* added initial version of locator
* removed unused params and added jest test
* updated functional test to expect PDF reports to be available when vis is new
* fix TS: remove unkown field
* added some docs and removed unused code
* AggsConfigOption -> AggsConfigSerialized
* moved locator to common
* fixed building of "create" path and updated test snapshots
* updated import
* update encoding behaviour
* added time range from timefilter to locator params request
* add index pattern and search id to URL params
* reading index pattern from search source if it is there for the locator
* remove "type" from locator params, update comments and test
* removed duplicate identifier
* remove unused type
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Step 2: Update client code to use resolve() method instead of get()
Following sharing Saved Objects developer guide: Step 2
This step demonstrates the changes to update client code to use the new
SavedObjectsClient `resolve()` method instead of `get()`.
* Step 3 Lens
## Summary
Adds a workaround for EQL bug: https://github.com/elastic/elasticsearch/issues/77152
Adds the safety feature mentioned here: https://github.com/elastic/kibana/issues/110802
Adds the ability to ignore particular [fields](https://www.elastic.co/guide/en/elasticsearch/reference/current/search-fields.html#search-fields-param) when the field is merged with [_source](https://www.elastic.co/guide/en/elasticsearch/reference/current/search-fields.html#source-filtering). Also fixes an EQL bug where EQL is introducing the meta field of `_ignored` within the fields and causing documents to not be indexable when we merge with the fields from EQL.
Alerting document creation uses the fields API to get [runtime field](https://www.elastic.co/guide/en/elasticsearch/reference/current/runtime.html), [constant keyword](https://www.elastic.co/guide/en/elasticsearch/reference/master/keyword.html#constant-keyword-field-type), etc... that are only available within the [fields API](https://www.elastic.co/guide/en/elasticsearch/reference/current/search-fields.html#search-fields-param) and then merges the field values not found within the `_source` document with the `_source` document and then finally indexes this merged document as an alert document.
This fix/ability is a "safety feature" in that if a problematic [runtime field](https://www.elastic.co/guide/en/elasticsearch/reference/current/runtime.html), [constant keyword](https://www.elastic.co/guide/en/elasticsearch/reference/master/keyword.html#constant-keyword-field-type) is discovered or another bug along the stack we can set a `kibana.yml` key/value pair to ignore the problematic field.
This _WILL NOT_ remove problematic fields from the `_source` document. This will only ignore problematic constant keyword, runtime fields, aliases, or anything else found in the fields API that is causing merge issues.
This PR:
* Adds a `alertIgnoreFields` `kibana.yml` array key with a default of an empty array if not specified.
* Plumbs the `alertIgnoreFields` through the stack and into the fields/_source merge strategies of `missingFields` and `allFields`
* Adds a temporary `isEqlBug77152` where it hard codes an ignore of `_ignored` until the EQL problem is fixed and then we will remove the workaround
* Adds unit tests
* Adds e2e tests which covers the described use cases above.
The `alertIgnoreFields` key/value within `kibana.yml` if set should be an array of strings of each field you want to ignore. This can also contain regular expressions as long as they are of the form, `"/regex/"` in the array.
Example if you want to ignore fields that are problematic called "host.name" and then one in which you want to ignore all fields that start with "user." using a regular expression:
```yml
xpack.securitySolution.alertIgnoreFields: ['host.name', '/user\..*/']
```
Although there are e2e tests which exercise the use cases...
If you want to manual test the EQL bug fix you would add these documents in dev tools:
```json
# Delete and add a mapping with a small ignore_above.
DELETE eql-issue-ignore-fields-delme
PUT eql-issue-ignore-fields-delme
{
"mappings" : {
"dynamic": "strict",
"properties" : {
"@timestamp": {
"type": "date"
},
"some_keyword" : {
"ignore_above": 5,
"type" : "keyword"
},
"other_keyword" : {
"ignore_above": 10,
"type" : "keyword"
