* bc5 rule merge
version changes
field changes to endpoint rules
removed max_signals from 7 rules
* Fixing monitoring i18n (#62715)
* Updates esarchiver test data with the latest rules (#62723)
* Remove CR, only CRLF for rules
* delete two files
for Garrett
* deletes
delete 2 files (for Garrett)
* Revert "deletes"
This reverts commit cc2ac1e05f.
* Revert "Fixing monitoring i18n (#62715)"
This reverts commit 028574037a.
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Co-authored-by: Garrett Spong <spong@users.noreply.github.com>
Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com>
* update crypto packages
* as type for return value
* get default export
* add if checks
* wrap errors in i18n
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* Move layers to new location
* Update layer path refs
* Update np kibana services to cover all required services
* Init np kibana services in legacy plugin. Port init functions to np
* Path updates, supporting file moves, general clean up
* More moves of related files and clean-up of legacy refs
* Path updates. Typescript warning fixes
* Update test paths
* Clean up unused kibana services usage in legacy
* Remove unused http ref
* Test fixes and clean up
* Remove unused snapshots
* Add np service init to embeddables too
* Move validate color picker to NP
* WIP
* Add new alert with tests
* Fix type issues, and disable new alerting for tests
* Fix up the view all alerts view
* Turn off for merging
* Fix jest test
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* Test ClosureOptionsRadio component
* Test ClosureOptions component
* Test ConnectorsDropdown component
* Test Connectors
* Test FieldMappingRow
* Test FieldMapping
* Create utils functions and refactor to be able to test
* Test Mapping
* Improve tests
* Test ConfigureCases
* Refactor tests
* Fix flacky tests
* Remove snapshots
* Refactor tests
* Test button
* Test reducer
* Move test
* Better structure
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* Default uptime alert type and disable changing type.
* Update functional test to handle new UI flow.
* Fix type error.
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* Remove absoluteToParsedUrl reference in dashboard
* Remove KibanaParsedUrl from visualize
* Fix tests
* Add tests
* Fix saved dashboard
* Fix empty line after resolving conflicts
* Move dashboard to np
* Move migrations back to legacy
* Make it works
* Other fixes
* Move into application folder
* FIx translations
* Make share & home plugins otional
* FIx kbn url tracking, jest tests
* Import from dashboard_constants in FT
* Fix translations order
* Use getStartServices for start plugin deps
* Path fixes
* i18n fix
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* config shim
* simplify route register calls
* switch to in-sync worker functions
* fix tests
* comment
* fix set up config with defaults
* reduce loc change
* remove test for removed file
* reportingconfigtype
* revert changing executeJobFactory to synchronous
* imports cleanup
* Clean up some awaits
* undo comment
* clean up async
* clean up imports
* add warning logs for config defaults
* Move around some config shim code
* Register routes params take ReportingCore
* usageCollection is an optional dependency
Alerting no longer requires the manage_api_keys privilege, so we are removing it from the detection engine code. Fixes#62387
* removes hasManageApiKeys since alerting is using the internal user api calls, manage_api_keys privilege is no longer necessary
* linting error
* fixes types and removes a test for manage api keys
* removes manage api key reducer and updates leftover tests
* moves userHasNoPermissions repeated code into a function in helpers, adds a few test cases, updated references to new function
* fix test title
* remove userHasNoPermissions function and remove tests, replace with just not canUserCRUD
* Revert "remove userHasNoPermissions function and remove tests, replace with just not canUserCRUD"
This reverts commit 93912e7e22.
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* Moves enableDataFeed outside of MLPopover
If we accept our dispatch functions, enableDatafeed can be abstracted as
a pure function. The version bound to popover's dispatch functions is
now named 'handleJobStateChange', as that is the callback it's used for.
* Remove unused component state
We no longer deal with jobs in our local state; that's the
responsibility of the useSiemJobs hook
* Prevent user from initiating multiple job installations
When attempting to run a job from the ML Popover, if the job needs to
first be installed, we set the rest of the jobs to be "loading" while
installation is performed.
Without this change, if users are fast enough they can potentially
trigger multiple rule installations, which is undefined behavior and
leads to failures and bad state in our component.
* Remove unused import
* remove all unknowns from all rules table props
* update sorting property type remove optional, also remove unnecessary properties we are not using in sorting, rename paginationMemo prop to pagination, remove null from rulesStatuses type as we are defaulting to empty array now
* fixes type mismatch for sorting and rulesStatuses
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Because these messages are used for logging, we should ensure they do
not span multiple lines and confuse log parsers. Since the frontend does
not currently display these newlines, anyway, there is no impact to the
UI.
* wip
* typescript map embeddable
* More updates
* Address code review comments and update some usages in SIEM and uptime to the new types
* More clean up - carry over some of the SIEM types to maps for render tool tip
* fixes
* fixes
* Address more review comments
* fixes
* fixes
* fix jest test
* Fix visualize embeddable
* fixes after master merge
* Fixes
* Prefix variable with name "custom" to make it more obvious
* Remove layerList from input state
* fixes
* Update src/plugins/dashboard/public/embeddable/dashboard_container_factory.tsx
Co-Authored-By: Vadim Dalecky <streamich@users.noreply.github.com>
* review updates
* fixes
* update maps readme
Co-authored-by: Vadim Dalecky <streamich@users.noreply.github.com>
* Remove support for deprecated xpack.telemetry configurations
In 7.5, we moved telemetry to OSS and dropped the xpack prefix for the
telemetry plugin configuration options. We deprecated the usage of the
xpack prefix so any existing usage would trigger a warning at startup.
In 8.0, we remove support for the deprecated xpack prefix configs for
telemetry.
* Move telemetry settings into its own document
* Use external reference instead of anchor
* Update docs/migration/migrate_8_0.asciidoc
Co-Authored-By: gchaps <33642766+gchaps@users.noreply.github.com>
* Update docs/migration/migrate_8_0.asciidoc
Co-Authored-By: gchaps <33642766+gchaps@users.noreply.github.com>
* Update docs/settings/telemetry-settings.asciidoc
Co-Authored-By: gchaps <33642766+gchaps@users.noreply.github.com>
* Update docs/settings/telemetry-settings.asciidoc
Co-Authored-By: gchaps <33642766+gchaps@users.noreply.github.com>
* Update docs/settings/telemetry-settings.asciidoc
Co-Authored-By: gchaps <33642766+gchaps@users.noreply.github.com>
* Update docs/settings/telemetry-settings.asciidoc
Co-Authored-By: gchaps <33642766+gchaps@users.noreply.github.com>
* Update docs/settings/telemetry-settings.asciidoc
Co-Authored-By: gchaps <33642766+gchaps@users.noreply.github.com>
* Update docs/settings/telemetry-settings.asciidoc
Co-Authored-By: gchaps <33642766+gchaps@users.noreply.github.com>
* Update docs/settings/telemetry-settings.asciidoc
Co-Authored-By: gchaps <33642766+gchaps@users.noreply.github.com>
* Update docs/settings/telemetry-settings.asciidoc
Co-Authored-By: gchaps <33642766+gchaps@users.noreply.github.com>
* Remove depecrated xpack.telemetry.* config from xpack_main/index.js
Co-authored-by: Alejandro Fernández Haro <alejandro.haro@elastic.co>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Co-authored-by: Alejandro Fernández Haro <afharo@gmail.com>
Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com>
Fixes#62255 . There were some remaining usages of a static defined
index name.
