* filter filter bar suggestions by time (according to flag)
add api integration tests for autocomplete apis
* test fix: setDefaultAbsoluteRange
* timeRangeForSuggestionsOverride
* revert
* tests
* doc
* set time range
* Added tests following code review
* eslint
* fun-ctional tests
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* adds entries.list.id field in the searchable event filters fields list
* adds test case for list.id operator
* Revert "adds entries.list.id field in the searchable event filters fields list"
This reverts commit 45a66fd966.
* Revert "adds test case for list.id operator"
This reverts commit 9dba145df2.
* Disable large value list option in operators dropdown
* Refactor event filters form test to use context provider
* Fix ts checks
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Add aliases mapping signal fields to alerts as data fields
* Add aliases mapping alerts as data fields to signal fields
* Replace siem signals templates per space and add AAD index aliases to siem signals indices
* Remove first version of new mapping json file
* Convert existing legacy siem-signals templates to new ES templates
* Catch 404 if siem signals templates were already updated
* Enhance error message when index exists but is not write index for alias
* Check if alias write index exists before creating new write index
* More robust write target creation logic
* Add RBAC required fields for AAD to siem signals indices
* Fix index name in index mapping update
* Throw errors if bulk retry fails or existing indices are not writeable
* Add new template to routes even without experimental rule registry flag enabled
* Check template version before updating template
* First pass at modifying routes to handle inserting field aliases
* Always insert field aliases when create_index_route is called
* Update snapshot test
* Remove template update logic from plugin setup
* Use aliases_version field to detect if aliases need update
* Fix bugs
* oops update snapshot
* Use internal user for PUT alias to fix perms issue
* Update comment
* Disable new resource creation if ruleRegistryEnabled
* Only attempt to add aliases if siem-signals index already exists
* Fix types, add aliases to aad indices, use package field names
* Undo adding aliases to AAD indices
* Remove unused import
* Update test and snapshot oops
* Filter out kibana.* fields from generated signals
* Update cypress test to account for new fields in table
* Properly handle space ids with dashes in them
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Remove legacy imports from 'elasticsearch' package
This prefers the newer types from '@elastic/elasticsearch'.
There was one instance where mock data was insufficient to satisfy the
newer analogous types; in all other cases this was just a find/replace.
* Fix type errors with a null guard
We know that this mock has hits with _source values, but we cannot
convey this to typescript as null assertions are disabled within this
project. This seems like the next best solution, preferable to a
@ts-expect-error.
* Fix a few more type errors
* Replace legacy type imports in integration tests
* refactors destructuring due to _source being properly declared as
conditional
* Update more integration tests to account for our optional _source
Changes here fall into one of two categories:
* If the test was making an assertion on a value from _source, we simply
null chain and continue to assert on a possibly undefined value.
* If the test logic depends on _source being present, we first assert that
presence, and exit the test early if absent.
* Fix more type errors
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Upgrade eui to v36.1.0
* Jest snapshots
* More jest snapshots; one test assertion update
* Bump core page load limit
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
This PR implements cell actions in the `TGrid`, rendering them via `EuiDataGrid`, per the `Before` and `After` screenshots below:
### Before
Users previously hovered over a draggable field to view and trigger cell actions:
<img width="1348" alt="legacy_cell_actions" src="https://user-images.githubusercontent.com/4459398/128351498-49b4d224-6c51-4293-b14f-46bbb58f7cb3.png">
_Above: legacy `TGrid` cell action rendering_
### After
Cell actions are now rendered via `EuiDataGrid` cell actions:
<img width="997" alt="euidatagrid_cell_actions" src="https://user-images.githubusercontent.com/4459398/128358847-c5540ea4-8ba1-4b35-ab6b-3b3e39ae54ce.png">
_Above: new `TGrid` cell action rendering via `EuiDataGrid`_
## Technical Details
Every instance of the `TGrid` on a page can specify its own set of cell actions via `defaultCellActions` when calling the `timelines.getTGrid()` function to create an instance.
For example, the Observability Alerts `TGrid` is initialized in with a default set of actions in `x-pack/plugins/observability/public/pages/alerts/alerts_table_t_grid.tsx`, as shown in the code below:
```ts
{timelines.getTGrid<'standalone'>({
type: 'standalone',
columns,
deletedEventIds: [],
defaultCellActions: getDefaultCellActions({ enableFilterActions: false }), // <-- defaultCellActions
// ...
</>
```
The type of the `defaultCellActions` is:
```ts
defaultCellActions?: TGridCellAction[];
```
and the definition of `TGridCellAction` is in `x-pack/plugins/timelines/common/types/timeline/columns/index.tsx`:
```ts
/**
* A `TGridCellAction` function accepts `data`, where each row of data is
* represented as a `TimelineNonEcsData[]`. For example, `data[0]` would
* contain a `TimelineNonEcsData[]` with the first row of data.
