Attempts to make KQL syntax errors more sensical to the average user.
I initially tried to use a similar solution to the one we used for detecting usage of old lucene syntax. In other words, I tried to create rules in the grammar that would match strings containing common mistakes the user might make and throw custom error messages for each situation. This proved to be more difficult for detecting errors in the regular language. While the Lucene rules could be completely separated from the main grammar, the KQL error rules had to be mixed into the main grammar which made it much more complex and had a lot of unintended side effects.
So instead I decided to lean more heavily on PEG's built in error reporting. Giving certain rules human readable names allows the parser to use those names in the error reporting instead of auto generating a long list of possible characters that might be expected based on the matching rules. Since the PEG errors contain location information I was also able to add ascii art that points the user to exactly where the error occurred in their query string. While this approach is not quite as nice as bespoke error messages that tell the user exactly what is wrong in plain English, it's much more maintainable and I think it still results in much better error messages compared to what we have today.
I've also removed the old original kuery grammar (for queries like is(response, 200)). We were only using it to display an error if I user was still using the old syntax. This version of kuery hasn't existed since 6.3 and we've had error messages telling users this since then. I think it's safe to remove the legacy parser at this point, which greatly reduces the complexity of our error reporting.
Makes feature-secops closely mirror master of kibana
* Puts the ci/cd system back to where it mirrors master
* Removed stylelint
* Fixed accidental linter differences that accumulated along the way
* Fixed accidental package addition of `cherrio`
* Added back the translation file of `zh-CN.json`
* https://github.com/elastic/ingest-dev/issues/397
* https://github.com/elastic/ingest-dev/issues/198
* Implemented zeek.connection, zeek.dns, zeek.http, zeek.notice, zeek.ssl, and zeek.files
* Added unit tests and snapshot tests
* Broke out GoogleLink from Suricata
* SHA1 hashes from files gets linked to total virus for on-clicks
* Updated GraphQL and ECS to add more fields needed (http, url, module)
* Swept through with TestProvider cleanup in unit tests
* Added fix for the width for the timetable to render Suricata/Zeek the same as notes
* https://github.com/elastic/ingest-dev/issues/298
* Fixed `event.severity` to be operational now that ECS has been updated
* Added a Suricata SID database with references
* Wired in the references
* Created a tagging system for the UI
* Added Suricata SID and made it draggable onto the filters of the timeline
* Changed the hand rolled sushi 🍣 inline flex styles to EuiFlexItem, EuiGroupItem
* Removed older CVE column renderer from the system
* Wrote unit tests
* https://github.com/elastic/ingest-dev/issues/175
* https://github.com/elastic/ingest-dev/issues/299
* Fix hardcoded plugin name and license modes in common license checker
* Fix licensePreRoutingFactory scope issues
* PR feedback adjustments
* Use minimum license string instead of array of valid license
* Pass plugin name instead of ID for UX
* Return license status instead of `showLinks` and other flags
* Adjust factory closure for readability
* Fix test
* Additional PR feedback:
* Move license status constants to `/common`
* Internationalize plugin names that are passed to check license, and its error messages
* Remove `isAvailable` flag, change pre-routing logic to use `LICENSE_STATUS.VALID` instead
* Change constant `INACTIVE` to `EXPIRED`
* Convert check license test from mocha to jest
* Fix test
This commit accompanies the four that precede it. Rather than squash
them altogether, the four previous commits all do nothing except move
files to help avoid conflicts.
* Add ILM to i18nrc.json. Fix validation errors.
* Localize CCR and Rollups checkLicense errors.
* Fix bug in Remote Clusters checkLicense error.
* Use rollupJobs namespace in checkLicense.
* Added support for i18n to our project
* Translated all text I could find within the project
* Added `translations.ts` cascading files to each component folder
* Utilized `i18n.translate` within the files for the majority of translations
* Wired up .i18nrc.json to our project for the builds and added ignores where needed
* Changed unit tests to use <i18nProvider> where needed
* Added `<i18nProvider>` to the root level at start_app.tsx
* Changed `moment(date).fromNow()` to use relative date times of `<FormattedRelative value={new Date(date)} />`
* Added plurals for Rows
* Ran `node scripts/i18n_check --path x-pack/plugins/secops --output /tmp --output-format json5` and then opened the `/tmp/en.json` to ensure the keys are extracted as expected
* https://github.com/elastic/ingest-dev/issues/88
* Followed advice from https://github.com/elastic/kibana/issues/27968 and did _NOT_ inject anything I did not have to.