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* Rename some alert types
* Use sentence case for remaining changes + fix jest test
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* [Maps] source registry and register seperate clusters and heat map sources
* split into to registries
* add EMS file source
* add geojson upload layer
* register rest of sources
* i18n changes
* ts lint errors
* fix jest test
* fix pew-pew source
* review feedback
* import registires in plugin so they exist in embeddable
* remove order parameter and move all layer registies into single file
* fix functionalt est
* pass constructor to sourceREgistry instead of factory
* review feedback
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* fixes sorting to what it was in 7.6.1
* removes sortable=true from non-sortable columns, fixes naming of sortable column field from activate to enabled to match the field eui expects to sort on, fixes react render warning due to resetting tableRef's current field during a render
* fix persistence between filter
* Fix API filtering bug
* Show username if full name is empty
* fix user in avatar
* do not allow push to service now when connector is none
* fix types
* Show errors from actions
* update connector name in configure
Co-authored-by: Christos Nasikas <christos.nasikas@elastic.co>
* add functional test
* update func test
* refactor more changed
* update test
* update test
* update type and test
* fix the fix of fix, which din't get fix
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* Add action variables for monitor status alert.
* Translate action variable descriptions.
* Add state variables to list. Update defaultActionMessage.
* Remove non-literal characters from test names, and update outdated snapshots.
* Hide APM alerting menu if alerting plugin is disabled
Checks for presence of plugin and does not display the link if the plugin is disabled.
Use `xpack.alerting.enabled: false` in config/kibana.dev.yml to try it.
Fixes#61048.
* adding PagerDuty icon to connectors cards
* Fix jest
* remove unnecessary global typings from canvas and sync global typings in xpack with oss
Co-authored-by: Andrea Del Rio <delrio.andre@gmail.com>
Co-authored-by: spalger <spalger@users.noreply.github.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* Add fetchFunction binding appropriate version of fetch for ems client
* Wrap standard window fetch prior to passing to ems-client
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* allow case to work without security
* disable configure button + add call out if license does not match and if kibana config does not allow if
* add skeleton for crud in case
* fix link to timeline + disable action on case on read only + allow read only access to our saved object in siem + manage no x-pack.security + show msg when read-only + fix reporters bug
* add actions required in plugins
* review I
* review II
* review III
* review IV
* fix types
* review V
* Use docLinks API for APM doc links
Remove `packageInfo` (from ui/metadata package from the legacy platform) and replace with `core.dockLinks` in the `ElasticDocsLink` component.
Fixes#56453Fixes#60945
* Move isMlRule helper to a more general location
And use it during rule execution as well.
* Add error message back to rule error status
This was unintentionally removed in a previous merge commit.
* Expose mlClient as part of ML's Setup contract
This allows dependent plugins to leverage the exposed services without
having to define their own ml paths, e.g. "ml.jobs"
* Move ML Job predicates to common folder
These are pure functions and used on both the client and server.
* WIP: Check ML Job status on ML Rule execution
This works, but unfortunately it pushes this executor function to a
complexity of 25. We're gonna refactor this next.
* Move isMlRule and RuleType to common
These are used on both the frontend and the backend, and can be shared.
* Refactor Signal Rule executor to use RuleStatusService
RuleStatusService holds the logic for updating the current status as
well as adding an error status. It leverages a simple
RuleStatusSavedObjectClient to handle the communication with
SavedObjects.
This removes the need for our specialized 'writeError', 'writeGap', and
'writeSuccess' functions, which duplicated much of the rule status
logic and code. It also fixes a bug with gap failures, with should have
been treated the same as other failures.
NB that an error does not necessarily prevent the rule from running, as
in the case of a gap or an ML Job not running.
This also adds a buildRuleMessage helper to reduce the noise of
generating logs/messages, and to make them more consistent.
* Remove unneeded 'async' keywords
We're not awaiting here, so we can just return the promise.
* Make buildRuleStatusAttributes synchronous
We weren't doing anything async here, and in fact the returning of a
promise was causing a bug when we tried to spread it into our attributes
object.
* Fix incorrectly-named RuleStatus attributes
This mapping could be done within the ruleStatusService, but it
lives outside it for now.
Also renames the object holding these values to the more general
'result,' as creationSuccess implies it always succeeds.
* Move our rule message helpers to a separate file
Adds some tests, as well.
* Refactor how rule status objects interact
Only ruleStatusSavedObjectsClient receives a savedObjectsClient, the
other functions receive the ruleStatusSavedObjectsClient
* pluralizes savedObjects in ruleStatusSavedObjectsClient
* Backfills tests
* Handle adding multiple errors during a single rule execution
We were storing state in our RuleStatusClient, and consequently could
get into a situation where that state did not reflect reality, and we
would incorrectly try to delete a SavedObject that had already been
deleted.
Rather than try to store the _correct_ state in the service, we remove
state entirely and just fetch our statuses on each action.
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* Remove unused legacy services
These were migrated to NP in a previous PR.
* Remove unused legacy request types
* Type our siem client as optional
If a plugin does not have siem enabled, they won't get our client.
While it seems unlikely to be in a situation where our routes are being
hit but our client is unavailable, we will return a 404 in that case,
similar to the unavailability of actions/alerting.
This also removes some redundant checks on action/alerting clients.
* Remove more redundant dependency checks
In general, we use optional chaining to ignore any intermediate null
values, and defer checks to our actual dependencies, e.g. alertsClient
or siemClient.
* [Maps] clean-up unsaved state check (#61535)
* close layer panel in functional test
* skip vector styling test
* skip saved object management test
* skip all of group 7 tests
* turn back on group 7, skip full screen
* turn on all tests except full screen
* unskip all tests and resolve root problem
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* allow users importing data if they are authorized
* rename props
* rename types
* hide import timeline btn if unauthorized
* unit test for TimelinesPageComponent
* update schemas
* update schema
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
[SIEM][Detections Engine] - Add rule markdown to timeline global notes
* added functionality of new global timeline note created on init timeline creation if signal.rule.note exists
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* adds test data
* implements 'Deletes one rule' test
* adds new data
* fixes 'Deletes one rule' for the new data
* adds 'Deletes more than one rule' test
* clean up comments + add update_by/update_at case when comment are added/updated + return all comments
* add refresh button + get a better interaction between user + fix bug with pushed data + fix three dot on detail page
* fix i18m
* review I
* review II
* typescript map embeddable
* Address code review comments and update some usages in SIEM and uptime to the new types
* More clean up - carry over some of the SIEM types to maps for render tool tip
* Address more review comments
* create empty plugin + move home feature registration to it
* move the so action_registry to new plugin
* adapt existing calls to the registry
* fix i18n namespace
* fix table unit tests
* update codeowners
* rename plugin to match other PRs
* remove registerLegacyAPI from spaces public plugin
* fix typo
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* Hide bottom bar when flyout is open
* Track unchanged saves
* Make function optional
* Show action bar when close flyout
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* refactoring custom link server side
* refactoring custom link server side
* fixing pr comments
* fixing unit test
* fixing unit tests
* renaming server directory
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* Accounts for security being disabled, adds tests
* Updates other auth-aware endpoints (import timeline, graphql) to
account for security being disabled.
* Make global service map zoom toward center
Calculate the center of the graph when there's not a primary node.
Also update to latest version of types.
Fixes#61176.
