* Change top_hits aggregations to top_metrics for snapshot api
* Fix typing
* Remove top_hits types
* Add test for top metrics
* Fix functional test
* Add size 1 to top metrics aggregation
* change type for metadata rows
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* starting removing stuff
* fix jest config
* disable CLI mode until other PR is merged
* fix the schema
* add deprecation for maxPayloadBytes
* fix legacy start logic
* deletes `env` from unknown args
* fix FTR test config
* some legacy service deletion
* move config validation
* remove legacy exports from entrypoint
* preserve legacy logging in core logging config
* try to fix uiSettings integration tests
* fix legacy service tests
* more type fix
* use fromRoot from @kbn/utils
* cleanup kibana.d.ts
* fix unit tests
* remove src/core/server/utils
* fix server script
* add integration test for `/{path*}` route
* add unit tests on legacy config
* adapt uiSetting IT bis
* fix tests
* update generated doc
* address some review comments
* move review comments
* fix some stuff
* fix some stuff
* fix some stuff
* fix some stuff bis
* generated doc
* add test for ensureValidConfiguration
* fixes a skipped management x-pack test
* modified the test to incoroporate the review comments
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Set up helper for showing JSON request/response bodies
* Set up mock API log obj for tests to use
* Add ApiLogLogic file for flyout handling
* Add ApiLogFlyout component
* Update views to load flyout
* Update table to open flyout
* Update x-pack/plugins/enterprise_search/public/applications/app_search/components/api_logs/utils.ts
* PR feedback: comments
Co-authored-by: Byron Hulcher <byronhulcher@gmail.com>
Co-authored-by: Byron Hulcher <byronhulcher@gmail.com>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
### [RAC][Alert Triage][TGrid] Update the Alerts Table (TGrid) API to implement `renderCellValue`
- This PR implements a superset of the `renderCellValue` API from [EuiDataGrid](https://elastic.github.io/eui/#/tabular-content/data-grid) in the `TGrid` (Timeline grid) API
- The TGrid API was also updated to accept a collection of `RowRenderer`s as a prop
The API changes are summarized by the following screenshot:
<img width="1239" alt="render-cell-value" src="https://user-images.githubusercontent.com/4459398/113345484-c121f800-92ef-11eb-8a21-2b6dd8ef499b.png">
The following screenshot shows the `signal.rule.risk_score` column in the Alerts table being rendered with a green background color, using the same technique illustrated by `EuiDataGrid`'s [codesandbox example](https://codesandbox.io/s/nsmzs):
<img width="1231" alt="alerts" src="https://user-images.githubusercontent.com/4459398/113349015-a30ac680-92f4-11eb-8518-5c1b7465e76e.png">
Note: In the screenshot above, the values in the Alerts table are also _not_ rendered as draggables.
Related (RAC) issue: https://github.com/elastic/kibana/issues/94520
### Details
The `StatefulEventsViewer` has been updated to accept `renderCellValue` as a (required) prop:
```
renderCellValue: (props: CellValueElementProps) => React.ReactNode;
```
The type definition of `CellValueElementProps` is:
```
export type CellValueElementProps = EuiDataGridCellValueElementProps & {
data: TimelineNonEcsData[];
eventId: string; // _id
header: ColumnHeaderOptions;
linkValues: string[] | undefined;
timelineId: string;
};
```
The `CellValueElementProps` type above is a _superset_ of `EuiDataGridCellValueElementProps`. The additional properties above include the `data` returned by the TGrid when it performs IO to retrieve alerts and events.