}
}
}
}
# Add a single document with one field that will be truncated and a second that will not.
PUT eql-issue-ignore-fields-delme/_doc/1
{
"@timestamp": "2021-09-02T04:13:05.626Z",
"some_keyword": "longer than normal",
"other_keyword": "normal"
}
```
Then create an alert which queries everything from it:
<img width="1155" alt="Screen Shot 2021-09-01 at 10 15 06 PM" src="https://user-images.githubusercontent.com/1151048/131781042-faa424cf-65a5-4ebb-b801-3f188940c81d.png">
and ensure signals are created:
<img width="2214" alt="Screen Shot 2021-09-01 at 10 30 18 PM" src="https://user-images.githubusercontent.com/1151048/131782069-b9ab959c-f22d-44d5-baf0-561fe349c037.png">
To test the manual exclusions of any other problematic fields, create any index which has runtime fields or `constant keywords` but does not have anything within the `_source` document using dev tools. For example you can use `constant keyword` like so
```json
PUT constant-keywords-deleme
{
"mappings": {
"dynamic": "strict",
"properties": {
"@timestamp": {
"type": "date"
},
"testing_ignored": {
"properties": {
"constant": {
"type": "constant_keyword",
"value": "constant_value"
}
}
},
"testing_regex": {
"type": "constant_keyword",
"value": "constant_value"
},
"normal_constant": {
"type": "constant_keyword",
"value": "constant_value"
},
"small_field": {
"type": "keyword",
"ignore_above": 10
}
}
}
}
PUT constant-keywords-deleme/_doc/1
{
"@timestamp": "2021-09-02T04:20:01.760Z"
}
```
Set in your `kibana.yml` the key/value of:
```yml
xpack.securitySolution.alertIgnoreFields: ['testing_ignored.constant', '/.*_regex/']
```
Setup a rule to run:
<img width="1083" alt="Screen Shot 2021-09-01 at 10 23 23 PM" src="https://user-images.githubusercontent.com/1151048/131781696-fea0d421-836f-465c-9be6-5289fbb622a4.png">
Once it runs you should notice that the constant values for testing are not on the signals table since it only typically exists in the fields API:
<img width="1166" alt="Screen Shot 2021-09-01 at 10 26 16 PM" src="https://user-images.githubusercontent.com/1151048/131781782-1684fb1d-bed9-4cf0-be9a-0abe1f0f34d1.png">
But the normal one still exists:
<img width="1136" alt="Screen Shot 2021-09-01 at 10 26 31 PM" src="https://user-images.githubusercontent.com/1151048/131781827-5450c693-de9e-4285-b082-9f7a2cbd5d07.png">
If you change the `xpack.securitySolution.alertIgnoreFields` by removing it and re-generate the signals you will see these values added back.
### Checklist
Delete any items that are not applicable to this PR.
- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
- [x] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/master/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)
* Initial commit of serverType in email connector config
* Fleshing in route to get well known email service configs from nodemailer
* Adding elastic cloud to well known server type
* Cleaning up email constants and allowing for empty selection
* Showing error if user doesn't select server type
* Adding hook for setting email config based on server type
* Adding tests and making sure settings are not overwritten on edit
* Fixing functional test
* Adding migration
* Adding functional test for migration
* Repurposing service instead of adding serverType
* Cleanup
* Disabling host/port/secure form fields when settings retrieved from API
* Updating docs for service
* Filtering options based on whether cloud is enabled
* Initialize as disabled
* Fixing types
* Update docs/management/connectors/action-types/email.asciidoc
Co-authored-by: David Kilfoyle <41695641+kilfoyle@users.noreply.github.com>
Co-authored-by: David Kilfoyle <41695641+kilfoyle@users.noreply.github.com>
* Show setup mode button and setup bottom bar
* Adapt setup mode in react components to work without angular
* Add setup mode data update to react app
* Add missing functions from setup mode
* Revert setup mode changes from react components
* remove some empty lines
* Add setup button to monitoring toolbar
* Fix types
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Use super date picker instead of date range picker
fixes elastic/security-team/issues/1571
* fix test target
Super date picker's `data-test-subj` prop gets garbled and doesn't show up in rendered DOM. In other words, the component is entirely void of a data-test-subj attribute.