* Fix types
Fixes behavior in chrome where using the enter key to submit the settings form would reload the page. Fixes#61006
Fixes test failures in uptime settings tests by waiting until form data is loaded: https://kibana-ci.elastic.co/job/elastic+kibana+master/3882/https:/
Sample failure:
{ Error: expected { heartbeatIndices: '' } to sort of equal { heartbeatIndices: 'heartbeat-8*' }
at Assertion.assert (/dev/shm/workspace/kibana/packages/kbn-expect/expect.js💯11)
at Assertion.eql (/dev/shm/workspace/kibana/packages/kbn-expect/expect.js:244:8)
at Context.it (test/functional/apps/uptime/settings.ts:31:25)
at process._tickCallback (internal/process/next_tick.js:68:7)
actual: '{\n "heartbeatIndices": ""\n}',
expected: '{\n "heartbeatIndices": "heartbeat-8*"\n}',
showDiff: true }
Re-enables location tests failure, which should have been fixed by https://github.com/elastic/kibana/pull/60573/files#diff-7198f3de6fe631f903e590f63bc88e21R20
## Summary
This adds an optimization script very copied and slightly modified from:
* https://github.com/elastic/kibana/pull/49868
Usage:
Run this to do an dev tsconfig optimization:
```ts
node x-pack/legacy/plugins/siem/scripts/optimize_tsconfig
```
Run this to undo the optimization:
```ts
node x-pack/legacy/plugins/siem/scripts/unoptimize_tsconfig
```
Testing and what this does:
Run this:
```ts
node x-pack/legacy/plugins/siem/scripts/optimize_tsconfig
```
Then run your start-test-all or at least your linter, typescript check, and jest tests to make sure they all operate as expected. Restart your IDE and ensure everything works as expected.
Run `git status` and ensure it looks like no new files want to be checked in.
Open up your:
```ts
kibana/x-pack/tsconfig.json
```
And notice it is now changed when optimization has run to use a smaller set of includes.
Open up your:
```ts
kibana/tsconfig.json
```
And notice it is now changed when optimization is run to use a smaller set of includes.
Replaces generic object type mappings with explicitly defined properties. These were probably unmapped because the sample data for some agents does not have these fields.
* Allow embeddables to track their own render complete for report generation in canvas
* Updating following consult with reporting team
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* splits signal detection rules tests in different spec files
* implements 'creates and activates a new ml rule'
* refactors code
* updates 'select_rule_type' data-test-subj selectors
* Refactor JobStatusBadge
I'm adding a data-test-subj and it seems silly to define it in two
branches.
* Update ML Rule cypress tests
* Updates the test now that the Rule Details have changed
* Adds an additional assertion on the new JobStatusBadge
* keeps code consistency
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Co-authored-by: Ryland Herrick <ryalnd@gmail.com>
* backend rule monitoring with gap desc, last look back date, and time duration of search after and bulk create operations
* adds new properties to mocked request_response status saved object
* first pass at UI table
* migrate rule monitoring backend to work with refactor of rule executor, fix some formatting stuff on the frontend, update the mapping for gap to be a string instead of a float
* trying to write a test for rules statuses hook
* fixed hooks tests
* fixes merge conflicts from rebase with master
* add columns for indexing and query time lapse
* i18n
* i18n for tabs
* don't change the mappings in ml es_archives
* remove accidental commit of interval change for shell script detection engine rule
* removes inline object from prop
* fix merge conflicts
* backend changes from pr comments
* updates ui changes from pr feedback
* fix tests and add formatting for dates
* remove null from rulesStatuses initial state and replace with empty array
* Add basic help text to ML Job dropdown on Rule form
* Use EUI's preferred layout for form fields
* Add a link to ML in the Job select help text
* Restrict timeline picker to EUI guidelines
Don't display the row as fullwidth, lest the help text wrap across the
entire page. It only looks okay now because it was a short sentence;
adding the ML Job select with its wrapped text caused some visual
weirdness, so this at least makes it consistent.
* Add placeholder option to ML Job dropdown
* Humanize rule type on Rule Description component
This is displayed both on the readonly form view, and the Rule Details
page.
* Add useMlCapabilities hook
This is a base hook that we can combine with our permissions helpers.
* Restrict ML Rule creation to ML Admins
If we're auto-activating jobs on their behalf, they'll need to be an
admin.
* Extract ML Job status helpers to separate file
* WIP: Enrich Rule Description with ML Job Data
This adds the auditMessage as well as a link to ML; actual status is
next
* Display job status as a badge on Rule Details
Also simplifies the layout of these job details.
* Port helper tests to new location
* Fix DescriptionStep tests now that they use useSiemJobs
UseSiemJobs uses uiSettings, so we need to use our kibana mocks here.
* Fix responsiveness of ML Rule Details
The long job names were causing the panel to overflow.
* add import timelines route
* update timeline
* sync with master
* wip
* wip
* update timeline
* overwrite pinned events
* clean up
* init server side unit test
* add server side unit test
* clean up unit test
* unit test
* add unit tests
* clean up
* clean up
* fix unit test
* fix types and unit tests
* rename constants
* fix validation schemas
* review
* fix schemas
* functional test
* skip a functinal test
* add unit tests
* code review
* review with angela
* fix tests
* update modal label
* rename folder to align component name
* fix types
* fix unit test
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Co-authored-by: Xavier Mouligneau <189600+XavierM@users.noreply.github.com>
* WIP: Check license on simple rule creation
We'll add this to the rest of the routes momentarily.
* Add license checks around all rule-modifying endpoints
This ensures that you cannot create nor update an ML Rule if your
license is not Platinum (or Trial).
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* Set crossOrigin to anonymous only on requests from external hosts
* Update x-pack/legacy/plugins/maps/public/connected_components/map/mb/utils.js
Co-Authored-By: Joe Portner <5295965+jportner@users.noreply.github.com>
* 🙇♂️ Lint
Co-authored-by: Joe Portner <5295965+jportner@users.noreply.github.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* Closes#60527 by adding called to shared observability usage tracking
function when service map page is loaded, and if the user interacts with
it
* trigger usage tracking on specific cytoscape events: node select, object hover
This PR:
1. Adds a callout on the Alerting UI when security is enabled but TLS is not
2. Cleans up displayed error message when creation fails due to TLS being switched off
* Revert "Revert "[APM] Collect telemetry about data/API performance (#51612)""
This reverts commit 6de7f2a62b.
* Update transaction mock data to reflect the type
* modify API to get the total comments in _find + Add user action to track what user are doing + create _pushed api to know when case have been pushed
* fix rebase
* add connector name in case configuration saved object
* fix total comment in all cases
* totalComment bug on the API
* integrate user action API with UI
* fix merged issue
* integration APi to push to services with UI
* Fix bugs
* wip to show pushed service in ui
* finish the full flow with pushing to service now
* review about client discrepency
* clean up + review
* merge issue
* update error msgs to info
* add aria label + fix but on add/remove tags
* fix i18n
Co-authored-by: Christos Nasikas <christos.nasikas@elastic.co>
* Move timeline template to Define step of Rule creation
This required a refactor/simplification of the step_define_rule logic to
make things work. In retrospect I think that the issue was we were not
handling incoming `defaultValues` props well, which was causing local
component state to be lost.
Now that we're doing a merge and removed a few unneeded local useStates,
things are a) working and b) cleaner
* Fix Rule details/edit view with updated data
We need to fix the other side of the equation to get these to work: the
timeline data was moved to a different step during creation, but when
viewing on the frontend we split the rule data back into the separate
"steps."
* Remove unused import
* Fix bug in formatDefineStepData
I neglected to pass through index in a previous commit.
* Update tests now that timeline has movied to a different step
* Fix more tests
* Update StepRuleDescription snapshots
* Fix cypress Rule Creation test
Timeline template moved, and so tests broke.
* Add unit tests for filterRuleFieldsForType
* [Reporting/New Platform Migration] Use a new config service on server-side
* unit test for createConfig
* use promise.all and remove outdated comment
* design feedback to avoid handling the entire config getter
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Clean up the cytoscape component and event handlers to simplify the layout logic.
Make all centering animations animated.
Add logging of cytoscape events when we're in debug mode.
Add Elasticsearch icon.
* [Lens] Improve suggestions when dragging into an existing visualization
* Include 0 metrics case
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* build: update @elastic/charts to v18.1.0
* tests: fix breaking-change on legendItem className
* fix: type changes and ml custom tooltip data
* tests: fix snapshot test
* [Lens] Use new charts APIs to simplify series naming
* Fix types
* Fix naming
* Remove accidental file
* Update snapshots
Co-authored-by: Marco Vettorello <vettorello.marco@gmail.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
This removes the rescaling of ordinal values to the [0,1] domain, and modifies the creation of the mapbox-style rules to use the actual RangeStyleMeta-data. This is an important prerequisite for Maps handling tile vector sources. For these sources, Maps does not have access to the raw underlying GeoJson and needs to use the stylemeta directly.