### Using `renderCellValue` to control rendering
The internal implementation of TGrid's cell rendering didn't change with this PR; it moved to
`x-pack/plugins/security_solution/public/timelines/components/timeline/cell_rendering/default_cell_renderer.tsx` as shown below:
```
export const DefaultCellRenderer: React.FC<CellValueElementProps> = ({
columnId,
data,
eventId,
header,
linkValues,
setCellProps,
timelineId,
}) => (
<>
{getColumnRenderer(header.id, columnRenderers, data).renderColumn({
columnName: header.id,
eventId,
field: header,
linkValues,
timelineId,
truncate: true,
values: getMappedNonEcsValue({
data,
fieldName: header.id,
}),
})}
</>
);
```
Any usages of TGrid were updated to pass `DefaultCellRenderer` as the value of the `renderCellValue` prop, as shown in the screenshot below:
<img width="1239" alt="render-cell-value" src="https://user-images.githubusercontent.com/4459398/113345484-c121f800-92ef-11eb-8a21-2b6dd8ef499b.png">
The `EuiDataGrid` [codesandbox example](https://codesandbox.io/s/nsmzs) provides the following example `renderCellValue` implementation, which highlights a cell green based on it's numeric value:
```
const renderCellValue = useMemo(() => {
return ({ rowIndex, columnId, setCellProps }) => {
const data = useContext(DataContext);
useEffect(() => {
if (columnId === 'amount') {
if (data.hasOwnProperty(rowIndex)) {
const numeric = parseFloat(
data[rowIndex][columnId].match(/\d+\.\d+/)[0],
10
);
setCellProps({
style: {
backgroundColor: `rgba(0, 255, 0, ${numeric * 0.0002})`,
},
});
}
}
}, [rowIndex, columnId, setCellProps, data]);
function getFormatted() {
return data[rowIndex][columnId].formatted
? data[rowIndex][columnId].formatted
: data[rowIndex][columnId];
}
return data.hasOwnProperty(rowIndex)
? getFormatted(rowIndex, columnId)
: null;
};
}, []);
```
The sample code above formats the `amount` column in the example `EuiDataGrid` with a green `backgroundColor` based on the value of the data, as shown in the screenshot below:
<img width="956" alt="datagrid-cell-formatting" src="https://user-images.githubusercontent.com/4459398/113348300-a782af80-92f3-11eb-896a-3d92cf4b9b53.png">
To demonstrate that similar styling can be applied to TGrid using the same technique illustrated by `EuiDataGrid`'s [codesandbox example](https://codesandbox.io/s/nsmzs), we can update the `DefaultCellRenderer` in `x-pack/plugins/security_solution/public/timelines/components/timeline/cell_rendering/default_cell_renderer.tsx` to apply a similar technique:
```
export const DefaultCellRenderer: React.FC<CellValueElementProps> = ({
columnId,
data,
eventId,
header,
linkValues,
setCellProps,
timelineId,
}) => {
useEffect(() => {
if (columnId === 'signal.rule.risk_score') {
const value = getMappedNonEcsValue({
data,
fieldName: columnId,
});
if (Array.isArray(value) && value.length > 0) {
const numeric = parseFloat(value[0]);
setCellProps({
style: {
backgroundColor: `rgba(0, 255, 0, ${numeric * 0.002})`,
},
});
}
}
}, [columnId, data, setCellProps]);
return (
<>
{getMappedNonEcsValue({
data,
fieldName: columnId,
})}
</>
);
};
```
The example code above renders the `signal.rule.risk_score` column in the Alerts table with a green `backgroundColor` based on the value of the data, as shown in the screenshot below:
<img width="1231" alt="alerts" src="https://user-images.githubusercontent.com/4459398/113349015-a30ac680-92f4-11eb-8518-5c1b7465e76e.png">
Note: In the screenshot above, the values in the Alerts table are not rendered as draggables.
* Hide chrome for Workplace Search by default
The Workplace Search Personal dashboard needs the chrome hidden. We hide it globally here first to prevent a flash of chrome on the Personal dashboard and unhide it for admin routes, which will be in a future commit
* Add core.chrome.setIsVisible to KibanaLogic
* Toggle chrome visibility for Workplace Search
* Add test
* Refactor to set context and chrome when pathname changes
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Fix route for private deferated source summary
* Make schema types nullable
Federated sources don’t have counts and the server returns null so our routes have to expect that sometimes these values will be null
* Add SourceSubNav to Personal dashboard
We are able to leverage the existing component with a couple a small change; the existing componet is a subnav in the larger Enterprise Search shared navigation component and does not include its styles. This caused the list items to render with bullet points next to them. Adding this class and displaying the nav items as block elements fixes this issue.
