enable security on file dataviz and import (ML plugin)
update unit tests
add api test coverage for security in basic
move audit logging to standard+ license level
* [@kbn/expect] "fork" expect.js into repo
* [eslint] autofix references to expect.js
* [tslint] autofix all expect.js imports
* now that expect.js is in strict mode, avoid reassigning fn.length
* wip: add autocomplete kueryFilterBar.update endpoints with query.
* Create indexPattern on job change. Value is autocompleted
* Mask unrelated swimlanes on filter apply
* Only show relevant viewBy swimlane
* reload viewBy swimlane when view By change is relevant to filter
* handle various query types when building filteredFields list
* remove deprecated code from old filter bar
* Show error callout when invalid filter syntax
* remove dependency on deprecated import var
* remove all left over apm dependencies
* persist filter on refresh
* Create initial filter bar placeholder dynamically
* add description text when filter active
* switch to relevant viewBy fieldname on filter
* recalculate placeholder on job change
* Create tests for all components
* View by dropdown only contains relevant fields for filter
* fix localization message noInfluencers component
* Move indexPattern to state and viewBy option filtering to utils
* remove unnecessary setState when setting viewBy for filter
* Use preloaded jobs from mlJobService to get influencers
* Only filter viewByOptions if valid field
* use kql and move to components dir
* move filter bar to public/components/
- This adds more thorough error handling to retrieving annotations from the server to avoid breaking Anomaly Explorer when there's a problem retrieving annotations. The UI will silently fail and hide the annotations table if for whatever reasons annotations cannot be retrieved for the selected jobs (this could be permissions or setup related if e.g. the annotations feature index/aliases are not present). This is now the same behavior like in Single Metric Viewer. The browser console will still output an error message. This fixes an error scenario where Anomaly Explorer would fail to load if a user upgraded to 6.6 because the backend task wasn't run yet to create the annotation index/aliases.
- Disables annotations feature in Single Metric Viewer if annotations fail to load.
- Use componentDidUpdate and an update check instead of deprecated componentWillUpdate for updating the annotations table in jobs management.
The way job audit messages were fetched didn't retrieve the expected results if there were deleted jobs with messages still present for these jobs.
This fix allows to specify a list of job IDs to filter the audit messages on. For the jobs list UI, the currently existing job IDs will be passed on to ignore messages from deleted jobs.
This adds tests to `server/models/annotation_service`. The tests include a check if the `.key` attribute of an annotation is properly removed from an annotation before indexing it.
The UI adds a `key` attribute to annotation objects to store the letter used for labels in the chart and tables. When editing and saving an annotation that `key` could end up being saved to the annotations index. This isn't necesseary since the `key` attribute is just a dynamic label used within the UI. This fixes it by deleting an eventual `key` attribute from the annotations object before saving it to the index.
* [ML] Initial commit for auditbeat hosts ECS
Rename fields for ECS
Rework dashboards due to bwc
* [ML] Further auditbeat tidy up and consistency changes
Custom urls should link to saved search, not discover
Ensure savedSearchId is used for visualizations
Ensure filter terms are consistent
TODO Decide if we should rename to auditd module
TODO Fix for new saved object format
* [ML] Refinements for auditbeat host module
Remove duplicated title from visState
Shrink panel heights in row 1
* [ML] Refinements to auditbeat module
Update module name from auditd to auditbeat
Add useMargins true for dashboards
Add filter to custom url for
exists auditd.data.syscall
not exists container.runtime
event.module: auditd
* [ML] Initial commit for auditbeat_process_docker_ecs
Update for ECS using
container.name (instead of container.id)
container.runtime: docker
process.executable
event.module: auditd
auditd.data.syscall exists
TODOs
Use auditd.message_type: syscall (instead of auditd.data.syscall)
Possibly combine with auditbeat hosts saved objects (depending on host.name being shared)
Possibly combine to single dashboard
Test against live auditbeat data collection
With security enabled, the internal user wouldn't have enough permissions to run the integrity check. This changes the check to use the currently logged in user. Also fixes some typos in messages.
* [ML] Adding index migration warnings
* small refactor
* correctlng comment
* adding upgrade service to manage upgradeInProgress state
* removing missing function
* [ML] Initial commit for apache ecs module
* [ML] Update apache2 module for ECS
Rename following fields
event.module:apache
event.dataset:access
source.address
url.original
http.response.status_code
source.geo.location
Rationalise to only use one set of kibana saved objects for all http web access logs
Rename files from apache
Combined URL explorer into Count explorer dashboard as there was a lot of duplication
Add filter to custom url
Rename custom urls to Investigate Source IP and Status Code
Add chart to show overall event rate split by event.module - can tell if multiple datasets are included
Increase limit for top source ips from 5 to 50
Add created_by to custom setting for telemetry
Rename jobs and saved objects to include ecs tag
Tested side by side against v6 jobs
* [ML] Rename apache files from hyphen to underscores
* [ML] Further apache renames
Also change custom URLs to lower case to match "View series"
Change created_by to ml-module-apache-access
* [ML] Initial commit of nginx ml module
* [ML] Rename dashboard to generic explorer
* [ML] Further refinement for apache
Rename http_status_code to status_code_rate
Update custom url to use filters instead of lucene query bar
* [ML] Convert apache module to nginx
Copy files, keeping nginx logo
Multiple renames to nginx
* [ML] Make chart legend visible by default
* Add new references attribute to saved objects
* Add dual support for dashboard export API
* Use new relationships API supporting legacy relationships extraction
* Code cleanup
* Fix style and CI error
* Add missing spaces test for findRelationships
* Convert collect_references_deep to typescript
* Add missing trailing commas
* Fix broken test by making saved object API consistently return references
* Fix broken api integration tests
* Add comment about the two TS types for saved object
* Only return title from the attributes returned in findRelationships
* Fix broken test
* Add missing security tests
* Drop filterTypes support
* Implement references to search, dashboard, visualization, graph
* Add index pattern migration to dashboards
* Add references mapping to dashboard mppings.json
* Remove findRelationships from repository and into it's own function / file
* Apply PR feedback pt1
* Fix some failing tests
* Remove error throwing in migrations
* Add references to edit saved object screen
* Pass types to findRelationships
* [ftr] restore snapshots from master, rely on migrations to add references
* [security] remove `find_relationships` action
* remove data set modifications
* [security/savedObjectsClient] remove _getAuthorizedTypes method
* fix security & spaces tests to consider references and migrationVersion
* Add space id prefixes to es_archiver/saved_objects/spaces/data.json
* Rename referenced attributes to have a suffix of RefName
* Fix length check in scenario references doesn't exist
* Add test for inject references to not be called when references array is empty or missing
* some code cleanup
* Make migrations run on machine learning data files, fix rollup filterPath for savedSearchRefName
* fix broken test
* Fix collector.js to include references in elasticsearch response
* code cleanup pt2
* add some more tests
* fix broken tests
* updated documentation on referencedBy option for saved object client find function
* Move visualization migrations into kibana plugin
* Update docs with better description on references
* Apply PR feedback
* Fix merge
* fix tests I broke adressing PR feedback
* PR feedback pt2
* [dashboard+gis] remove dark mode options
* [reporting/extract] restore fixtures
* remove mentions of old `.theme-dark` class
* import panel styles from panel/_index.scss
* Prevent docCount fetch and remove sidebar if no timeField set.
* Don't show metrics section if no metrics cards
* Add parens to conditional statement as per styleguide
* Don't create docCount card if not timeseries based