* Add configurable page size to monitor list.
* Add functional tests for new feature.
* Update outdated snapshots.
* Extract UI concerns for size select component to dedicated function.
* Add missing props to resolve type check errors.
* Add unit test for new UI functionality.
* Refresh snapshots after additional changes.
* Introduce new parameter to API test function.
* Update flex behavior for new UI component.
* Clean up code in functional page object file.
* Refresh snapshots that were broken by previous feedback implementation.
* Fix async error introduced to test framework by other patch.
* [Telemetry] Migration to NP
* Telemetry management advanced settings section + fix import paths + dropped support for injectVars
* Fix i18nrc paths for telemetry
* Move ui_metric mappings to NP registerType
* Fixed minor test tweaks
* Add README docs (#60443)
* Add missing translation
* Update the telemetryService config only when authenticated
* start method is not a promise anymore
* Fix mocha tests
* No need to JSON.stringify the API responses
* Catch handleOldSettings as we used to do
* Deal with the forbidden use case in the optIn API
* No need to provide the plugin name in the logger.get(). It is automatically scoped + one missing CallCluster vs. APICaller type replacement
* Add empty start method in README.md to show differences with the other approach
* Telemetry collection with X-Pack README
* Docs update
* Allow monitoring collector to send its own ES client
* All collections should provide their own ES client
* PR feedback
* i18n NITs from kibana-platform feedback
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* adds data for having closed signals
* adds 'Open one signal when more than one closed signals are selected' test'
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* Gate ML Rules behind a license check
If they don't have a Platinum or Trial license, then we disable the ML
Card and provide them a link to the subscriptions marketing page.
* Add aria-describedby for new ML input fields
* Add data-test-subj to new ML input fields
* Remove unused prop
This is already passed as isLoading
* Fix capitalization on translation id
* Declare defaulted props as optional
* Gray out entire ML card when ML Rules are disabled
If we're editing an existing rule, or if the user has an insufficient
license, we disable both the card and its selectability. This is more
visually striking, and a more obvious CTA.
* adding custom links to actions menu
* user should have at least gold license to be able to manage custom links
* replacing variable for the correspondent value
* refactoring license prompt to a shared place
* fixing query to return filters that were saved separated by comma
* refactoring license prompt to a shared place
* fixing query to return filters that were saved separated by comma
* adding unit test, splitting value by comma and removing empty ones
* adding custom links to actions menu
* UI fixes
* moving stuff to common
* changing flyout texts
* refactoring getSelectOption
* refactoring getSelectOption
* refactoring filter options name
* adding preview panel
* adding preview panel
* fixing test
* adding unit test for replace template variables
* fixing typo
* polishing preview panel
* fixing pr comments
* fixing pr comments
* adding links
* fixing unit test
* removing servicemap license prompt
* Update the Authentication histogram to use categorization fields
* linting
* Use categorization fields for the Authentications table
* Use event.outcome for authentications KPIs
* Adjust mock to fix unit test
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Adds a settings page to the Uptime UI. The settings page values are per-space. The only current setting is heartbeatIndices.
To test this against alternate indices try changing setup.ilm.rollover_alias in heartbeat.yml to something like alt-prefix. See the ilm docs for more details.
This should be tested with read-only and write only roles. To test this in kibana try creating two users with two different roles in kibana. One roll should have read access to the Uptime space in kibana. The other should have all access. Both should have read permissions for the heartbeat-* index pattern.
This patch also splits API perms from just heartbeat to uptime-read and uptime-write.
This patch also refactors some of the header component functionality, using hooks for breadcrumbs, and making the top links optional.
Fixeselastic/uptime#43
* Allow ML Rules to be patched
* Test passing of params from our patch routes to our helpers
Since patchRules accepts a partial there's no way to verify this in
typescript, we need regression tests instead.
* Update lists when importing with overwrite
This was simply missed earlier.
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* Adds rotation transform which does the top->bottom to left->right
transformation + an extra 5 degrees which results in taxi edges
separating when rendered.
* PR feedback to reduce edge width on hover, and assure that connected
edges are highlighted when node is selected/focused
* update disabled kuery bar placeholder text for service map
* update to eui 21.0.1
* most changes needed for search bar ts changes
* Passing types
* snapshots
* jest tests
* Removed IQuery placeholder types
* Updated functional test to only look at table headers with content
* Moved 'filters' definition around in api docs
* Update types
* update snapshot
* typo
* Move DATA_FRAME_TASK_STATE enum to its own file to fix x-pack functional test config imports
* merge public api 'changes'
Co-authored-by: patrykkopycinski <patryk.kopycinski@elastic.co>
Co-authored-by: Patryk Kopycinski <contact@patrykkopycinski.com>
Remove the getCytoscapeElements function.
On the server:
* Replace `source` with `sourceData`, `destination` with `targetData`, `source.id` with `source`, and `destination.id` with `target`.
* Return a single array as an `elements` property instead of `nodes` and `connections`
* Map all of the items data to be inside of a `data` object
* Replace SERVICE_AGENT_NAME with AGENT_NAME
* Add some missing constants
On the client:
* Remove getCytoscapeElements
* Move all presentation-specific data transformation to use the original attributes in the place where they're needed
* Remove `href` since it wasn't being used
* Move BetaBadge to its own file
* Move cytoscapeDivStyle to cytoscapeOptions
* Fix storybook to work with new data formats
* First pass
* First pass
* Add new routes
* Getting closer
* Remove legacy server code, and other fixes
* Register the plugin with xpack
* Pass a legacy client to telemetry
* Suport callWithInternalUser
* Remove this
* More NP work
* Fix some tests
* Fix broken test
* Move over new telemetry changes, and fix other issues
* Fix TODO item
* Reuse the same schema as elasticsearch module
* Use a singular config definition here
* Disable this for now
* Use the right method
* Use custom config again
* Tweak the config to make this optional
* Remove these
* Remove these unnecessary files
* Fix jest test
* Fix some linting issues
* Fix type issue
* Fix localization issues
* Use the elasticsearch config
* Remove todos
* Fix this check
* Move kibana alerting over
* PR feedback
* Use new metrics core service
* Change config for xpack_api_polling_frequency_millis
* Make sure this is disabled for now
* Disable both
* Update this to the new function
* Tighten up legacy api needs
* Check for existence
* Fix jest tests
* Cleaning up the plugin definition
* Create custom type in our plugin
* Revert this change
* Fix CI issues
* Add these tests back
* Just use a different collector type
* Handle errors better
* Use custom type
* PR feedback
* Fix type issues
* PR feedback
* Define minimum license required for each action type (#58668)
* Add minimum required license
* Require at least gold license as a minimum license required on third party action types
* Use strings for license references
* Ensure license type is valid
* Fix some tests
* Add servicenow to gold
* Add tests
* Set license requirements on other built in action types
* Use jest.Mocked<ActionType> instead
* Change servicenow to platinum
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* Make actions config mock and license state mock use factory pattern and jest mocks (#59370)
* Add license checks to action HTTP APIs (#59153)
* Initial work
* Handle errors in update action API
* Add unit tests for APIs
* Make action executor throw when action type isn't enabled
* Add test suite for basic license
* Fix ESLint errors
* Fix failing tests
* Attempt 1 to fix CI
* ESLint fixes
* Create sendResponse function on ActionTypeDisabledError
* Make disabled action types by config return 403
* Remove switch case
* Fix ESLint
* Add license checks within alerting / actions framework (#59699)
* Initial work
* Handle errors in update action API
* Add unit tests for APIs
* Verify action type before scheduling action task
* Make actions plugin.execute throw error if action type is disabled
* Bug fixes
* Make action executor throw when action type isn't enabled
* Add test suite for basic license
* Fix ESLint errors
* Stop action task from re-running when license check fails
* Fix failing tests
* Attempt 1 to fix CI
* ESLint fixes
* Create sendResponse function on ActionTypeDisabledError
* Make disabled action types by config return 403
* Remove switch case
* Fix ESLint
* Fix confusing assertion
* Add comment explaining double mock
* Log warning when alert action isn't scheduled
* Disable action types in UI when license doesn't support it (#59819)
* Initial work
* Handle errors in update action API
* Add unit tests for APIs
* Verify action type before scheduling action task
* Make actions plugin.execute throw error if action type is disabled
* Bug fixes
* Make action executor throw when action type isn't enabled
* Add test suite for basic license
* Fix ESLint errors
* Stop action task from re-running when license check fails
* Fix failing tests
* Attempt 1 to fix CI
* ESLint fixes
* Return enabledInConfig and enabledInLicense from actions get types API
* Disable cards that have invalid license in create connector flyout
* Create sendResponse function on ActionTypeDisabledError
* Make disabled action types by config return 403
* Remove switch case
* Fix ESLint
* Disable when creating alert action
* Return minimumLicenseRequired in /types API
* Disable row in connectors when action type is disabled
* Fix failing jest test
* Some refactoring
* Card in edit alert flyout
* Sort action types by name
* Add tooltips to create connector action type selector
* Add tooltips to alert flyout action type selector
* Add get more actions link in alert flyout
* Add callout when creating a connector
* Typos
* remove float right and use flexgroup
* replace pixels with eui variables
* turn on sass lint for triggers_actions_ui dir
* trying to add padding around cards
* Add callout in edit alert screen when some actions are disabled
* improve card selection for Add Connector flyout
* Fix cards for create connector
* Add tests
* ESLint issue
* Cleanup
* Cleanup pt2
* Fix type check errors
* moving to 3-columns cards for connector selection
* Change re-enable to enable terminology
* Revert "Change re-enable to enable terminology"
This reverts commit b497dfd6b6.