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* add spaces test
* fix updating and deleting sessions in non-default space
* revert back to batch update
* Add space tests
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Liza K <liza.katz@elastic.co>
This was causing console errors.
I factored out the column headers to their own component, and moved
all table rows to be under a tbody. This alleviates the console
warnings.
* Add toasts to FlashMessagesLogic
+ Tests cleanup:
- Group actions by their reducer blocks (since flashMessages has such specific logic) - recommend viewing with whitespace changes off for this
- Do not reset context between each test, but instead by mount(), which allows tests to maintain state between adding/removing/resetting
- Remove '()' from test names (feedback from previous PRs)
* Add toast message helpers
+ refactor FLASH_MESSAGE_TYPES to constants, so that both callouts & toasts can use it effectively
* Update FlashMessages to display toasts as well as callouts
- This means we can automatically use toasts alongside callouts in all views that already have FlashMessages
+ a11y enhancement! update callouts to also announce new messages to screenreaders
* [Example] Update ApiLogsLogic to flash an error toast on poll
+ update copy to better match EUI guidelines (shorter)
* Fix test caused by new FlashMessages structure
* PR suggestion - destructure
Co-authored-by: Scotty Bollinger <scotty.bollinger@elastic.co>
* PR feedback: implicit return
* Fix color types
- adding our own string enum fixes the typescript errors that both EuiCallout & EuiToast emit when passing color props to the base EUI types
* PR feedback: Update flashToast API to match callout helper API
- accepts a string title with optional args, creates a unique ID automatically if missing
Co-authored-by: Scotty Bollinger <scotty.bollinger@elastic.co>
* Remove kebabCase
Kibana routes are snake case, which matches the existing serviceType, so this is no longer needed
* Fix route segment
The word reauthenticate is not hyphenated
* Fix all misspelling of reauthenticate
Renames files too
* add runtime mapping editor in wizard
* ensure depVar is updated correctly with RF changes
* remove old RF from includes
* ensure cloning works with RF as depVar
* ensure indexPattern RF work
* scatterplot supports RTF. depVar options have indexPattern RTF on first load
* remove unnecessary types
* ensure supported fields included by default
* update types in editor
* use isRuntimeMappings
* fix translations. ensure runtimeMappings persist when going back to step 1
* ensure histograms support runtime fields
* update types
* Enterprise Search eslint import order rule fix
- mocks in current folder should be grouped with mocks from parent folders
* Run --fix/update instances of importing ./__mocks__
* Add hasBorder to all EuiPageContent panels
* EngineCreation: switch EuiPageBody to EuiPageContent
+ add hasBorder
* Credentials: update EuiPanels w/ hasBorder
* ApiCodeExample: switch to hasBorder
* DataPanel: update to take & pass hasBorder prop
* Analytics & EngineOverview: use hasBorder
* Relevance Tuning: update EuiPanels
- switch to hasBorder for top level panels
- switch to color="subdued" for boost accordion
- tweak padding of boost panel
- CSS cleanup
* Role Mappings: switch to hasBorder
+ remove unused class - `euiPanel--disabled` was not applying any styles
+ remove random 'export' string
* Sample engine CTA: switch to subdued panel
+ fix sizing - when loading button pops in, it was causing text to overflow
* Standardize process fields across process and Target.process
* Lint
* Bug fix
* Typo fix
* Add new fields to unit test, fix 0 truthiness bug, and exercise 0 truthiness bug in unit test
* Add a PR-requested unit test case
* Use Yoda Conditions, Kibana does not
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* [APM] Correlations support for progressively loading sections (#95059)
* fixes type consistency
* - Adds progressive section loading for errors tab in correlations
- code improvements
* Tests for latency correlations and overall distribution APIs
* adds API test for error correlations endpoints
* renamed 'getOverallErrorDistribution' to 'getOverallErrorTimeseries'
* Code improvements
* fix whitespace
* Remove references to class `ArtifactClient` and replace with EndpointArtifactClientInterface
* refactor artifact client tests to use new class
* Added additional test to Fleet Artifacts create service
* remove SavedObject type wrapper from getArtifact response
* add base config for all the TS projects
* all the project use new tsconfig.project.json
* compile test files in the high-level tsconfig.json
* fix TS error in maps plugin
* fix TS error in infra plugin
* exclude mote test and test until folders
* uptime. do not import test code within prod code
* expressions. do not import test code within prod code
* data: export mocks from high level folder
* task_manager: comply with es client typings
* infra: remove unused enzyme_helpers
* check_ts_project requires "include" key
* ts_check should handle parent configs
* all ts configs should extend base one
* exclude test folders from plugins
* update patterns to fix ts_check errors
* Apply suggestions from code review
Co-authored-by: Constance <constancecchen@users.noreply.github.com>
* uptime: MountWithReduxProvider to test helpers
Co-authored-by: Constance <constancecchen@users.noreply.github.com>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
- Gets rid of imports from 'elasticsearch' and replaces them with '@elastic/elasticsearch'.