* make auto refresh work!!
fixes https://github.com/elastic/security-team/issues/1571
* set max width as per mock
fixes elastic/security-team/issues/1571
* show a callout to inform users to select different date ranges
fixes elastic/security-team/issues/1571
* persist recently used date ranges on the component only
fixes elastic/security-team/issues/1571
* use commonly used ranges from default common security solution ranges
fixes elastic/security-team/issues/1571
* Better align date picker
* full width panel for date picker so content flows below it
review comments
* mock time picker settings for tests
* use eui token for bg color
review comment
* persist recently used dates
fixes elastic/security-team/issues/1571
* persist date range selection over new endpoint selection
review comments
* remove obsolete local state since update button is not visible.
review comments
* fix bg color for dark mode and relative path
* update relative path
review comments
* cleanup - the action doesn't allow for undefined start and end dates anyway
refs 28a859ab3a
* fix types after sync
* update test title
* add a test for callout when empty data
* fix lint
* show update button when dates are changed
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* [Event log][7.x] Updated event log client to search across legacy IDs
* fixed tests
* extended kibana null version check
* added logic to alerting plugin
* fixed typechecks
* fixed typechecks
* Revert "fixed typechecks"
This reverts commit 6f6770fa4b.
* removed legacyId for routes
* fixed typechecks
* fixed position
* fixed query
* fixed query
* fixed tests
* fixed types place
* fixed due to comments
* fixed due to comments
* fixed eslint
* fixed due to comments
* splitted test data
* fixed test data
* increased the delay time to await the search
* removed version for 7.9 docs
* Update x-pack/plugins/event_log/server/es/cluster_client_adapter.ts
Co-authored-by: Mike Côté <mikecote@users.noreply.github.com>
* fixed unit test
* fixed test data
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Mike Côté <mikecote@users.noreply.github.com>
* refactor/reflatten server routes
* fix import
* fix any usage in server/lib
* clean up unused parameter
* remove any in server/browsers
* refactor handle request function into a class
* more cleanup
* Make analyzer work with EuiDataGrid full screen
* Don't ever restrict the width, remove console.log
* Remove isEventViewer prop no longer used
* Make global filters appear below data grid
* [Metrics UI] Add integration tests for Metric Threshold and refactor to fire correctly
* Removing unused variables
* Fixing tests for metric_threshold_executor
* Fixing test for metric_query
* fixing test
* Changing type guard
* [eslint] add rule to prevent export* in plugin index files
* deduplicate export names for types/instances with the same name
* attempt to auto-fix duplicate exports too
* capture exported enums too
* enforce no_export_all for core too
* disable rule by default, allow opting-in for help fixing
* update tests
* reduce yarn.lock duplication
* add rule but no fixes
* disable all existing violations
* update api docs with new line numbers
* revert unnecessary changes to yarn.lock which only had drawbacks
* remove unnecessary eslint-disable
* rework codegen to split type exports and use babel to generate valid code
* check for "export types" deeply
* improve test by using fixtures
* add comments to some helper functions
* disable fix for namespace exports including types
* label all eslint-disable comments with related team-specific issue
* ensure that child exports of `export type` are always tracked as types
Co-authored-by: spalger <spalger@users.noreply.github.com>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* [@pjhampton/@donaherc] Move sec telem tasks into own package.
* Split filter out into its own module, started abstracting ES interaction into a queries module
* Implemented querier and fixed some types
* Updated tests, moved receiver to plugin from sender to decouple them.
* fixed integration in detection engine, misc fixes
* [@pjhampton] Fix type ref problems. Update test defs.
* Make url transformer a member func of the sender class.
* [@pjhampton] clean up receiver commentary.
* [@pjhampton] add null check consistency.
* Fix bad formatting.
Co-authored-by: cdonaher <cdonaher@endgame.com>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
resolves#109095resolves#106854
Changes the way task manager and alerting perform their health / status
checks:
- no longer sets an `unavailable` status; now uses `degraded` instead
- change task manager "hot stats freshness" calculation to allow for
staler data before signalling a problem
- Changed the "Detected potential performance issue" message to sound
less scary, include a doc link to task manager health monitoring, and
log a debug instead of warning level
- add additional debug logging when task manager sets a status that's
not `available`, indicating why it's setting that status (in the code,
it's when task manager uses HealthStatus.Warning or Error)
* Upgrade EUI to v37.3.1
* Update i18n token mappings
* Skip i18n_eui_mapping defString checks for functions
* Update snapshots
* Update failing Security tests with extra nodes
* Remove hook cleanup now that elastic/eui#5068 is merged
* [i18n PR feedback] Prefer specific token skipping over all functions skipping
* Revert "Remove hook cleanup now that elastic/eui#5068 is merged"
This reverts commit e40ebfa929.
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* wip to remove rbac
* Revert "[Cases] Include rule registry client for updating alert statuses (#108588)"
This reverts commit 1fd7038b34.