* Add re-enable comment
* Remove unecessary fragment
* Add type to actionTypeNodes
* Fix EuiLink to not have opacity of 0.7 when not hovered
* design cleanup in progress
* updating classNames
* using EuiIconTip
* Remove label on icon tip
* Fix failing jest test
Co-authored-by: Andrea Del Rio <delrio.andre@gmail.com>
* Add index to .index action type test
* PR feedback
* Add isErrorThatHandlesItsOwnResponse
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Co-authored-by: Andrea Del Rio <delrio.andre@gmail.com>
* Layers dir up through sources migrated. Kibana services updated
* Create separate init method for plugin setup, leverage in embeddable factory
* Add NP timefilter, http, IndexPatternSelect
* Pull vis color utils into Maps
* Add NP dark mode and toast handling. Some fixes
* Init autocomplete and indexPattern via normal paths
* Test fixes and clean up
* Update index pattern and autocomplete refs. Make getters functions
* Fix remaining broken jest tests
* Update inspector start contract
* Clean up plugin and legacy files. Fix type issues
* Set inspector in plugin start method not external function
* Keep both injected var functions (legacy and NP). Move inspector init back to separate init function
* Add back ts-ignore on NP kibana services import
* update layout
* add utility bars
* add icon
* adding a route for exporting timeline
* organizing data
* fix types
* fix incorrect props for timeline table
* add export timeline to tables action
* fix types
* add client side unit test
* add server-side unit test
* fix title for delete timelines
* fix unit tests
* update snapshot
* fix dependency
* add table ref
* remove custom link
* remove custom links
* Update x-pack/legacy/plugins/siem/common/constants.ts
Co-Authored-By: Xavier Mouligneau <189600+XavierM@users.noreply.github.com>
* remove type ExportTimelineIds
* reduce props
* Get notes and pinned events by timeline id
* combine notes and pinned events data
* fix unit test
* fix type error
* fix type error
* fix unit tests
* fix for review
* clean up generic downloader
* review with angela
* review utils
* fix for code review
* fix for review
* fix tests
* review
* fix title of delete modal
* remove an extra bracket
Co-authored-by: Xavier Mouligneau <189600+XavierM@users.noreply.github.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* [canvas/shareable_runtime] sync sass loaders with kbn/optimizer
* limit sass options to those relevant in this context
Co-authored-by: spalger <spalger@users.noreply.github.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* Fix updating of ML rules
* Add a regression test for updating ML Rules
* Allow ML Rules to be patched
And adds a regression unit test.
* Allow ML rule params to be imported when overwriting
* Add a basic regression test for creating a rule with ML params
* Prevent users from changing an existing Rule's type
* WIP trying things.
Add new alert type for Uptime.
Add defensive checks to alert executor.
Move status check code to dedicated adapter function.
Clean up code.
* Port adapter function to dedicated file.
* WIP.
* Working on parameter selection.
* Selector expressions working.
* Working on actions.
* Change anchor prop for popovers.
* Reference migrated alerting plugin.
* Clean up code for draft.
* Add button to expose flyout. Clean up some client code.
* Add test for requests function, add support for filters.
* Reorganize and clean up files.
* Add location and filter support to monitor status request function.
* Add tests for monitor status request function.
* Specify default action group id in alert registration.
* Extract repeated string value to a constant.
* Move test file to server in NP plugin.
* Update imports after NP migration.
* Fix UI bug that caused incorrect location selections in alert creation.
* Change alert expression language to clarify meaning.
* Add ability for user to select timerange units.
* Add code that fixes active item highlighting.
* Add better default value for active index selection.
* Introduce dedicated field number component.
* Add message to status check alert.
* Add tests for context message.
* Formalize alert action group definitions.
* Extract monitor id squashing from context message generator.
* Write test for monitor ID uniqueness function.
* Add alert state creator function and tests.
* Update action group id value.
* Add tests for alert factory and executor function.
* Rename alert context props to be more domain-specific.
* Clean up unnecessary type markup.
* Clean up alert ui controls file.
* Better organize new registration code.
* Simplify some logic code.
* Clean up bootstrap code.
* Add unit tests for alert type.
* Delete temporary test code from triggers_actions_ui.
* Rename a test file.
* Add some comments to annotate a file.
* Add io-ts type checking to alert create validation and alert executor.
* Add translation of plaintext content string.
* Further simplify monitor status alert validation.
* Add io-ts type checking to alert params.
* Update a comment.
* Prefer inline snapshots to more error-prone assertions.
* Clean up and comment request function.
* Rename a symbol.
* Fix broken types in reducer file and add a test.
* Fix a validation logic error and add tests.
* Delete unused import.
* Delete obsolete dependency.
* Fix function call to have correct parameters.
* Fixing some import weirdness.
* Reintroduce accidentally-deleted code.
* Delete unneeded require from legacy entry file.
* Remove unneeded connected component.
* Update flyout controls for new interface and delete connected components.
* Remove unneeded require from app index file.
* Introduce data-test-subj attributes to various components to assist with functional tests.
* Introduce functional test helpers for alert flyout.
* Add functional test arch and a test for alerting UI to ES SSL test suite.
* Add explicit exports to module index.
* Reorganize file to keep interfaces closer to their implementations.
* Move create alert button to better position.
* Clean up a file.
* Update a functional test attribute, clean up a file, rename a selector, add tests.
* Add a comment.
* Make better default alert message, translate messages, add/update tests.
* Fix broken type.
* Update obsolete snapshot.
* Introduce mock provider to tests and update snapshots.
* Reduce a strange type to `any`.
* Add alert flyout button connected component.