- Extends isPopulatedObject() to allow an optional array of attributes to check if they exist. Allows us to get rid of the manual and inconsistent usages of hasOwnProperty().
* [Reporting] CSV Export: fix and unskip failing test
* fix snapshot extra records
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Add support for includeAliases to restore API endpoint, with unit tests.
* Remove unused deserializeRestoreSettings function.
* Add 'Include aliases' option to the UI, with default value of true.
* Add client integration test.
* wip, migrated routes and plugins
* refactored all ES error handling to use handleEsError and new isEsError detection
* - fixed Jest tests for new es client
- updated routes in light of new responses
* remove unused import
* remove unecessary isEsError check in rest api route handlers
* mute all incorrect types from client lib using @ts-expect-error
* reordered and clean up imports, removed legacy client code
* update legacy test runner
* updated use of legacyES
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Added decimals validation for phase timing field and rollover age and docs number fields
* Refactored min age field validator
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* first pass of osquery host picker
* passes type checking and linting
* reworked everything
* fixed the policy query and pill colors
* fix i18n test failures
* refactor server side logic
* more clean up
* address pr comments
* fix types, await the parsed agents on the server side
* primitive is spelled with an i
* agents come in as list rather than agents
* added more helpers tests, added some edge case guarding
* unwrap agents off response in useAllAgents
* used proper types for aggregations
* translations for more ui text
* fix linting errors
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* remove shadows from eui panel at all levels
* added "hasBorder" to support nested panels
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* chore(NA): move elastic-datemath into a ts package
* chore(NA): finish elastic-datemath
* chore(NA): finish elastic-datemath
* chore(NA): source folder for elastic-datemath
* chore(NA): add source-maps ace, analytics, apm-config-loader and apm-utils packages
* chore(NA): add sourcemaps to packages on typescript
* chore(NA): move test fixtures within source
* chore(NA): correct exclusions on packages
* chore(NA): correct package.json on all packages
* chore(NA): correct package.json on all packages
* chore(NA): complete kbn pm
* chore(NA): default export on elastic-datemath
* chore(NA): include logs on kbn-logging
* chore(NA): update bundle ref module to last code used in the webpack upstream
* chore(NA): update bundle ref module to last code used in the webpack upstream - refactored
* chore(NA): remove override method for exportsArgument
* fix(NA): typechecking problems by use @internal at javascript import sources on kbn-test package
* fix(NA): typescript projects check
* fix(NA): run optimizer integration tests from source
* chore(NA): fix usage from target for kbn optimizer
* chore(NA): path on tsconfig
* chore(NA): move tsignore into ts-expect-error
* chore(NA): include souce maps on kbn cli dev
* chore(NA): include souce maps on kbn-crypto, kbn-server-http-tools and kbn-telemetry-tools
* chore(NA): add issue links into the ts-expect-error comments
* [ML] Fix AD wizard full time range chart broken with saved search
* [ML] Update runtimeMappingsSchema to be its own thing for better reuse
* [ML] Remove undefined check
* Set up API route
* Set up API types
* Set up date util needed by filters dates
* Add ApiLogsLogic
* Update ApiLogs and EngineOverview views with polling behavior
* Add API type notes - maybe serves as a TODO to clean up our API data some day
* re-organize files
* fix unit tests
* fix unit test
* fix types
* fix types
* fix unit test
* reorganize files
* update dependency
* fix unit test
* rename filders
* unit test
* update prepackaged timelines path
* fix integration tests
* check if lastSeen is an array
* rename Note to Notes
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* [TSVB] Show an indicator when using Last Value mode
* Extended some TSVB types, remove unused translations and do some refactoring
* Fix some functional tests and label displaying for Last value
* Fix some functional tests and label displaying for Last value
* Refactor data_time_range_mode_label and change some types
* fix CI
* Refactor timeseries_visualization seriesData
* Remove unused re export
* Replace "href" prop with "onClick" in EuiLink and refactor tooltip content
* Change link to text and add pointer style to it
* FIx import in kibana_framework_adapter
* Remove label for entire time range mode and add an icon for last value mode label
* Add action to show last value label for TSVB embeddables
* Fix TimeseriesVisParams import
* Revert "Add action to show last value label for TSVB embeddables"
This reverts commit 15f16d6f72.
