* Shows event filters card on fleet page
* Uses aggs instead of while loop to retrieve summary data
* Add request and response types in the lists package
* Fixes old import
* Removes old i18n keys
* Removes more old i18n keys
* Use consts for exception lists url and endpoint event filter list id
* Uses event filters service to retrieve summary data
* Fixes addressed pr comments such as changing the route without underscore, adding aggs type, validating response, and more
* Uses useMemo instead of useState to memoize object
* Add new e2e test for summart endpoint
* Handle api errors on event filters and trusted apps summary api calls
* Add api error message to the toast
* Fix wrong i18n key
* Change span tag by react fragment
* Uses styled components instead of modify compontent style directly and small improvements on test -> ts
* Adds curls script for summary route
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: David Sánchez <davidsansol92@gmail.com>
Call `setHeaderActionMenu(undefined)` when the HeaderMenuPortal is unmounted.
Found this line in the docs:
> Calling the handler with `undefined` will unmount the current mount point.
Which we weren't doing before.
Previous behavior:
* Go to /app/observability/alerts
* Click the "View in app" button for an APM alert
* Click back
* Click the "View in app" button for an APM alert
* Get a weird toast error message and the header menu is gone forever
Now:
* Go to /app/observability/alerts
* Click the "View in app" button for an APM alert
* Click back
* Click the "View in app" button for an APM alert
* Get a working header menu
Fixes#97140
Co-authored-by: Nathan L Smith <nathan.smith@elastic.co>
* Taking space id into account when creating email footer link
* Handling undefined space when spaces is disabled
* Handling undefined space when spaces is disabled
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: ymao1 <ying.mao@elastic.co>
* Fetch rule statuses using single aggregation instead of N separate requests
* Optimize _find API and _find_statuses
* Merge alerting framework errors into rule statuses
* Add sortSchema for top hits agg, update terms.order schema
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Marshall Main <55718608+marshallmain@users.noreply.github.com>
* Remove recommendation of coordinating only node
A documentation should be easy and straight forward and giving the user the easiest possible way to get to a fully functioning cluster.
Running a coordinating only node is a bad idea because:
1. Introduces a single point of failure, especially when it is running on the same host as Kibana.
2. Introduces complexity, because you need to run an additional node.
The easiest way to solve the issue of load balancing is to add multiple hosts in the `Elasticsearch.hosts` array in the `Kibana.yml`. This should be far easier than deploying a coordinating node.
* fixed CI errors, there were references to the deleted `load-balancing-es` https://github.com/elastic/kibana/pull/100632
Co-authored-by: Philipp Kahr <philipp.kahr@elastic.co>
* Changing variable name of cases_count_daily to cases_count_total.
* Taking comments out of tests and reverting tests to previosu state.
* Changing meta description to be more descriptive.
* Changing meta description to be more descriptive.
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Claire Burn <80253545+clburn-elastic@users.noreply.github.com>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Re-introduces the changes from #100727 which was backed out due to a bug. Changes included:
* Generate random isolation values for endpoint metadata
* Generator for Fleet Actions
* Added creation of actions to the index test data loader
Plus:
* Fix generator `randomBoolean()` to ensure it works with seeded random numbers
* Update resolver snapshots due to additional call to randomizer
Co-authored-by: Paul Tavares <56442535+paul-tavares@users.noreply.github.com>
* Update datafeed_windows_rare_user_type10_remote_login.json
refactor df query to work with newer field values
* Update datafeed_windows_rare_user_type10_remote_login.json
remove event.code test - was failing a test on the build server using the original data b/c this field was not there when the query was first developed.