* Add alert flyout wrapper connected component.
* Create connected component for alert monitor status alert.
* Clean up index files.
* Update i18nrc file to cover translation in server plugin code.
* Fix broken imports.
* Update test snapshots.
* Prefer more descriptive type.
* Prefer more descriptive type.
* Prefer built-in React propType to custom.
* Prefer simpler validation.
* Add whitespace to clean up file.
* Extract function and write tests.
* Simplify validation function.
* Add navigate to alerting button.
* Move context item inside the items list.
* Clean up alert creation component.
* Update type check parsing and error messaging, and update snapshot/test assertions.
* Update broken snapshot.
* Update README for running functional tests.
* Update functional test service to reflect improved UX.
* Fix broken type that resulted from a mistake during a merge resolution.
* Add spacer between alert title and kuery bar.
* Update the id and name of our alert type because it was never changed from placeholder value.
* Rename alert keys.
* Fix broken unit tests.
* Add aria-labels to alert UI.
* Implement design feedback.
* Fix broken test snapshots.
* Add missing props to unit tests to staisfy updated types.
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* Public in WiP state, removed all 'ui/' imports
* First iteration of public shimmed and working
* A whole lotta WIP server side
* Server-side to using the NP router + client side changes
Updated the client code to properly encode requests to the
server. Did first E2E test.
Route tests are probably broken, need to fix them.
* Removed unused error wrapping code
* Update client Jest tests
* Add breadcrumbs service mock
* Fix server side Jest tests
* Add helper functions file for server side Jest tests
* Fix API integration tests
* Fixed boolean logic mistake in due to refactor in index mgmt ext.
Also migrated to the a more NP friendly version of index mgmt
extension.
* Remove unused import
* Clean up some cruft and refactor URL variable names
* Fix stringification of body and fix boolean server logic
* Fix mocha
Folder called __tests__ with Jest tests was breaking mocha.
* Refactor to Jest test
* Fix types issues in jest test
* Migrate to new config-schema API
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
## Summary
* https://github.com/elastic/kibana/issues/60022
* Adds the feature flag for simple list values
* Adds the boolean filters of "and", "and not" to further filter based on simple values
* Adds unit tests and e2e tests for the values.
* Most tests can include the simple list values but some have to be skipped until we move those to more functions or just enable simple list values as a permanent feature.
* DOES NOT FILTER ON THE VALUES JUST YET (That will be a follow on PR)
## Testing:
To turn on/off the feature flag do this with an env variable (set this in your .bashrc/.zshrc):
```ts
export ELASTIC_XPACK_SIEM_LISTS_FEATURE=true
```
Expect to see this error in the console when the environment variable is set:
```ts
server log [11:41:16.245] [error][plugins][siem] You have activated the lists feature flag which is NOT currently supported for SIEM! You should turn this feature flag off immediately by un-setting the environment variable: ELASTIC_XPACK_SIEM_LISTS_FEATURE and restarting Kibana
```
Expect create and update to work when the environment variable is set and look like this:
```ts
./update_rule.sh ./rules/updates/update_list.json
{
"created_at": "2020-03-15T17:42:37.074Z",
"updated_at": "2020-03-15T17:54:22.427Z",
"created_by": "yo",
"description": "Query with a list",
"enabled": true,
"false_positives": [],
"from": "now-6m",
"id": "c602e3f6-713b-4f43-9bdd-b60fbfead1c5",
"immutable": false,
"interval": "5m",
"rule_id": "query-with-list",
"language": "kuery",
"output_index": ".siem-signals-hassanabad-frank-default",
"max_signals": 100,
"risk_score": 1,
"name": "Query with a list",
"query": "user.name: root or user.name: admin",
"references": [],
"severity": "high",
"updated_by": "yo",
"tags": [],
"to": "now",
"type": "query",
"threat": [],
"version": 6,
"lists": [
{
"field": "source.ip",
"boolean_operator": "and",
"values": [
{
"name": "127.0.0.1",
"type": "value"
}
]
},
{
"field": "host.name",
"boolean_operator": "and not",
"values": [
{
"name": "rock01",
"type": "value"
}
]
}
],
"status": "succeeded",
"status_date": "2020-03-15T17:42:40.718Z",
"last_success_at": "2020-03-15T17:42:40.718Z",
"last_success_message": "succeeded"
}
```
```ts
./post_rule.sh ./rules/queries/query_with_list.json
{
"created_at": "2020-03-15T17:42:37.074Z",
"updated_at": "2020-03-15T17:42:37.116Z",
"created_by": "yo",
"description": "Query with a list",
"enabled": true,
"false_positives": [],
"from": "now-6m",
"id": "c602e3f6-713b-4f43-9bdd-b60fbfead1c5",
"immutable": false,
"interval": "5m",
"rule_id": "query-with-list",
"language": "kuery",
"output_index": ".siem-signals-hassanabad-frank-default",
"max_signals": 100,
"risk_score": 1,
"name": "Query with a list",
"query": "user.name: root or user.name: admin",
"references": [],
"severity": "high",
"updated_by": "yo",
"tags": [],
"to": "now",
"type": "query",
"threat": [],
"version": 1,
"lists": [
{
"field": "source.ip",
"boolean_operator": "and",
"values": [
{
"name": "127.0.0.1",
"type": "value"
}
]
},
{
"field": "host.name",
"boolean_operator": "and not",
"values": [
{
"name": "rock01",
"type": "value"
},
{
"name": "mothra",
"type": "value"
}
]
}
]
}
```
```ts
./patch_rule.sh ./rules/patches/update_list.json
{
"created_at": "2020-03-15T18:02:52.434Z",
"updated_at": "2020-03-15T18:02:57.675Z",
"created_by": "yo",
"description": "Query with a list",
"enabled": true,
"false_positives": [],
"from": "now-6m",
"id": "40b7c2fb-83b4-4820-bf7c-056f3a631126",
"immutable": false,
"interval": "5m",
"rule_id": "query-with-list",
"language": "kuery",
"output_index": ".siem-signals-hassanabad-frank-default",
"max_signals": 100,
"risk_score": 1,
"name": "Query with a list",
"query": "user.name: root or user.name: admin",
"references": [],
"severity": "high",
"updated_by": "yo",
"tags": [],
"to": "now",
"type": "query",
"threat": [],
"version": 1,
"lists": [
{
"field": "source.ip",
"boolean_operator": "and",
"values": [
{
"name": "127.0.0.1",
"type": "value"
}
]
},
{
"field": "host.name",
"boolean_operator": "and not",
"values": [
{
"name": "rock01",
"type": "value"
},
{
"name": "mothra",
"type": "value"
}
]
}
],
"status": "succeeded",
"status_date": "2020-03-15T18:02:56.426Z",
"last_success_at": "2020-03-15T18:02:56.426Z",
"last_success_message": "succeeded"
}
```
```ts
./get_rule_by_rule_id.sh query-with-list
{
"created_at": "2020-03-15T18:10:07.657Z",
"updated_at": "2020-03-15T18:10:08.479Z",
"created_by": "yo",
"description": "Query with a list",
"enabled": true,
"false_positives": [],
"from": "now-6m",
"id": "9854162b-003c-47be-af59-8c3c9545aafa",
"immutable": false,
"interval": "5m",
"rule_id": "query-with-list",
"language": "kuery",
"output_index": ".siem-signals-hassanabad-frank-default",
"max_signals": 100,
"risk_score": 1,
"name": "Query with a list",
"query": "user.name: root or user.name: admin",
"references": [],
"severity": "high",
"updated_by": "yo",
"tags": [],
"to": "now",
"type": "query",
"threat": [],
"version": 1,
"lists": [
{
"field": "source.ip",
"boolean_operator": "and",
"values": [
{
"name": "127.0.0.1",
"type": "value"
}
]
},
{
"field": "host.name",
"boolean_operator": "and not",
"values": [
{
"name": "rock01",
"type": "value"
},
{
"name": "mothra",
"type": "value"
}
]
}
],
"status": "going to run",
"status_date": "2020-03-15T18:10:10.738Z"
}
```
Expect these errors when the environment variable is not set:
```ts
./post_rule.sh ./rules/queries/query_with_list.json
{
"statusCode": 400,
"error": "Bad Request",
"message": "[request body]: child \"lists\" fails because [\"lists\" is not allowed]"
}
```
```ts
./update_rule.sh ./rules/queries/query_with_list.json
{
"statusCode": 400,
"error": "Bad Request",
"message": "[request body]: child \"lists\" fails because [\"lists\" is not allowed]"
}
```
```ts
./patch_rule.sh ./rules/patches/update_list.json
{
"statusCode": 400,
"error": "Bad Request",
"message": "[request body]: child \"lists\" fails because [\"lists\" is not allowed]"
}
```
Expect that this is _backwards_ compatible with the feature flag but not necessarily _forwards_ compatible. This means:
* You can have older data that never had lists and it will show up as an empty list when you query it. (backwards compatible)
* You _might_ have lists and remove the env. variable and get back items as if the list was not there for (forwards compatible)
* You can export without lists, flip on the env flag and import with newer lists feature (backwards compatible)
* You can export lists and it will _not_ work with an older system (not forwards compatible)
### Checklist
Delete any items that are not applicable to this PR.