* Put the "Last value" badge on the top of visualization and add an option to hide it
* Fix failing _tsvb_markdown test and refactor timeseries_visualization
* Move I18nProvider frim timeseries_visualization to timeseries_vis_renderer
* Add condition to hide gear button when entire time range mode is enabled, fix gauge scroll issue
* Change text in the popover, add condition to indicator if series data is empty, create migration script to hide last value label for previously created visualizations and a test for that
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Alexey Antonov <alexwizp@gmail.com>
* Allows filter param. Empty by default
* Uses KQL for filter from Ui
* Adds search bar to dispatch trusted apps search. Fixes some type errors. Added filter into the list View state
* Fix tests and added a new one. Also split query on array to improve readability
* Decouple query parser to be used outside the middleware
* Reuse code using a map
* Filter by term using wildcards. Updates test
* Adds useCallback to memoize function
* [file_upload] add has_import_permission route
* remove ml hasImportPermissions
* fix tsconfig path
* tslint
* review feedback
* make pipeline check optional since geojson upload does not use pipeline
* ts cleanup
* make geojson permission failure message actionable
* revert privilege change in functional test
* add global_index_pattern_management_all permission to functional test
* rename hasPipeline to checkHasManagePipeline
* add api integration test
* tslint
* revert change to es_search_source
* simpilify error message when users can't create index pattern
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Move current alert HTTP APIs to legacy folder (#93943)
* Move current HTTP APIs to legacy folder
* Rename BASE_ALERT_API_PATH to LEGACY_BASE_ALERT_API_PATH
* Fix failing tests and extra files
* Create new rule HTTP APIs (#93980)
* Move current HTTP APIs to legacy folder
* Rename BASE_ALERT_API_PATH to LEGACY_BASE_ALERT_API_PATH
* Fix failing tests and extra files
* Move current alert HTTP APIs to legacy folder (#93943)
* Move current HTTP APIs to legacy folder
* Rename BASE_ALERT_API_PATH to LEGACY_BASE_ALERT_API_PATH
* Fix failing tests and extra files
* Add necessary files
* Create rule route
* Get rule API
* Update rule API
* Delete rule route
* Aggregate rules API
* Disable rule API
* Enable rule API
* Find rules API
* Fix Update API
* Get rule alert summary API
* Get rule state API
* Health API
* Rule types API
* Mute all API
* Mute alert API
* Unmute all API
* Unmute alert route
* Update API key API
* corrected tpye by making it much more complicated
* removed unneeded cocde
* Fixes
* Add back health route
* mutedInstanceIds -> mutedAlertIds
* lastRun -> last_run
* alert_type_state -> rule_type_state & alert_instances -> alerts
Co-authored-by: Gidi Meir Morris <github@gidi.io>
* Create docs for new rule HTTP APIs, deprecate old docs (#94745)
* Create docs for new APIs, deprecate old docs
* Remove connector_type_id
* Update docs
* Add link to legacy APIs from rules API docs
* Remove connector_type_id references
* [DOCS] Add legacy APIs to index.asciidoc
* Fix camel case
Co-authored-by: lcawl <lcawley@elastic.co>
* Make alerting tests use new rules APIs (#95159)
* Make API integration tests use new HTTP APIs
* Fix end to end tests
* Fix test failures
* Fix more test failures
* Rename some files
* Add tests for legacy APIs (#95333)
* Initial commit (#95457)
* Move some new alerting APIs to /internal (#95461)
* Initial commit
* Update README.md
* Use internal API
* Merge deprecated warning w/ alternative solution
* Update API docs
