Add a "Open in Dev Tools" link to the request inspector.
Allow the dev tools to open data uris that are lz-string encoded (the same method used by TypeScript Playground, which are a lot shorter than a base64 encoded string.)
Co-authored-by: Nathan L Smith <nathan.smith@elastic.co>
**Ticket:** https://github.com/elastic/kibana/issues/109293🚨 **This PR is critical for Observability 7.15** 🚨
## Summary
This PR fixes the indexing implementation in `rule_registry`. It implements the suggestions for backwards compatibility described in the ticket:
- changes the naming scheme and introduces the concept of "backing indices", so that names of the concrete ("backing") indices != names of their aliases
- adds versioning based on the current Kibana version
TODO:
- [x] Change index naming (implement the concept of backing indices)
- [x] Include Kibana version into the index template metadata
- [x] Include Kibana version into the document fields
- [x] Remove `version` from `IndexOptions` (parameters provided by solutions/plugins when initializing alerts-as-data indices)
- [x] Fix CI
### Checklist
- [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials
- [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
Co-authored-by: Georgii Gorbachev <georgii.gorbachev@elastic.co>
* fix: use package policy ID when checking hasUpgrade
* fix: latest package version broken link
* refactor: use set for collecting unique namespace values
Co-authored-by: Mark Hopkin <mark.hopkin@elastic.co>
* Make count table field and alert table event renderer undraggable
* Remove tooltip from alert count table
* Remove DefaultDraggable wrapper from reason field
* Fix unit test and remove unused props
I am not 100% sure, but apparently, the test was broken due to a long import chain loop.
I cut the import chain by extracting some constants to a file.
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Pablo Machado <pablo.nevesmachado@elastic.co>
* [ML] add mappings for the new rule type
* [ML] add telemetry for enabled health checks
* [ML] update xpack_plugins.json
Co-authored-by: Dima Arnautov <dmitrii.arnautov@elastic.co>
* move activity log paging method close to call api method
refs 417d093a29
* add middleware additional activity log tests
* add a more specific server side test for activity log actions and responses
refs elastic/kibana/pull/101032
* remove obsolete server side audit log index mock method
refs elastic/kibana/pull/101032
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Ashokaditya <am.struktr@gmail.com>
* Extracting saved object references before saving action_task_params saved object
* Injecting saved object ids from references when reading action_task_param
* Adding migration
* Adding unit test for migrations
* Not differentiating between preconfigured or not
* Adding functional test for migration
* Skip extracting action id if action is preconfigured
* Only migrating action task params for non preconfigured connectors
* Simplifying related saved objects
* Fixing functional test
* Fixing migration
* Javascript is sometimes magical
* Updating functional test
* PR feedback
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: ymao1 <ying.mao@elastic.co>
* [ML] Fixing missing final new line character issue
* adding tests
* tiny refactor
* test fixes based on review
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: James Gowdy <jgowdy@elastic.co>
* Chore(TSVB): Replace aggregations lookup with map
* Fix types, update test expected data and remove unused translations
* Correct typo and refactor condition in std_metric
* Fix metric type
* Fix CI and label for Bucket Script
* Update agg_utils.test expected data
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* remove any in trigger registry
* improve comments
* remove all anys from ui_actions plugin
* fix formatting suggestions
Co-authored-by: Vadim Kibana <82822460+vadimkibana@users.noreply.github.com>
* add alert permission in o11y
* review I
* review II
* fix selection all when checkbox disabled
* fix selected on bulk actions
Co-authored-by: Xavier Mouligneau <189600+XavierM@users.noreply.github.com>
## Summary
Updates the `TGrid` to use `EuiDataGrid` [schemas](https://eui.elastic.co/#/tabular-content/data-grid-schemas-and-popovers/) as suggested by @snide in the following issue: <https://github.com/elastic/kibana/issues/108894>
## Desk testing
1) In the `Security Solution`, navigate to `Security > Rules` and enable multiple detection rules that have different `Risk Score`s