This leaves the rule registry mock changes
* remove rbac on Trend/Count alert
* update detection api for status
* remove @kbn-alerts packages
* fix leftover
* Switching cases to leverage update by query for alert status
* Adding missed files
* fix bad logic
* updating tests for use_alerts_privileges
* remove index alias/fields
* fix types
* fix plugin to get the right index names
* left over of alis on template
* forget to use current user for create/read route index
* updated alerts page to not show table when no privileges and updates to tests
* fix bug when switching between o11y and security solution
* updates tests and move to use privileges page when user tries to access alerts without proper access
* updating jest tests
* pairing with yara
* bring back kbn-alerts after discussion with the team
* fix types
* fix index field for o11y
* fix bug with updating index priv state
* fix i18n issue and update api docs
* fix refresh on alerts
* fix render view on alerts
* updating tests and checking for null in alerts page to not show no privileges page before load
* fix details rules
Co-authored-by: Jonathan Buttner <jonathan.buttner@elastic.co>
Co-authored-by: Yara Tercero <yara.tercero@elastic.co>
* Fix bug when upgrading Windows package policies
Ensure package policy merge logics accounts for cases in which an
input/stream which previously had no variables declared but has
variables in a later package version.
Fixes#110202
* Refactor original var set into deepMergeVars
* [ML] Add index pattern info & select control for date time
* [ML] Update translations
* [ML] Gracefully handle when index pattern is not available
* [ML] Fix import
* [ML] Handle when unmounted
* [ML] Remove load index patterns because we don't really need it
* [ML] Add error obj to error toasts
* [ML] Update tests
* [ML] Update hook
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
When the observability:enableInspectEsQueries advanced setting is enabled, show an inspector that includes all queries through useFetcher.
Remove the callout.
## Summary
Ports over the existing Security Solution ML Rule to the RuleRegistry.
How to test this implementation
1. Enable the following in your `kibana.dev.yml`
```
xpack.ruleRegistry.enabled: true
xpack.ruleRegistry.write.enabled: true
xpack.securitySolution.enableExperimental: ['ruleRegistryEnabled']
```
2. Create a rule by running:
```
./x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/scripts/create_rule_ml.sh
```
3. Push document to anomalies index (or trigger anomaly for job id from `create_rule_ml.sh` script)
### Checklist
Delete any items that are not applicable to this PR.
- [X] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
* Add header to page template
* add external config provider and overview content
* REmove unnecessary todos
* Remove non working section from header
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
**Ticket:** https://github.com/elastic/kibana/issues/110594
## Summary
This PR adds a feature flag around the logic that finds existing Alerts as Data indices and upgrades the mappings or rolls the index if the mappings can't be upgraded in place.
**IMPORTANT:**
- **The feature flag is switched off by default**. This is intentional, because we need to **disable the upgrade logic in 7.15.0**.
- **This is a temporary measure**. We're going to work on fixing the index upgrade logic asap and ship it before the next release that makes any mapping changes, possibly as soon as 7.15.1.
- Developers will need to enable it in their local kibana configs this way:
```yaml
xpack.ruleRegistry.unsafe.indexUpgrade.enabled: true
```
Please check the ticket for the background of this fix.
### Checklist
Delete any items that are not applicable to this PR.
- [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials
- [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
- [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/master/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)
* [APM] Fix for no-data state for fallback from aggregated transactions (#109609)
* PR feedback and unit tests
* fixes lint error
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Fix policy upgrade from APM 0.3.0 to 0.4.0
Add debug log + logic to skip over any package variables that have been
removed from the base policy object. Issue was initially surfaced
testing upgrade from APM integration v0.3.0 to v0.4.0.
Ref #109907
* Fix type error in test
* Remove translation for validation debug log
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Adds distinct breadcrumbs for both "upgrade package policy" paths:
1. From the fleet agent policies list page
2. From the integrations package policie slist page
Closes#110434
* fix o11y privileges when rule created in stack
* fix merge
* fix dsl alerts
* fix privileges on o11y
* after discussion with o11y, we agree to simplify logic of the count of alerts
* remove unused variable
* fix one more type error
Co-authored-by: mgiota <panagiota.mitsopoulou@elastic.co>
* [Observability] Update AlertsSearchBar placeholder (#108179)
* [Observability] Remove default search query from Alerts page (#110242)
This is done to align with other placeholder texts found within the
Observability solution.