Co-authored-by: Gidi Meir Morris <github@gidi.io>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: lcawl <lcawley@elastic.co>
* Added new onboarding complete route for App Search
* Allow responses without JSON bodies in Enterprise Search
* New SampleEngineCreationCtaLogic
* New SampleEngineCreationCta component
* Add SampleEngineCreationCTA to engines EmptyState
* Improve SampleEngineCreationCta
* Fix spelling error in Enterprise Search request handler test
* Improve SampleEngineCreationCtaLogic
* Fix types
* Fix tests after origin/master merge
* Turns out I 'fixed' my tests by removing this test
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* pass error reason for ES responses provided in HTTP response body
* add a test
* ML: update functional tests when index does not exist
* transform: fix integration test for error message
* Add interface
The component was already passing the props the logic file needed, they just aren’t listed in the interface
* Pass props to logic file
Also destructures from props to prevent collision with the local logic values that are repopulated when data is fetched.
* Update logic file to use props for default values
* Fix test and use spy
* Remove resetContext
No longer needed!
* Migration of artifacts from SO to fleet index
* Better errors out of fleet server setup
* Expose `fleetSetupComplete()` out of FleetStartContract
* Ensure that ManifestTask only runs after `.start()` is called
* DRY out repeated button/table/modal actions copy to a shared file
* DRY out 'Edit' copy
* DRY out 'Delete' copy
* DRY out 'Save' copy
* DRY out 'Cancel' copy
* DRY out 'Continue' copy
* DRY out 'Close' copy
* DRY out 'Manage' copy
* DRY out 'Update' copy
* [WS] DRY repeated 'Update'/'Save'/'Cancel' copy
* [AS] DRY out 'Restore defaults' button
- used on 2 pages so far, and will also be used on result settings
* PR feedback: Add _BUTTON_LABEL specificity
* [ML] Add runtime support from index pattern for data viz
* [ML] move runtime mappings outside of aggregatableFields loop
* [ML] Change arg name to runtimeMappings
* [ML] Fix dv full time range broken
* [ML] Fix dv broken with time range
* [ML] Add better error handling/transparency
* [ML] Update to using estypes.RuntimeField
* [ML] Update to use some shared common functions between ml and transform
* Revert "[ML] Update to use some shared common functions between ml and transform"
This reverts commit ce813f01
* [ML] Disable context menu if no charts
* Make 'enter time range' value as default and add telemetry for 'last value' mode
* Fix telemetry schema
* Fix test
* Add possibility count timeseries created from dashboard
* Fix remark
* Fix remark
* Fix problem with time_range_mode
* Fix tests
* Fix tests
* Fix tests for markdown and table
* exclude TSVB which have type as timeseries
* Add description for field in schema in telemetry
* Fix telemetry schema
* Fix some remarks
* Added check for hits
* fix CI
* fix CI
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Alexey Antonov <alexwizp@gmail.com>
**Related to:** https://github.com/elastic/kibana/pull/94143
## Summary
This PR adds new fields to the schema (`EventSchema`, `IEvent`):
- standard ECS fields: `error.*`, `event.*`, `log.level`, `log.logger`, `rule.*`
- custom field set `kibana.detection_engine`
We need these fields on the Detections side to implement detection rule execution log. See the related proposal (https://github.com/elastic/kibana/pull/94143) for more details.
Also, this PR bumps ECS used in Event Log from `1.6.0` to the current `1.8.0` version. They are 100% same in terms of fields used in Event Log, so no changes in the schema were caused by this version increment.