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Craig Chamberlain <randomuserid@users.noreply.github.com>
* [Fleet] Link to docs for Fleet Server and ES hosts
* Fix CN/JP i18n
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Zacqary Adam Xeper <Zacqary@users.noreply.github.com>
* WIP - creating alerting authorization client factory and exposing authorization client on plugin start contract
* Updating alerting feature privilege builder to handle different alerting types
* Passing in alerting authorization type to AlertingActions class string builder
* Passing in authorization type in each function call
* Passing in exempt consumer ids. Adding authorization type to audit logger
* Changing alertType to ruleType
* Changing alertType to ruleType
* Updating unit tests
* Updating unit tests
* Passing field names into authorization query builder. Adding kql/es dsl option
* Converting to es query if requested
* Fixing functional tests
* Removing ability to specify feature privilege name in constructor
* Fixing some types and tests
* Consolidating alerting authorization kuery filter options
* Cleanup and tests
* Cleanup and tests
* Initial commit with changes needed for subfeature privilege
* Throwing error when AlertingAuthorizationClientFactory is not defined
* Renaming authorizationType to entity
* Renaming AlertsAuthorization to AlertingAuthorization
* Fixing unit tests
* Changing schema of alerting feature privilege
* Changing schema of alerting feature privilege
* Updating feature privilege iterator
* Updating feature privilege builder
* Fixing types check
* Updating privilege string terminology
* Updating privilege string terminology
* Wip
* Fixing unit tests
* Unit tests
* Updating README and removing stack subfeature privilege changes
* Fixing README
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: ymao1 <ying.mao@elastic.co>
* [Maps timeslider]
* just arrowLeft and arrowRight icons
* tslint
* color icon when timeslider is open, auto select first section on open
* increase width to prevent timeslider from changing sizes during interaction
* fix filters disappearing when timeslice advances
* use shorter date format for ticks
* review feedback
* do not show timeslider button when map is embedded
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Nathan Reese <reese.nathan@gmail.com>
**Needed for:** rule execution log for Security https://github.com/elastic/kibana/pull/94143
**Related to:**
- alerts-as-data: https://github.com/elastic/kibana/issues/93728, https://github.com/elastic/kibana/issues/93729, https://github.com/elastic/kibana/issues/93730
- RFC for index naming https://github.com/elastic/kibana/issues/98912
## Summary
This PR adds a mechanism for writing to / reading from / bootstrapping indices for RAC project into the `rule_registry` plugin. Particularly, indices for alerts-as-data and rule execution events. This implementation is similar to existing implementations like `event_log` plugin (see https://github.com/elastic/kibana/pull/98353#issuecomment-833045980 for historical perspective), but we're going to converge all of them into 1 or 2 implementations. At least we should have a single one in `rule_registry` itself.
In this PR I tried to incorporate most of the feedback received in the RFC (https://github.com/elastic/kibana/issues/98912), but if you notice I missed/forgot something, please let me know in the comments.
Done in this PR:
- [x] Schema-agnostic APIs for working with Elasticsearch.
- [x] Schema-aware log definition and bootstrapping API (creating hierarchical logs).
- [x] Schema-aware write API (logging events).
- [x] Schema-aware read API (searching logs, filtering, sorting, pagination, aggregation).
- [x] Support for Kibana spaces, space-aware index bootstrapping (either at rule creation or rule execution time).
As for reviewing this PR, perhaps it might be easier to start with:
- checking description of https://github.com/elastic/kibana/issues/98912
- checking usage examples https://github.com/elastic/kibana/pull/98353/files#diff-c049ff2198cc69bd50a69e92d29e88da7e10b9a152bdaceaf3d41826e712c12b
- checking public api https://github.com/elastic/kibana/pull/98353/files#diff-8e9ef0dbcbc60b1861d492a03865b2ae76a56ec38ada61898c991d3a74bd6268
## Next steps
Next steps towards rule execution log in Security (https://github.com/elastic/kibana/pull/94143):
- define actual schema for rule execution events
- inject instance of rule execution log into Security rule executors and route handlers
- implement actual execution logging in rule executors
- update route handlers to start fetching execution events and metrics from the log instead of custom saved objects
Next steps in the context of RAC and unified implementation:
- converge this implementation with `RuleDataService` implementation
- implement robust index bootstrapping
- reconsider using FieldMap as a generic type parameter
- implement validation for documents being indexed
- cover the final implementation with tests
- write comprehensive docs: update plugin README, add JSDoc comments to all public interfaces
Make it so `xpack.observability.unsafe.alertingExperience.enabled` only shows and hides the Alerts page, and `xpack.observability.unsafe.cases.enabled` show and hides the Cases page.
Co-authored-by: Nathan L Smith <nathan.smith@elastic.co>