*
* A `TGridCellAction` returns a function that has access to all the
* `EuiDataGridColumnCellActionProps`, _plus_ access to `data`,
* which enables code like the following example to be written:
*
* Example:
* ```
* ({ data }: { data: TimelineNonEcsData[][] }) => ({ rowIndex, columnId, Component }) => {
* const value = getMappedNonEcsValue({
* data: data[rowIndex], // access a specific row's values
* fieldName: columnId,
* });
*
* return (
* <Component onClick={() => alert(`row ${rowIndex} col ${columnId} has value ${value}`)} iconType="heart">
* {'Love it'}
* </Component>
* );
* };
* ```
*/
export type TGridCellAction = ({
browserFields,
data,
}: {
browserFields: BrowserFields;
/** each row of data is represented as one TimelineNonEcsData[] */
data: TimelineNonEcsData[][];
}) => (props: EuiDataGridColumnCellActionProps) => ReactNode;
```
For example, the following `TGridCellAction[]` defines the `Copy to clipboard` action for the Observability Alerts table in `x-pack/plugins/observability/public/pages/alerts/default_cell_actions.tsx`:
```ts
/** actions common to all cells (e.g. copy to clipboard) */
const commonCellActions: TGridCellAction[] = [
({ data }: { data: TimelineNonEcsData[][] }) => ({ rowIndex, columnId, Component }) => {
const { timelines } = useKibanaServices();
const value = getMappedNonEcsValue({
data: data[rowIndex],
fieldName: columnId,
});
return (
<>
{timelines.getHoverActions().getCopyButton({
Component,
field: columnId,
isHoverAction: false,
ownFocus: false,
showTooltip: false,
value,
})}
</>
);
},
];
```
Note that an _implementation_ of the copy to clipboard cell action, including the button, is available for both the Observability and Security solutions to use via `timelines.getHoverActions().getCopyButton()`, (and both solutions use it in this PR), but there's no requirement to use that specific implementation of the copy action.
### Security Solution cell actions
All previously-available hover actions in the Security Solution are now available as cell actions, i.e.:
- Filter for value
- Filter out value
- Add to timeline investigation
- Show Top `<field>` (only enabled for some data types)
- Copy to clipboard
### Observability cell actions
In this PR:
- Only the `Copy to clipboard` cell action is enabled by default in the Observability Alerts table
- The `Filter for value` and `Filter out value` cell actions may be enabled in the `Observability` solution by changing a single line of code, (setting `enableFilterActions` to true), on the following line in `x-pack/plugins/observability/public/pages/alerts/alerts_table_t_grid.tsx`:
```js
defaultCellActions: getDefaultCellActions({ enableFilterActions: false }), // <-- set this to `true` to enable the filter actions
```
`enableFilterActions` is set to `false` in this PR because the Observability Alerts page's search bar, defined in `x-pack/plugins/observability/public/pages/alerts/alerts_search_bar.tsx`:
```ts
return (
<SearchBar
indexPatterns={dynamicIndexPattern}
placeholder={i18n.translate('xpack.observability.alerts.searchBarPlaceholder', {
defaultMessage: 'kibana.alert.evaluation.threshold > 75',
})}
query={{ query: query ?? '', language: queryLanguage }}
// ...
/>
````
must be integrated with a `filterManager` to display the filters. A `filterManager` instance may be obtained in the Observability solution via the following boilerplate:
```ts
const {
services: {
data: {
query: { filterManager },
},
},
} = useKibana<ObservabilityPublicPluginsStart>();
```
## Desk testing
To desk test this PR, you must enable feature flags in the Observability and Security Solution:
- To desk test the `Observability > Alerts` page, add the following settings to `config/kibana.dev.yml`:
```
xpack.observability.unsafe.cases.enabled: true
xpack.observability.unsafe.alertingExperience.enabled: true
xpack.ruleRegistry.write.enabled: true
```
- To desk test the TGrid in the following Security Solution, edit `x-pack/plugins/security_solution/common/experimental_features.ts` and in the `allowedExperimentalValues` section set:
```typescript
tGridEnabled: true,
```
cc @mdefazio
* New route to retreive data for a single domain
* New CrawlerSingleDomainLogic logic
* New CrawlerSingleDomain view component
* Add CrawlerSingleDomain to CrawlerRouter
* Use different default text for page title while loading
* Apply suggestions from code review
Co-authored-by: Orhan Toy <toyorhan@gmail.com>
Co-authored-by: Orhan Toy <toyorhan@gmail.com>
* [ML] enable test selection
* [ML] executor update for annotations
* [ML] update unit tests
* [ML] fix i18n
* [ML] update schema
* [ML] fix ts
* [ML] account for docs count, update unit tests
* [ML] update translation strings
* [ML] add types
* [ML] fetch the latest annotation sorted by modified_time
* [ML] getDelayedDataAnnotations
* [ML] update unit tests
* [ML] set default number of docs to 1, update schema validation
* [ML] getDelayedDataLookbackTimestamp
* [ML] filter null values, update unit tests
* [ML] account for query delay, refactor with memoize
* [ML] update unit test
* [ML] remove previousStartedAt
* [ML] filter based on the job config
* [ML] fix tests
* [ML] add maps
* [ML] combine filters
* [ML] move range query inside of a filter
* [ML] filter out jobs with missing datafeed
* [ML] resolveLookbackInterval only from jobs with datafeeds
* [ML] do not show an error on empty time interval
* [ML] add help tooltips
* [ML] update description for the datafeed check