* first pass at renaming exports
* type fixes
* fix jest test
* look for correct error type
* remove transitional error
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* account for API errors and uninitialized state before fetching data
fixes elastic/kibana/issues/107129
* better name
refs elastic/kibana/pull/102261
* don't show date picker when loading data initially
fixes elastic/kibana/issues/107129
* use a readable selector instead
review changes
* remove redundant data fetch using paging action on tab switch.
refs elastic/kibana/pull/102261
* remove redundant validation
review comments
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* [Maps] replace IFieldType with IndexPatternField
* clean up imports
* import from public
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
- Correctly renders the empty chart state when no data is available.
- Hides the "Click drag to select" and trace samples message when the chart shows an empty state to avoid redundant info.
- Adds jest unit tests that would fail with the previously visible loading indicators.
- Fix a bug with cancelling search strategies.
* Replace usages of alert.status: open with active
* Update unit tests
* Add back home.disableWelcomeScreen=true
* Only disable welcome screen within APM ftr config
* Add disableWelcomeScreen option to security solution cypress config
* Fix reference to workflow status
* oops
* Remove duplicate disableWelcomeScreen
* Update README.md
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Changes the loading of indexes in tests from beforeEach() to before()
Hoping this fixes some flake we have seen recently. If it doesn't, at least tests should run faster and be less flake overall. If these two below do begin acting up again I will then probably resort to wrapping the individual tests around retry blocks or removing the tests.
Also found one area within `x-pack/test/detection_engine_api_integration/security_and_spaces/tests/generating_signals.ts` where we do a `load` twice but I fixed it to the `load`/`unload` pattern.
Issues this should fix:
* https://github.com/elastic/kibana/issues/107911
* https://github.com/elastic/kibana/issues/107856
### Checklist
- [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
## Summary
Removes ElasticSearch deprecation and makes it harder to import it from the wrong package. I accidentally exposed a deprecated `ElasticSearch` from a package we do not want to expose and everyone's IDE is suggesting it rather than the correct one from Kibana core.
* Removes the type from the exports within the package
* Fixes the instance that is trying to import it in favor of the correct one.
* Exposing preconfigured connectors through actions setup contract
* Adding stub for migration using preconfigured connectors
* Adding isPreconfigured fn to actions client
* Updating rules client logic to not extract predefined connector ids
* Functional tests
* Adding migration
* Adding functional test for migration
* Adding functional test for migration
* Adding note to docs about referenced_by_count if is_preconfigured
* Fixing functional test
* Changing to isPreconfiguredConnector fn in actions plugin setup contract
* Update docs/api/actions-and-connectors/get_all.asciidoc
Co-authored-by: Mike Côté <mikecote@users.noreply.github.com>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Mike Côté <mikecote@users.noreply.github.com>
* Update T-Grid to use DataGrid pagination
* It also improves the Gtid loading state
* DataGrid pagination makes sure that we display the grid with the proper height.
* Add DataGrid height hack to t-grid
HUGE HACK!!!
DataGrtid height isn't properly calculated when the grid has horizontal scroll.
https://github.com/elastic/eui/issues/5030
In order to get around this bug we are calculating `DataGrid` height here and setting it as a prop.
Please revert this commit and allow DataGrid to calculate its height when the bug is fixed.
* Apply DataGrid laoding and pagination changes to observability
* Fix cypress tests
* Fix t-grid page render bug on Observability
* some pagination fixes
* hide table when analyzer active
* isolate exported function
Co-authored-by: semd <sergi.massaneda@elastic.co>
## Summary
Removes the "side car" actions object and side car notification (Part 1). Part 1 makes it so that newly created rules and editing existing rules will update them to using the new side car notifications. Part 2 in a follow up PR will be the migrations to move the existing data.