* [TSVB] Enable `dual mode`, support index patterns and strings
* modify UI
* add migration script
* refactoring
* fix CI
* prefill the index pattern name
* modify UI
* modify UI
* update UI
* fix functional test
* some work
* remove callouts
* fix rollup test
* update UI
* fix typo
* add some unit tests
* add functional test
* fix CI
* correct labels
* fix ci group 12
* cleanup interface
* fix CI
* cleanup API
* fix some of PR comments
* move index patterns into so references
* remove wrong logic
* fix JEST
* fix some ui issues
* update sample data
* indexPatternObject -> indexPatternValue
* fix comments
* I have a dashboard with two TSVB viz. One with the default (haven't applied it to the combobox) and one with the logs. The filter contains fields only from the logs index pattern
* When I am on the string mode and try to write my index, sometimes some of the chars are not added or they are deleted while typing, something with the denounce maybe?
* fix merge conflicts
* Does this PR also supports runtime fields? I created one from the editor and I see that I can select it
* fix UI issue
* If I create a viz with the string mode and a wildcard e.g. kibana_sample*, the index patterns are not communicated correctly to the dashboard.
* fix import/export refs for dashboard
* remove MigrationPopover
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Moves part of the exceptions UI out of the security solution plugin and into the lists plugin. In order to keep PRs (relatively) small, I am moving single components at a time. This should also then help more easily pinpoint the source of any issues that come up along the way.
The next couple PRs will focus on the exception builder. This one in particular is focused on moving over the `BuilderExceptionItem` which deals with rendering the individual exception items.
* [Alerts][Actions] Added missing telemtry mapping for a new alert and action types: geo-containment, es-query, teams
* fixed mappings
* fixed ML alert type telemetry mappings
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Split rule executors into different files
* Pass type-specific rule SOs to rule executor functions
* Genericize function to narrow ruleSO type
* Remove undefined return type from getExceptions
* Remove unintentional change to SIGNALS_TEMPLATE_VERSION
* Remove extra validation now covered by schemas
* Remove extra validation from ML rule executor
* Fix types
* syncs schemas
* Revert "syncs schemas"
This reverts commit b1dd59e3f0.
* Fix api test and move threshold executor test
* kinda adds eql test
* Refactor and fix unit tests
* fixes marshalls mistake
Co-authored-by: Davis Plumlee <davis.plumlee@elastic.co>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Addded test for Bytes processor.
* Broke out processor not selected section of tests to its own test and made edits per feedback in PR.
* Broke out processor data fetching to a separate reusable helper function.
* Broke out processor data fetching to a separate reusable helper function.
* Added functionality for toggling the ignore missing switch.
* ES lint fix.
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Beginning to move the exceptions UI out of the security solution plugin and into the lists plugin. In order to keep PRs (relatively) small, I plan to move single components at a time. This should also then help more easily pinpoint the source of any issues that come up along the way.
The next couple PRs will focus on the exception builder. This one in particular is focused on moving over the `BuilderEntryItem` which deals with rendering the individual exception item entries. An entry can be of type `match`, `match_any`, `list`, `exists`, or `nested`. The component makes use of the autocomplete fields which use the index patterns to display possible fields and field values.
One of the decisions made in this PR was to have consumers of the `BuilderEntryItem` pass through the autocomplete service as opposed to the `lists` plugin adding it as a dependency. The reason being that it is likely that plugins using the lists plugin will already be consuming either the data plugin or if alerting takes exceptions in, then they'll be consuming alerting. In an effort to avoid some possible icky circular dependency issues, though it best to make the service passed in, as we had already been doing with the hooks in the `lists` plugin.
* Rework panels to subdued style
* Fix button when source has been onboarded
* Update content_section test for EuiSpacer
* Update content_section test for EuiSpacer Length
* Lint fix for onboarding_card
* Remove spacer size due to default
Co-authored-by: Scotty Bollinger <scotty.bollinger@elastic.co>
* Remove test line for Spacer now that size=default
Co-authored-by: Scotty Bollinger <scotty.bollinger@elastic.co>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
