The way job audit messages were fetched didn't retrieve the expected results if there were deleted jobs with messages still present for these jobs.
This fix allows to specify a list of job IDs to filter the audit messages on. For the jobs list UI, the currently existing job IDs will be passed on to ignore messages from deleted jobs.
This adds tests to `server/models/annotation_service`. The tests include a check if the `.key` attribute of an annotation is properly removed from an annotation before indexing it.
The UI adds a `key` attribute to annotation objects to store the letter used for labels in the chart and tables. When editing and saving an annotation that `key` could end up being saved to the annotations index. This isn't necesseary since the `key` attribute is just a dynamic label used within the UI. This fixes it by deleting an eventual `key` attribute from the annotations object before saving it to the index.
* [ML] Initial commit for auditbeat hosts ECS
Rename fields for ECS
Rework dashboards due to bwc
* [ML] Further auditbeat tidy up and consistency changes
Custom urls should link to saved search, not discover
Ensure savedSearchId is used for visualizations
Ensure filter terms are consistent
TODO Decide if we should rename to auditd module
TODO Fix for new saved object format
* [ML] Refinements for auditbeat host module
Remove duplicated title from visState
Shrink panel heights in row 1
* [ML] Refinements to auditbeat module
Update module name from auditd to auditbeat
Add useMargins true for dashboards
Add filter to custom url for
exists auditd.data.syscall
not exists container.runtime
event.module: auditd
* [ML] Initial commit for auditbeat_process_docker_ecs
Update for ECS using
container.name (instead of container.id)
container.runtime: docker
process.executable
event.module: auditd
auditd.data.syscall exists
TODOs
Use auditd.message_type: syscall (instead of auditd.data.syscall)
Possibly combine with auditbeat hosts saved objects (depending on host.name being shared)
Possibly combine to single dashboard
Test against live auditbeat data collection
With security enabled, the internal user wouldn't have enough permissions to run the integrity check. This changes the check to use the currently logged in user. Also fixes some typos in messages.
* [ML] Adding index migration warnings
* small refactor
* correctlng comment
* adding upgrade service to manage upgradeInProgress state
* removing missing function
* [ML] Initial commit for apache ecs module
* [ML] Update apache2 module for ECS
Rename following fields
event.module:apache
event.dataset:access
source.address
url.original
http.response.status_code
source.geo.location
Rationalise to only use one set of kibana saved objects for all http web access logs
Rename files from apache
Combined URL explorer into Count explorer dashboard as there was a lot of duplication
Add filter to custom url
Rename custom urls to Investigate Source IP and Status Code
Add chart to show overall event rate split by event.module - can tell if multiple datasets are included
Increase limit for top source ips from 5 to 50
Add created_by to custom setting for telemetry
Rename jobs and saved objects to include ecs tag
Tested side by side against v6 jobs
* [ML] Rename apache files from hyphen to underscores
* [ML] Further apache renames
Also change custom URLs to lower case to match "View series"
Change created_by to ml-module-apache-access
* [ML] Initial commit of nginx ml module
* [ML] Rename dashboard to generic explorer
* [ML] Further refinement for apache
Rename http_status_code to status_code_rate
Update custom url to use filters instead of lucene query bar
* [ML] Convert apache module to nginx
Copy files, keeping nginx logo
Multiple renames to nginx
* [ML] Make chart legend visible by default
* Add new references attribute to saved objects
* Add dual support for dashboard export API
* Use new relationships API supporting legacy relationships extraction
* Code cleanup
* Fix style and CI error
* Add missing spaces test for findRelationships
* Convert collect_references_deep to typescript
* Add missing trailing commas
* Fix broken test by making saved object API consistently return references
* Fix broken api integration tests
* Add comment about the two TS types for saved object
* Only return title from the attributes returned in findRelationships
* Fix broken test
* Add missing security tests
* Drop filterTypes support
* Implement references to search, dashboard, visualization, graph
* Add index pattern migration to dashboards
* Add references mapping to dashboard mppings.json
* Remove findRelationships from repository and into it's own function / file
* Apply PR feedback pt1
* Fix some failing tests
* Remove error throwing in migrations
* Add references to edit saved object screen
* Pass types to findRelationships
* [ftr] restore snapshots from master, rely on migrations to add references
* [security] remove `find_relationships` action
* remove data set modifications
* [security/savedObjectsClient] remove _getAuthorizedTypes method
* fix security & spaces tests to consider references and migrationVersion
* Add space id prefixes to es_archiver/saved_objects/spaces/data.json
* Rename referenced attributes to have a suffix of RefName
* Fix length check in scenario references doesn't exist
* Add test for inject references to not be called when references array is empty or missing
* some code cleanup
* Make migrations run on machine learning data files, fix rollup filterPath for savedSearchRefName
* fix broken test
* Fix collector.js to include references in elasticsearch response
* code cleanup pt2
* add some more tests
* fix broken tests
* updated documentation on referencedBy option for saved object client find function
* Move visualization migrations into kibana plugin
* Update docs with better description on references
* Apply PR feedback
* Fix merge
* fix tests I broke adressing PR feedback
* PR feedback pt2
* [dashboard+gis] remove dark mode options
* [reporting/extract] restore fixtures
* remove mentions of old `.theme-dark` class
* import panel styles from panel/_index.scss
* Prevent docCount fetch and remove sidebar if no timeField set.
* Don't show metrics section if no metrics cards
* Add parens to conditional statement as per styleguide
* Don't create docCount card if not timeseries based
Adds a check if all index patterns necessary to clone a job are available for the current user. The check will only allow cloning of a job if the user has the right permissions and can still access the indexPattern the job was created for. An indexPattern could either have been deleted since the the job was created or the current user doesn't have the required permissions to access the indexPattern. The "Clone Job" action in the jobs list action menu will be greyed out and unavailable for that job.
* [ML] List all annotations in jobs list annotations table even outside analysis time range.
* [ML] Adjust the links time range if annotation is outside analysis time range.
* Move cardinality success check to utils
* enableModelPlot checkbox base added
* Run cardinality check on add/update fields
* Handle changes made via json
* only run cardinality check if model plot enabled
* Handle model plot enabled via EditJSON tab
* show message on cardinality check error
* multi-metric + pop: show message on cardinality check error
* add test for callout component
* Fix flexitem overflow in IE11
