updating risk drilldowns

[patel-bhavin]

Fixes for issue : #3976

[nasbench]

Did not look at all for my sanity. But since this a search/replace it should all be good. I'll take care of the versions

[AndreiBanaru]

This would show results but I think it doesn't render the intention:

  earliest_offset: 7d
  latest_offset: "0"

I've updated it for 1 detection in our dev environment and this is what I see in Splunk Web:

and when I click on the drilldown for a finding I have:

[patel-bhavin]

Hello @AndreiBanaru : i installed a build of the ESCU from this specific PR onto our test instance and it seems like this works as intended : You can note the time on the right side of the screenshot and i recommend to look under
"date & Time Range" to confirm if the time computation works as expected!

What splunk and ES version are you on ? I have tested this ES 8.4 and Splunk 10

I also noticed that ES adds the y and renders it in UI as 0y for latest_offset however this seems like a bug in ES and the functionality works as expected! Based on our testing : we will likely move forward with getting this PR shipped! Let us know if you have any concerns

Note:

• Just FYI, There are a bunch of issues around drilldowns in ES 8.1 : https://help.splunk.com/en/splunk-enterprise-security-8/release-notes-and-resources/8.1/splunk-enterprise-security-release-notes/known-issues