The saved object side we are removing usages of is:
```
siem-detection-engine-rule-actions
```
The alerting side car notification system we are removing is:
```
siem.notifications
```
* Removes the notification files and types
* Adds transform to and from alerting concepts of `notityWhen` and our `throttle`
* Adds unit tests for utilities and pure functions created
* Updates unit tests to have more needed jest mock
* Adds business rules and logic for the different states of `notifyWhen`, and `throttle` on each of the REST routes to determine when we should `muteAll` vs. not muting using secondary API call from client alerting
* Adds e2e tests for the throttle conditions and how they are to interact with the kibana-alerting `throttle` and `notifyWhen`
A behavioral change under the hood is that we now support the state changes of `muteAll` from the UI/UX of [stack management](https://www.elastic.co/guide/en/kibana/master/create-and-manage-rules.html#controlling-rules). Whenever the `security_solution` ["Perform no actions"](https://www.elastic.co/guide/en/security/current/rules-api-create.html
) is selected we do a `muteAll`. However, we do not change the state if all individual actions are muted within the rule. Instead we only maintain the state of `muteAll`:
<img width="2299" alt="ui_state_change" src="https://user-images.githubusercontent.com/1151048/130823045-48a9f34b-db23-44e3-b9ed-cbbb57edc3d6.png">
<img width="1163" alt="no_actions_state_change" src="https://user-images.githubusercontent.com/1151048/130823056-3f8953fa-9433-4973-a2d3-6e11263b9619.png">
Ref:
* Issue and PR where notifyWhen was added to kibna-alerting
* https://github.com/elastic/kibana/pull/82969
* https://github.com/elastic/kibana/issues/50077
### Checklist
Delete any items that are not applicable to this PR.
- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
* [Lens] Inspect flyout should be available in editor mode.
* fix typo
* add test
* add functional tests for inspector
* toMatchInlineSnapshot -> toMatchSnapshot
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* [APM] Show hostname in JVM view
* [APM] delete no needed param
* [APM] fix linting
* [APM] changes after review
* [APM] changes after review part deux
* [APM] fix snapshot
* [APM] improve guard on api response
* Add global state to stack monitoring react app
* Add type for state
* Add some todos
* Add route_init migration
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* very wip, updating dashboard integration to use v2 reports. at the moment time filters are not working correctly
* added missing dependency to hook
* added tests and refined ForwadedAppState interface
* remove unused import
* updated test because generating a report from an unsaved report is possible
* migrated locator to forward state on history only, reordered methods on react component
* remove unused import
* update locator test and use panel index number if panelIndex does not exist
* ensure locator params are serializable
* - moved getSerializableRecord to locator.ts to ensure that the
values we get from it will never contain something that cannot
be passed to history.push
- updated types to remove some `& SerializableRecord` instances
- fixed embeddable drilldown Jest tests given that we no longer
expect state to be in the URL
* update generated api docs
* remove unused variable
* - removed SerializedRecord extension from dashboard locator params
interface
- factored out state conversion logic from the locator getLocation
* updated locator jest tests and SerializableRecord types
* explicitly map values to dashboardlocatorparams and export serializable params type
* use serializable params type in embeddable
* factored out logic for converting panels to dashboard panels map
* use "type =" instead of "interface"
* big update to locator params: type fixes and added options key
* added comment about why we are using "type" alias instead of "interface" declaration
* simplify is v2 job param check
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* use include frozen setting in csv export
* add api integration test
* add fixes
* Update x-pack/test/reporting_api_integration/reporting_and_security/search_frozen_indices.ts
* test polish
* update per feedback
* Fix upgrades for packages with restructured inputs
Addresses errors surfaced when testing upgrades from AWS 0.6.1 to 0.10.4.
Namely, when inputs are removed from a package between versions,we were
initially throwing errors for each input in the new package that didn't
exist on the outdated package version. Now, we instead simply skip over
cases like this in which an input no longer exists on the new package version.
* Add basic test cases for restructured packages
**Ticket:** https://github.com/elastic/kibana/issues/109293🚨 **This PR is critical for Observability 7.15** 🚨
## Summary
This PR fixes the indexing implementation in `rule_registry`. It implements the suggestions for backwards compatibility described in the ticket:
- changes the naming scheme and introduces the concept of "backing indices", so that names of the concrete ("backing") indices != names of their aliases
- adds versioning based on the current Kibana version
TODO:
- [x] Change index naming (implement the concept of backing indices)
- [x] Include Kibana version into the index template metadata
- [x] Include Kibana version into the document fields
- [x] Remove `version` from `IndexOptions` (parameters provided by solutions/plugins when initializing alerts-as-data indices)
- [x] Fix CI
### Checklist
- [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials
- [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
Add a "Open in Dev Tools" link to the request inspector.
Allow the dev tools to open data uris that are lz-string encoded (the same method used by TypeScript Playground, which are a lot shorter than a base64 encoded string.)
