* Starting configure migration
* Initial refactor of configuration connector id
* Additional clean up and tests
* Adding some tests
* Finishing configure tests
* Starting case attributes transformation refactor
* adding more tests for the cases service
* Adding more functionality and tests for cases migration
* Finished unit tests for cases transition
* Finished tests and moved types
* Cleaning up type names
* Fixing types and renaming
* Adding more tests directly for the transformations
* Fixing tests and renaming some functions
* Adding transformation helper tests
* Adding migration utility tests and some clean up
* Begining logic to remove references when it is the none connector
* Fixing merge reference bug
* Addressing feedback
* Changing test name and creating constants file
* adds entries.list.id field in the searchable event filters fields list
* adds test case for list.id operator
* Revert "adds entries.list.id field in the searchable event filters fields list"
This reverts commit 45a66fd966.
* Revert "adds test case for list.id operator"
This reverts commit 9dba145df2.
* Disable large value list option in operators dropdown
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* allow rules to be managed in RAC page
* return all rules of a rule type instead of first one
* update UI to handle multiple rule types
* add comments about creating the menus by category for alerts and rules
* fix parsing of cluster alerts
Since 7.9.0, APM Server has been copying the `transaction.page.url`
value to the ECS `url` field. We should still use `transaction.page.url`
if it exists and `url` does not (i.e. for very old docs), but we should
stop expecting it in newly written documents.
* change alerts table filter text box placeholder
* update alerts table placeholder to use the status field
* use threshold for the alerts table placeholder
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* adding comparison to inventory page
* new api to get detailed statistics
* show comparison data
* adding api test
* fixing unit test
* fixing ts issue
* adding loading to table
* refactoring
* fixing TS issue
* addressing PR comments
* fixing merge
* addressing PR comments
* fixing api test
* adding comment
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
This PR implements sorting in the `TGrid`, per the animated gifs below:
_Above: Sorting in Observability, via `EuiDataGrid`'s sort popover_
_Above: Sorting and hiding columns in the Security Solution via `EuiDataGrid`'s column header actions_
## Details
* Sorting is disabled for non-aggregatble fields
* This PR resolves the `Sort [Object Object]` TODO described [here](https://github.com/elastic/kibana/pull/106199#issuecomment-883668966)
* ~This PR restores the column header tooltips where the TGrid is used in the Security Solution~
## Desk testing
To desk test this PR, you must enable feature flags in the Observability and Security Solution:
- To desk test the `Observability > Alerts` page, add the following settings to `config/kibana.dev.yml`:
```
xpack.observability.unsafe.cases.enabled: true
xpack.observability.unsafe.alertingExperience.enabled: true
xpack.ruleRegistry.write.enabled: true
```
- To desk test the TGrid in the following Security Solution, edit `x-pack/plugins/security_solution/common/experimental_features.ts` and in the `allowedExperimentalValues` section set:
```typescript
tGridEnabled: true,
```
cc @mdefazio
* [maps] deprecate xpack.maps.showMapVisualizationTypes in upgrade assistent
* use custom function instead of unusedFromRoot so config does not get removed
* fix i18n ids and align deprecation message
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* injects bulkCreate and wrapHits to individual rule executors
* WIP create_security_rule_type_factory based on Marshall's work in #d3076ca54526ea0e61a9a99e1c1bce854806977e
* removes ruleStatusService from old rule executors, fixes executor unit tests
* fixes rebase
* Rename reference_rules to rule_types
* Fix type errors
* Fix type errors in base security rule factory
* Additional improvements to types and interfaces
* More type alignment
* Fix remaining type errors in query rule
* Add validation / inject lists plugin
* Formatting
* Improvements to typing
* Static typing on executors
* cleanup
* Hook up params for query/threshold rules... includes exceptionsList and daterange tuple
* Scaffolding for wrapHits and bulkCreate
* Add error handling / status reporting
* Fixup alert type state
* Begin threshold
* Begin work on threshold state
* Organize rule types
* Export base security rule types
* Fixup lifecycle static typing
* WrapHits / bulk changes
* Field mappings (partial)
* whoops
* Remove redundant params
* More flexibile implementation of bulkCreateFactory
* Add mappings
* Finish query rule
* Revert "Remove redundant params"
This reverts commit 87aff9c810.
* Revert "whoops"
This reverts commit a7771bd392.
* Fixup return types
* Use alertWithPersistence
* Fix import
* End-to-end rule mostly working
* Fix bulkCreate
* Bug fixes
* Bug fixes and mapping changes
* Fix indexing
* cleanup
* Fix type errors
* Test fixes
* Fix query tests
* cleanup / rename kibana.rac to kibana
* Remove eql/threshold (for now)
* Move technical fields to package
* Add indexAlias and buildRuleMessageFactory
* imports
* type errors
* Change 'kibana.rac.*' to 'kibana.*'
* Fix lifecycle tests
* Single alert instance
* fix import
* Fix type error
* Fix more type errors
* Fix query rule type test
* revert to previous ts-expect-error
* type errors again
* types / linting
* General readability improvements
* Add invariant function from Dmitrii's branch
* Use invariant and constants
* Improvements to field mappings
* More test failure fixes
* Add refresh param for bulk create
* Update more field refs
* Actually use refresh param
* cleanup
* test fixes
* changes to rule creation script
* Fix created signals count
* Use ruleId
* Updates to bulk indexing
* Mapping updates
* Cannot use 'strict' for dynamic setting
Co-authored-by: Marshall Main <marshall.main@elastic.co>
Co-authored-by: Ece Ozalp <ozale272@newschool.edu>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Improve Index Management ts-expect-error annotations.
* Add steps for testing legacy index template mappings types to Index Management README.
* Rename component template API route handler files to follow pattern used elsewhere.
* New CrawlRequest type
* Add crawlRequests value to CrawlerOverviewLogic
* New CrawlRequestsTable component
* Added CrawlRequestsTable to CrawlerOverview
* Hide the CrawlRequest table when there are no domains or crawl requests for an engine
* Add an empty state for CrawlerOverview when there are no domains
* Remove unused import
* Fix AddDomainLogic tests
* Apply suggestions from code review
Co-authored-by: Constance <constancecchen@users.noreply.github.com>
* Fix capitalization
* Clarify test expectations
* Use noItemsMessage prop for CrawlRequestsTable empty state
* Refactor crawl requests logic
* Fix heading sizes
* Remove unused variable
Co-authored-by: Constance <constancecchen@users.noreply.github.com>
Adds the cloud icon to `xpack.actions.customHostSettings[n].ssl.verificationMode` and removes it from `xpack.actions.customHostSettings[n].ssl.rejectUnauthorized`, in the actions configuration documentation. The doc was written before `verificationMode` was added and `rejectUnauthorized` was deprecated.
Update stack monitoring doc to account for alert notification now being send for each node, index, or cluster based on the rule type, instead of always per cluster (PR# 102544)
* Get rid of all the Jest console warnings
* Make sure none of the observability storybook pages throw errors (whether they all work correctly or are useful is another matter, but they all load now.)
The `event.ingested` field is added to all documents ingested via
Fleet plus Agent. By removing the subseconds we can be better compression
of the values in Elasticsearch.
The primary user of `event.ingested` today is the the Security Detection Engine
as a tie-breaker in search_after, but once it moves to the using the
point-in-time API the need for precision will be lessened because PIT has
an implicit tie-breaker.
Relates #103944
Relates https://github.com/elastic/beats/issues/22388
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