- [x] [Unit or functional tests](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) were updated or added to match the most common scenarios
* Initial Commit
Update to ESDocs datasource per team feedback
* Updates
Updates per Ryan's mockups
* Updates II
Updates per Poff's review
* Updates III
Update to some of the verbiage and card sizes - working on re-ordering and adding a link to the lucen query syntax
* design tweaks
* Adding lucene hyperlink
update to add hyperlink help for Lucene query syntax
* Consollidating datasources to sort
Consolidating the ESDocs datasource with the rest, so that we can order them
* updates for i18n
updates for i18n
* Updates
Updates from Gail for verbiage and integrating Ryan's change for style
* Update ui.ts
Updates for i18n
* Updates for datasource order
moving the esdocs datasource to live with the rest of the UI datasources, and sorting them accordingly.
* Update datasource_component.js
removing console log, whoops
* Update ui.ts
Update to fix i18n essql issue
* Update ui.ts
Updates to fix i18n references for the esdocs datasource move
* Update to Timelion URL
I noticed that the Timelion datasource showed "Lucene query syntax" which wasn't relevant, so I updated it to "Timelion", along with a tutorial, as the link for current Timelion docs does not provide any syntax tutorial.
* Update ui.ts
update for i18n
* Update ui.ts
update for i18n
* Update ui.ts
Update to removed unused value - the i18n check gave me latent errors, sorry for the repost
* i18n updates
Updating nomenclature to get past i18n errors
* Updates
Code review updates to remove extraneous code
* Update timelion.js
update to remove extraneous comment per code review
* More i18n updates
translation updates to accommodate the esdocs datasource move
* Update datasource_component.js
Update to toggle datasource icon in selected element mode
* Update ui.ts
hopefully last i18n fix
Co-authored-by: Ryan Keairns <contactryank@gmail.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* Remove unnecessary linter exceptions
Not sure what was causing issues here, but it's gone now.
* WIP: Simple form to test creation of ML rules
This will be integrated into the regular rule creation workflow, but for
now this simple form should allow us to exercise the full ML rule
workflow.
* WIP: Adds POST to backend, and type/payload changes necessary to make that work
* Simplify logic with Math.min
* WIP: Failed spike of making an http call
* WIP: Hacking together an ML client
The rest of this is going to be easier if I have actual data. For now
this is mostly copy/pasted and simplified ML code. I've hardcoded time
ranges to a period I know has data for a particular job.
* Threading through our new ML Rule params
It's a bummer that we normalize our rule alert params across all rule
types currently, but that's the deal.
* Retrieve our anomalies during rule execution
Next step: generate signals
* WIP: Generate ECS-compatible ML Signals
This uses as much of the existing signal-creation code as possible. I
skipped the search_after stuff for now because it would require us
recreating the anomalies query which we really shouldn't own. For now,
here's how it works:
* Adds a separate branch of the rule executor for machine_learning rules
* In that branch, we call our new bulkCreateMlSignal function
* This function first transforms the anomaly document into ECS fields
* We then pass the transformed documents to singleBulkCreate, which
does the rest
* After both branches, we update the rule's status appropriately.
We need to do some more work on the anomaly transformation, but this
works!
* Extract setting of rule failure to helper function
We were doing this identically in three places.
* Remove unused import
* Define a field for our Rule Type selection
This adds most of the markup and logic to allow an ML rule type to be
selected. We still need to add things like license-checking and
showing/hiding of fields based on type.
* Hide Query Fields when ML is selected
These are still getting set on the form. We'll need to filter these
fields before we send off the data, and not show them on the readonly
display either.
ALso, edit is majorly broken.
* Add input field for anomaly threshold
* Display numberic values in the readonly view of a step
TIL that isEmpty returns false for numbers and other non-iterable
values. I don't think it's exactly what we want here, but until I figure
out the intention this gets our anomalyThreshold showing up without a
separate logic branch here. Removes the unnecessary branch that was
redundant with the 'else' clause.
* Add field for selecting an ML job
This is not the same as the mockups and lacks some functionality, but
it'll allow us to select a job for now.
* Format our new ML Fields when sending them to the server
So that we don't get rejected due to snake case vs camelcase.
* Put back code that respects a rule's schedule
It was previously hardcoded to a time period I knew had anomalies.
* ML fields are optional in our creation step
In that we don't initialize them like we do the query (default) fields.
* Only send along type-specific Rule fields from form
This makes any query- or ML-specific fields optional on a Rule, and
performs some logic on the frontend to group and include these fieldsets
conditionally based on the user's selection. The one place we don't
handle this well is on the readonly view of a completed step in the
rules creation, but we'll address that.
* Rename anomalies query
It's no longer tabular data. If we need that, we can use the ML client.
* Remove spike page with simple form
* Remove unneeded ES option
This response isn't going to HTTP, which is where this option would
matter.
* Fix bulk create logic
I made a happy accident and flipped the logic here, which meant we
weren't capping the signals we created.
* Rename argument
Value is a little more ambiguous than data, here: this is our step data.
* Create Rule form stores all values, but filters by type for use
When sending off to the backend, or displaying on the readonly view, we
inspect which rule type we've currently selected, and filter our form
values appropriately.
* Fix editing of ML fields on Rule Create
We need to inherit the field value from our form on initial render, and
everything works as expected.
* Clear form errors when switching between rule types
Validation errors prevent us from moving to the next step, so it was
previously possible to get an error for Query fields, switch to an ML
rule, and be unable to continue because the form had Query errors.
This also adds a helper for checking whether a ruleType is ML, to
prevent having to change all these references if the type string
changes.
* Validate the selection of an ML Job
* Fix type errors on frontend
According to the types, this is essentially the opposite of formatRule,
so we need to reinflate all potential form values from the rule.
* Don't set defaults for query-specific rules
For ML rules these types should not be included.
* Return ML Fields in Rule responses
This adds these fields to our rule serialization, and then adds
conditional validation around those fields if the rule type is ML.
Conversely, we moved the 'language' and 'query' fields to be
conditionally validated if the rule is a query/saved_query rule.
* Fix editing of ML rules by changing who controls the field values
The source of truth for their state is the parent form object; these
inputs should not have local state.
* Fix type errors related to new ML fields
In adding the new ML fields, some other fields (e.g. `query` and
`index`) that were previously required but implicitly part of Query
Rules are now marked as optional.