* Get basic scaffolding working
* Wire up cluster checkup data
* Add types for elasticsearch plugin
* Implement basics of checkup tab
* Update style of deprecations
* Add copy and reload button to checkup
* Add filtering by warning level
* Add deprecation logging tab
* Copy updates and cleanup
* Type cleanup
* Move deprecation logging to overview tab
* Make filters togglable
* Move sections into tabs and add support for grouping
* Cleanup and add clearer labels
* Use tables for message grouping
* Cleanup and small fixes
* Allow console to load relative URLs
* Add reindex in console button to reindex tasks
* Merge documentation UI and uiButtons
* Fix tests
* Filter bar tweaks
* Filter out index settings that can't be set
* Fix types
* Add tests for deprecation_logging
* Add tests for reindex templates
* Make KibanaConfig generic
* Simplify integration test
* Finish backend unit tests
* Fixup types
* Fix uiButton updating for reindex items
* Fixed background color stretching
* Pulling tabs out and re-ordering filter buttons
* Making accordions more item-list like
* Turned Healths into Badges
- Couldn’t do the conversion within the cell because it only passed color
* Fix overflow issue
* Optional filter and expand/collapse controls
* Reorganizing
- Added placeholder for moving action button up into accordion header
- Removed repetitive message name outputs
- Slightly better listing of each message when sorting by index
- Only showing number of severity when sorting by index
- Still need to allow showing all severity levels
- Added indice count when sorting by issue
* Putting `Deprecation logging` in a `EuiDescribedFormGroup`
* Added some stats, empty prompts, and all clear prompt
* Added docs link
* Cleaned up sass files
* Revert changes to fake_deprecations
* Update blacklisted settings
* wip
* Move data fetching and tab control
* Wire up overview summary
* Cleanup docs/uiButtons + move actions to index table
* Add expand/collapse all functionality
* Wire up search box
* Wire up severity indicators
* Fix types
* Round out functional tests
* Fix fake data
* Remove info deprecation level
* Fix extra space on cluster tab control bar
* Cleanup code and localize majority of UI controls
* Change overview tab to steps layout
* Update copy
* Localize overview tab
* Complete localization of checkup tabs
* Make ES version dynamic based on branch
* Add pagination to checkup tabs
* Rename checkup -> assistant
* Cleanup filter and group by bars
* WIP UI unit tests
* Copy tweaks
* Fix i18n formatting issues
* Update tests for copy
* Add tests for remaining UI
* Fix pagination w/ filter changes + table button color
* Small cleanup
* Add reindex button to old index deprecations
* Add shrunken indices setting to copy settings blacklist for #18469
* Add next steps to overview tab + update copy
* Remove usage of migration assistance API
* Use all/critical toggle for filter buttons
* Cloud upgrade copy
* Translate reindex button
* Remove hacked EUI type
* Show incomplete banner on all tabs
* Update copy for waiting for next version
* Review comments
* Update deprecation level type
* Update checkup tab snapshots
* Remove dependencies on types from #25168
* Use types from new global type defs
* Remove 'Reindex in Console' button
* Remove unused variable
* Translations for Cluster and Alerts
* Translations for cluster and alerts
* Translations for cluster and alerts
* Fix typos
* Update id
* Update Notification snapshot
* Translate lastEvent label
* Revert changes for untranslated label.
* Internationalize job details tabs and wrap instances in EuiErrorBoundary to visually localize the error.
* Localize no default index pattern message.
* Localize es interval errors.
* Localize job action menu and confirm delete modal.
* Remove unnecessary use of injectI18n from tabs.
* Localize job status.
* Localize steps.
* Remove template literals from FormattedMessages.
* fix tests and update snapshots
* fix id names
* fix test and update snapshots
* Update unit test snapshots
* fix issues
* Update snapshots
* Fix issues