on Software, Vulnerabilities tables do not match corresponding hosts counts on View All Hosts Table

Open qawolf-fleet opened this issue 1 year ago • 8 comments

Fleet version: Fleet 0.0.0-SNAPSHOT-4413a20 • Go go1.19.4 (or newer)

Operating system: Linux 64-bit

Web browser: Google Chrome Version 109.0.5414.119 64-bit

🧑‍💻  Expected behavior

💥  Actual behavior

🐛

  • QA wolf reproduced including Step 3. (from Vuln table). Fleet yet to reproduce locally.
  • Fleet reproduced omiting step 3 (from Software titles/version table) for "osquery.app"

Steps to reproduce:

  1. Login to Fleet as the Global Admin
  2. Navigate to the Software page
  3. Click the Vulnerabilities tab
  4. Hover over a random vulnerability row, keep note of the hosts count on this row
  5. Click the "View all Hosts" button that appears
  6. On the next page we will now see all hosts filtered by the vulnerability we've selected Expected: The hosts count to match the hosts count we saw from the vulnerability table Actual: The hosts count is off, usually by 1

Timestamp: 0:04 Video: https://www.loom.com/share/62a95a7f2141460b81b274f8b4f468e7 (https://www.loom.com/share/62a95a7f2141460b81b274f8b4f468e7)

Bug report: https://app.qawolf.com/fleet/bug-reports/61c334ee-204f-410e-929d-d766719b0f33

Affected workflows:

If you are aware of this bug you can set the priority to low which will prevent it from causing a run failure.

More info

qawolf-fleet avatar Apr 30 '24 19:04 qawolf-fleet

This is confirmed in the QAWolf instance. The disparity is greater in the osquery software entry with a four host discrepancy.

xpkoala avatar May 02 '24 16:05 xpkoala

@xpkoala If it's a new bug in the QAWolf instance it is unreleased because we deploy daily to QA Wolf from main.

lukeheath avatar May 03 '24 19:05 lukeheath

@qawolf-fleet are you still seeing this bug? If so, if you run fleetctl trigger --name vulnerabilities cleanups_then_aggregation does the bug persist? If so, what kind of hosts is your instance using? Thanks!

jacobshandling avatar May 08 '24 18:05 jacobshandling

I haven't been able to reproduce locally yet

jacobshandling avatar May 08 '24 18:05 jacobshandling

Just reproduced from the Software tab, though not from the Vulnerabilities tab yet.

jacobshandling avatar May 08 '24 18:05 jacobshandling

Closing per inability to reproduce consistently and QA wolf no longer seeing the issue

jacobshandling avatar May 08 '24 21:05 jacobshandling

Mismatched hosts counts show, Harmonize for clear view, In Fleet's secure glow.

fleet-release avatar May 08 '24 21:05 fleet-release

Re-opening since this may be a statistical bug that we should keep our eyes on. TBD if it should still be considered release blocking.

jacobshandling avatar May 09 '24 22:05 jacobshandling

Closing, as this mismatch is expected until the vulnerability cron job runs, which is once per hour unless manually triggered. https://fleetdm.slack.com/archives/C0480CNGT45/p1715265865847109

jacobshandling avatar May 10 '24 17:05 jacobshandling

Count mismatch fixed, Harmony in data flows, Fleet's truth now unmasked.

fleet-release avatar May 10 '24 17:05 fleet-release