* removes hardcoded index from apm integration tests
* adds integration tests for rule registry's get index route
* more cleanup
* fail try-catch if response is not empty, adds comments as to why index refresh catch block is empty
* fix: use package policy ID when checking hasUpgrade
* fix: latest package version broken link
* refactor: use set for collecting unique namespace values
* move activity log paging method close to call api method
refs 417d093a29
* add middleware additional activity log tests
* add a more specific server side test for activity log actions and responses
refs elastic/kibana/pull/101032
* remove obsolete server side audit log index mock method
refs elastic/kibana/pull/101032
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Extracting saved object references before saving action_task_params saved object
* Injecting saved object ids from references when reading action_task_param
* Adding migration
* Adding unit test for migrations
* Not differentiating between preconfigured or not
* Adding functional test for migration
* Skip extracting action id if action is preconfigured
* Only migrating action task params for non preconfigured connectors
* Simplifying related saved objects
* Fixing functional test
* Fixing migration
* Javascript is sometimes magical
* Updating functional test
* PR feedback
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* [ML] Fixing missing final new line character issue
* adding tests
* tiny refactor
* test fixes based on review
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Chore(TSVB): Replace aggregations lookup with map
* Fix types, update test expected data and remove unused translations
* Correct typo and refactor condition in std_metric
* Fix metric type
* Fix CI and label for Bucket Script
* Update agg_utils.test expected data
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Updates the `TGrid` to use `EuiDataGrid` [schemas](https://eui.elastic.co/#/tabular-content/data-grid-schemas-and-popovers/) as suggested by @snide in the following issue: <https://github.com/elastic/kibana/issues/108894>
## Desk testing
1) In the `Security Solution`, navigate to `Security > Rules` and enable multiple detection rules that have different `Risk Score`s
**Expected result**
- The Detection Engine generates alerts (when the rule's criteria is met) that have different risk scores
2) Navigate to the `Security > Alerts` page
**Expected results**
As shown in the screenshot below:
- The alerts table is sorted by `@timestamp` in descending (Z-A) order, "newest first"
- The `@timestamp` field in every row is newer than, or the same time as the row below it
- The alerts table shows a non-zero count of alerts, e.g. `20,600 alerts`
_Above: At page load, the alerts table is sorted by `@timestamp` in descending (Z-A) order, "newest first"_
3) Observe the count of alerts shown in the header of the alerts table, e.g. `20,600 alerts`, and then change the global date picker in the KQL bar from `Today` to `Last 1 year`
**Expected results**
- The golbal date picker now reads `Last 1 year`
- The count of the alerts displayed in the alerts table has increased, e.g. from `20,600 alerts` to `118,709 alerts`
- The `@timestamp` field in every row is (still) newer than, or the same time as the row below it
4) Click on the `@timestamp` column, and choose `Sort A-Z` from the popover, to change the sorting to ascending, "oldest first", as shown in the screenshot below:
_Above: Click `Sort A-Z` to sort ascending, "oldest first"_
**Expected results**
As shown in the screenshot below:
- The alerts table is sorted by `@timestamp` in ascending (A-Z) order, "oldest first"
- The `@timestamp` field in every row is older than, or the same time as the row below it
- `@timestamp` is older than the previously shown value, e.g. `Aug 3` instead of `Aug 24`
_Above: The alerts table is now sorted by `@timestamp` in ascending (A-Z) order, "oldest first"_
5) Click on the `Risk Score` column, and choose `Sort A-Z` from the popover, to add `Risk Score` as a secondary sort in descending (Z-A) "highest first" order, as shown in the screenshot below:
_Above: Click `Sort A-Z` to add `Risk Score` as a secondary sort in descending (Z-A) "highest first" order_
**Expected results**
- The alerts table re-fetches data
- The alerts table shows `2 fields sorted`
6) Hover over the alerts table and click the `Inspect` magnifiing glass icon
**Expected result**
- The `Inspect` modal appaers, as shown in the screenshot below:
_Above: the `Inspect` modal_
7) Click the `Request` tab, and scroll to the `sort` section of the request
**Expected result**
Per the JSON shown below:
- The request is sorted first by `@timestamp` in ascending (A-Z) order, "oldest first"
- The request is sorted second by `signal.rule.risk_score` descending (Z-A) "highest first" order