**Expected result**
- The Detection Engine generates alerts (when the rule's criteria is met) that have different risk scores
2) Navigate to the `Security > Alerts` page
**Expected results**
As shown in the screenshot below:
- The alerts table is sorted by `@timestamp` in descending (Z-A) order, "newest first"
- The `@timestamp` field in every row is newer than, or the same time as the row below it
- The alerts table shows a non-zero count of alerts, e.g. `20,600 alerts`
_Above: At page load, the alerts table is sorted by `@timestamp` in descending (Z-A) order, "newest first"_
3) Observe the count of alerts shown in the header of the alerts table, e.g. `20,600 alerts`, and then change the global date picker in the KQL bar from `Today` to `Last 1 year`
**Expected results**
- The golbal date picker now reads `Last 1 year`
- The count of the alerts displayed in the alerts table has increased, e.g. from `20,600 alerts` to `118,709 alerts`
- The `@timestamp` field in every row is (still) newer than, or the same time as the row below it
4) Click on the `@timestamp` column, and choose `Sort A-Z` from the popover, to change the sorting to ascending, "oldest first", as shown in the screenshot below:
_Above: Click `Sort A-Z` to sort ascending, "oldest first"_
**Expected results**
As shown in the screenshot below:
- The alerts table is sorted by `@timestamp` in ascending (A-Z) order, "oldest first"
- The `@timestamp` field in every row is older than, or the same time as the row below it
- `@timestamp` is older than the previously shown value, e.g. `Aug 3` instead of `Aug 24`
_Above: The alerts table is now sorted by `@timestamp` in ascending (A-Z) order, "oldest first"_
5) Click on the `Risk Score` column, and choose `Sort A-Z` from the popover, to add `Risk Score` as a secondary sort in descending (Z-A) "highest first" order, as shown in the screenshot below:
_Above: Click `Sort A-Z` to add `Risk Score` as a secondary sort in descending (Z-A) "highest first" order_
**Expected results**
- The alerts table re-fetches data
- The alerts table shows `2 fields sorted`
6) Hover over the alerts table and click the `Inspect` magnifiing glass icon
**Expected result**
- The `Inspect` modal appaers, as shown in the screenshot below:
_Above: the `Inspect` modal_
7) Click the `Request` tab, and scroll to the `sort` section of the request
**Expected result**
Per the JSON shown below:
- The request is sorted first by `@timestamp` in ascending (A-Z) order, "oldest first"
- The request is sorted second by `signal.rule.risk_score` descending (Z-A) "highest first" order
```json
"sort": [
{
"@timestamp": {
"order": "asc",
"unmapped_type": "date"
}
},
{
"signal.rule.risk_score": {
"order": "desc",
"unmapped_type": "number"
}
}
],
```
8) Click `Close` to close the `Inspect` modal
9) Click `2 fields sorted` to display the sort popover
10) Use the drag handles to, via drag-and-drop, update the sorting such that `Risk Score` is sorted **before** `@timestamp`, as shown in the screenshot below:
_Above: Use the drag handles to, via drag-and-drop, update the sorting such that `Risk Score` is sorted **before** `@timestamp`_
**Expected results**
As shown in the screenshot below:
- The table is updated to be sorted first by the higest risk score, e.g. previously `47`, now `73`
- The alerts table is sorted second by `@timestamp` in ascending (A-Z) order, "oldest first", and *may* have changed, e.g. from `Aug 3` to `Aug 12`, depending on the sample data in your environment
_Above: The alerts table is now sorted first by highest risk score_
11) Once again, hover over the alerts table and click the `Inspect` magnifiing glass icon
12) Once again, click the `Request` tab, and scroll to the `sort` section of the request
**Expected result**
Per the JSON shown below:
- The request is sorted first by `signal.rule.risk_score` in descending (Z-A) "highest first" order
- The request is sorted second by `@timestamp` in ascending (A-Z) order, "oldest first"
```json
"sort": [
{
"signal.rule.risk_score": {
"order": "desc",
"unmapped_type": "number"
}
},
{
"@timestamp": {
"order": "asc",
"unmapped_type": "date"
}
}
],
```
Co-authored-by: Andrew Goldstein <andrew-goldstein@users.noreply.github.com>
* Adds owner to presentation team plugin kibana.json. Updated CODEOWNERS
* Adds a few more owners for presentation
# Conflicts:
# .github/CODEOWNERS
# src/plugins/dashboard/kibana.json