Consequently, any downstream code that actually required these fields
started to complain. In general, the fix was to verify that those fields
exist, and throw an error otherwise as to appease the linter.
Runtime-wise, the new ML rules/signals follow a separate code path and
both branches should be unaffected by these changes; the issue is simply
that our conditional types don't work well with Typescript.
* Fix failing route tests
Error message changed.
* Fix integration tests
We were not sending required properties when creating a rule(index and
language).
* Fix non-ML Rule creation
I was accidentally dropping this parameter for our POST payload. Whoops.
* More informative logging during ML signal generation
The messaging diverged from the normal path here because we don't have
index patterns to display. However, we have the rest of the rule
context, and should report it appropriately.
* Prefer keyof for string union types
* Tidy up our new form components
* Type them as React.FCs
* Remove unnecessary use of styled-components
* Prefer destructuring to lodash's omit
* Fix mock params for helper functions
These were updated to take simpler parameters.
* Remove any type
This could have been a boolean all along, whoops
* Fix mock types
* Update outdated tests
These were added on master, but behavior has been changed on my branch.
* Add some tests around our helper function
I need to refactor it, so this is as good a time as any to pin down the
behavior.
* Remove uses of any in favor of actual types
Mainly leverages ML typings instead of our placeholder types. This
required handling a null case in our formatting of anomalies.
* Annotate our anomalies with @timestamp field
We were notably lacking this ECS field in our post-conversion anomalies,
and typescript was rightly complaining about it.
* ml_job_id -> machine_learning_job_id
* PR Feedback
* Stricter threshold type
* More robust date parsing
* More informative log/error messages
* Remove redundant runtime checks
* Cleaning up our new ML types
* Fix types on our Rest types
* Use less ambiguous machineLearningJobId over mlJobId
* Declare our ML params as required keys, and ensure we pass them around
everywhere we might need them (creating, importing, updating rules).
* Use implicit type to avoid the need for a ts-ignore
FormSchema has a very generic index signature such that our
filterRuleFieldsForType helper cannot infer that it has our necessary
rule fields (when in fact it does). By removing the FormSchema hint we
get the actual keys of our schema, and things work as expected.
All other uses of schema continue to work because they're expecting
FormSchema, which is effectively { [key: string]: any }.
* New ML params are not nullable
Rather than setting a null and then never using it, let's just make it
truly optional in terms of default values.
* Query and language are conditional based on rule type
For ML Rules, we don't use them.
* Remove defaulted parameter in API test
We don't need to specify this, and we should continue not to for
backwards compatibility.
* Use explicit types over implicit ones
The concern is that not typing our schemae as FormSchema could break our
form if there are upstream changes. For now, we simply use the
intersection of FormSchema and our generic parameter to satisfy our use
within the function.
* Add integration test for creation of ML Rule
* Add ML fields to route schemae
* threshold and job id are conditional on type
* makes query and language mutually exclusive with above
* Fix router test for creating an ML rule
We were sending invalid parameters.
* Remove null check against index for query rules
We support not having an index here, as getInputIndex will return the
current UI setting if none is specified.
* Add regression test for API compatibility
We were previously able to create a rule without an input index; we
should continue to support that, as verified by this test!
* Respect the index pattern determined at runtime when performing search_after
If a rule does not specify an input index pattern on creation, we use
the current UI default when the rule is evaluated. This ensures that any
subsequent searches use that same index.
We're not currently persisting that runtime index to the generated
signal, but we should.
* Fix type errors in our bulk create tests
We added a new argument, but didn't update the tests.
* [Maps] Blended layer that switches between documents and clusters
* change layer type when scalingType changes
* getSource
* use cluster source when count exceeds value
* ensure doc source stays in editor
* start creating cluster style
* pass all parts of style descriptor
* get toggling between sources working
* derive cluster style from document style
* remove references to METRIC_TYPE
* fix import
* start typescripting blended_vector_layer
* more typescript work
* last of the TS errors
* add migration to convert useTopTerm to scalingType
* clean up
* remove MapSavedObject work since its in a seperate PR now
* fix EsSearchSource update editor jest test
* fix map_selector jest test
* move mutable state out of BlendedVectorLayer
* one more change for removing mutable BlendedVectorLayer state
* integrate newly merged MapSavedObjectAttributes type
* review feedback
* use data request for fetching feature count
* add functional test
* fix functional test
* review feedback
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* Fixes to service map single node banner
* Make the banner 95% width so it takes up the full width
* Check the actual count of cytoscape nodes to determine whether or not to show the banner
* Make the Cytoscape component able to take a function as children so we can access the cytoscape instance directly
* Update the .NET icon
* rework
* Update x-pack/legacy/plugins/apm/public/components/app/ServiceMap/EmptyBanner.tsx
Co-Authored-By: Oliver Gupte <ogupte@users.noreply.github.com>
Co-authored-by: Oliver Gupte <ogupte@users.noreply.github.com>
* Update the ems-client dependency
This PR adds the `appName` and `appVersion` parameters used by ems-client. The `appVersion` parameter replaces the now deprecated `kbnVersion` parameter in ems-client.
* Review feedback
* Fix borked merge
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* Move over to new plugin space, working implementation
* Fixing tests for report_listing snapshots
* WIP: Fixing react-component tests
* Fixing report_info_button tests
* Fixing download linksies
* WIP: Final working implementation
* Fixing attachAction API + API URLs
* Let the past die. Kill it if you have to. That’s the only way to become what you were meant to be.
* Fixing stream-client for new platform APIs
* Fixing types and tests
* Fix broken mock
* Adds back in warnings to report info button
* kibana.json line-breaks on required plugins
* Fixing broked snapshots
* Fix license checks in client-side components
* Adding back in warnings to report_listing component
* Fix danglig unused import
* Adds license checks for basic to our csv panel action
* Fixes issues from prior fork
* Move relative pathing to absolute
* Fix POST URL copying as we've moved from static methods
* Fix layoutId props
* Fixes types for layoutId
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* Move redirect_when_missing to kibana utils
* Replace redirectWhenMissing in dashboard
* Replace redirectWhenMissing in discover
* Remove redirect in monitoring
* Remove extra import
* Move invalid vistype check into editor.js
* Mock the history folder
* Fix redirect when missing index or saved object
* Move history to discover services
* Use redirect to listing page
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* [Maps] move MapSavedObject type out of telemetry
* move SavedObject from server to core/types
* review feedback
* results from check_published_api_changes
* Move validated range files to new NP location
* Update refs in code
* Clean up old validated range files
* Change relative paths to 'kibana-react'. Some clean up
* Change to relative paths
* Fix i18n errors
* i18n clean up. Export module explicitly
* Change files over to TS to prevent build issue where validated range was missing
* Clean up TS conversion
* More clean up. Extend EuiRangeProps
* Remove unneeded ts-ignore
* Review feedback and test fixes
* Change double to single quotes
* min and max aren't always passed, make optional
* Type updates
* Review feedback. Set state to empty on init and add ignore comment
* Review feedback
* Add back in last 2 ts-ignores. Build fails without focusable attribute on EuiDualRange & No good alternatives for spread syntax in TS components
* Rollback change to state init. Initializing state to null actually triggers a react browser warning and complicates using 'prevState' in getDerivedStateFromProps
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Refactors signal rule alert type into a smaller executor
## Summary
* Breaks out the schema into its own file and function
* Breaks out the action group into its own file and function
* Moves misc types being added to this into the `./types` file
* Breaks out all the writing of errors and success into their own functions
* Uses destructuring to pull data out of some of the data types
* Tweaks the gap detection to accept a date instead of moment to ease "ergonomics"
* Updates unit tests for the gap detection
### Checklist
Delete any items that are not applicable to this PR.
- [x] [Unit or functional tests](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) were updated or added to match the most common scenarios