```json
"sort": [
{
"@timestamp": {
"order": "asc",
"unmapped_type": "date"
}
},
{
"signal.rule.risk_score": {
"order": "desc",
"unmapped_type": "number"
}
}
],
```
8) Click `Close` to close the `Inspect` modal
9) Click `2 fields sorted` to display the sort popover
10) Use the drag handles to, via drag-and-drop, update the sorting such that `Risk Score` is sorted **before** `@timestamp`, as shown in the screenshot below:
_Above: Use the drag handles to, via drag-and-drop, update the sorting such that `Risk Score` is sorted **before** `@timestamp`_
**Expected results**
As shown in the screenshot below:
- The table is updated to be sorted first by the higest risk score, e.g. previously `47`, now `73`
- The alerts table is sorted second by `@timestamp` in ascending (A-Z) order, "oldest first", and *may* have changed, e.g. from `Aug 3` to `Aug 12`, depending on the sample data in your environment
_Above: The alerts table is now sorted first by highest risk score_
11) Once again, hover over the alerts table and click the `Inspect` magnifiing glass icon
12) Once again, click the `Request` tab, and scroll to the `sort` section of the request
**Expected result**
Per the JSON shown below:
- The request is sorted first by `signal.rule.risk_score` in descending (Z-A) "highest first" order
- The request is sorted second by `@timestamp` in ascending (A-Z) order, "oldest first"
```json
"sort": [
{
"signal.rule.risk_score": {
"order": "desc",
"unmapped_type": "number"
}
},
{
"@timestamp": {
"order": "asc",
"unmapped_type": "date"
}
}
],
```
* Set up cypress-axe
@see https://github.com/component-driven/cypress-axe
* DRY out Kibana axe rules into constants that Cypress can use
* Create shared & configured checkA11y command
+ fix string union type error
+ remove unnecessary tsconfig exclude
* Add Overview plugin a11y tests
* Add AS & WS placeholder a11y checks
- Mostly just re-exporting the shared command and checking for failures, I only ran this after the shared axe config settings and found no failures
* Configure our axe settings further to catch best practices
- notably heading level issues (thanks Byron for catching this!)
- however I now also need to set an ignore on a duplicate landmark violation caused by the global header (not sure why it's showing up - shouldn't it be out of context? bah)
- remove option to pass args into checkA11y - I figure it's not super likely we'll need to override axe settings per-page (vs not running it), but we can pass it custom configs or args later if needed
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* [Maps] fix choropleth map with applyGlobalQuery set to false still creates filter for source.
* cleanup functional test
* eslint
* fix functional test
* add inidication in tooltip when field is join key
* copy updates
* update jest test
* eslint
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Make "Add more sources" button take users to Add Sources instead of Sources
* Remove several redundant variables in codebase
`canCreateInvitations` and `canCreateContentSources` are always true for admin.
If someone can access admin dashboard, we can safely assume that they are admin.
`isCurated` is outdated variable and backend always returns it as false.
* Add redirect from workplace_search/p/ to workplace_search/p/sources/
Before workplace_search/p/ was returning 404
* Fix redirect always being fired on `workplace_search/p/sources/add` page load
When opening `workplace_search/p/sources/add` as a bookmark or reloading this page,
Sources router first get rendered *before* it receives the canCreatePersonalSources value.
This results in canCreatePersonalSources always being undefined on the first render,
and user always getting redirected to `workplace_search/p/sources`.
Here we check for this value being present before we render any routes.
* [Maps] fix auto fit to bounds not working when map is embedded in dashboard
* tslint and eslint
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* make owner attribute required
* Add owner properties in more places
* add test for owner attribute
* add error check too in the test
* Fix tests
* fix tests and update docs
* wip
* More test fixes
* Fix All The Errorz
* Adding more owner attributes
* Update x-pack/test/saved_object_api_integration/common/fixtures/saved_object_test_plugin/kibana.json
Co-authored-by: Larry Gregory <lgregorydev@gmail.com>
* Update x-pack/test/ui_capabilities/common/fixtures/plugins/foo_plugin/kibana.json
Co-authored-by: Larry Gregory <lgregorydev@gmail.com>
* commeeeooonnnn
* Update docs
* soooo many kibanajsons
* adjust plugin generator to add an owner
* Add owner to the plugin generator scripts
* update snapshot
* Fix snapshot
* review updates
Co-authored-by: Larry Gregory <lgregorydev@gmail.com>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
