All endpoints except annotations, source maps, and agent configuration are now at /internal/apm instead of /api/apm.
None of the UX endpoints have been updated, only APM.
If you search for "/api/apm" in the codebase, you should only see the above endpoints.
Fixes#113383.
# Conflicts:
# x-pack/plugins/apm/public/components/shared/MetadataTable/ErrorMetadata/index.tsx
# x-pack/plugins/apm/public/components/shared/MetadataTable/SpanMetadata/index.tsx
# x-pack/plugins/apm/public/components/shared/MetadataTable/TransactionMetadata/index.tsx
# x-pack/plugins/apm/server/routes/event_metadata.ts
# x-pack/test/apm_api_integration/tests/metadata/event_metadata.ts
# x-pack/test/apm_api_integration/tests/services/throughput.ts
* move uncaught exception out of exit$
* reintroduce original error, but as a log instead
* change log level: error -> warning. also update copy to make it explicit that the error will be ignored
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Add links to field references and GET requests to the examples
* Add troubleshooting info for failed requests
* Add data model and running examples section
* Add GET requests for query examples
* Add `metricset` possible values
Co-authored-by: Søren Louv-Jansen <sorenlouv@gmail.com>
* Add transaction based and metric based queries
Co-authored-by: Søren Louv-Jansen <sorenlouv@gmail.com>
Co-authored-by: Giorgos Bamparopoulos <georgios.bamparopoulos@elastic.co>
Co-authored-by: Søren Louv-Jansen <sorenlouv@gmail.com>
Co-authored-by: Clint Andrew Hall <clint@clintandrewhall.com>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Thomas Neirynck <thomas@elastic.co>
Co-authored-by: Clint Andrew Hall <clint@clintandrewhall.com>
* [ML] Fix deletion of models that are not used by pipelines
* [ML] Edits from review
* [ML] Fix jest test for index switch in delete job modal
* [ML] Fix API test calls to createTestTrainedModels
* [ML] Remove unnecessary async from jest test
Co-authored-by: Pete Harverson <peteharverson@users.noreply.github.com>
* [data views] clarify field subtype typescript types (#112499)
* separate out multi and nested subTypes
* separate out multi and nested subTypes
* add undefined checks
* remove expect error statements
* use helper functions in es-query
* simplify changes with helper functions
* checking existence instead of getting value x2
* simplify types and revert discover changes
* update discover sidebar with helper methods
* try helpers with group_fields file
* try different helper with group_fields file
* revert group field changes, try nested field helpers
* revert nested field changes, try field_name.tsx helpers
* fix maps jest test
* use helpers in discover instead of setting types
* fix field_name.tsx
* Update index_pattern_util.test.ts
* lint fix
* fix common exports
* reduce data_views plugin bundle size
* reduce data_views plugin bundle size
* remove discover reliance on es-query package
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
# Conflicts:
# packages/kbn-es-query/src/es_query/handle_nested_filter.ts
* fix test
* [Fleet] Add language clients (#113666)
* Apply suggestions from code review
Co-authored-by: Lisa Cawley <lcawley@elastic.co>
* Update src/plugins/custom_integrations/server/plugin.test.ts
Co-authored-by: Lisa Cawley <lcawley@elastic.co>
* Update src/plugins/custom_integrations/server/plugin.test.ts
Co-authored-by: Lisa Cawley <lcawley@elastic.co>
Co-authored-by: Thomas Neirynck <thomas@elastic.co>
Co-authored-by: Clint Andrew Hall <clint@clintandrewhall.com>
Co-authored-by: Lisa Cawley <lcawley@elastic.co>
* Filter out empty values from alert flyout overview
* Add Host Risk metadata data to alerts flyout
* Add feature flag to host risk data query
* Swap investigation guide and enrichment data places in the UI
* Migrate alert_summary_view.test to react testing library
* Refactor threat summary by extracting components and renaming
Co-authored-by: Pablo Machado <pablo.nevesmachado@elastic.co>
* integration policies fixes
* don't update scheduled query group name while importing pack if there's already a name set
* handle reseting form state on submission error
* nixed the console logging
* fix linting issues
* useFormData instead of getFields
* linter plz
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Bryan Clement <bclement01@gmail.com>
* Adds new empty prom when there is no TA or non already assigned one
* Adds policy name to text message
* Fix error in tabs component
* Fix mulilangs in empty state components
* API call that checks if any TA exists with actions and reducers
* Adds current policy id and name to the empty state component instead of a fake ones
* Adds unit test for layout
* Switch empty state depending on results and added unit test
* Fix multilang keys and join code into a hook to avoid duplications
* Fix TS error
* Canges icon
* Fixes pr comments
* Fix ts error in test
Co-authored-by: David Sánchez <davidsansol92@gmail.com>
* Add schema for blocked_windows and blockedWindows type
* Update constants and types
Also changes the size of a spacer
* Update FrequencyItem to new design
* Update BlockedWindowItem to new design
* Update logic file for new designs
It was decided that we would omit the seconds from any API-submitted duration values.
* Add i18n for UTC tooltip
* Better function name
Also moved const closer to function declarations for easier readability
* Add reducers
CI was complaining about types since the method wasn’t used. Was going to add these in a future PR but will add them here so we can merge
Co-authored-by: Scotty Bollinger <scotty.bollinger@elastic.co>
## Summary
Fixes https://github.com/elastic/kibana/issues/113278
* Migrates the legacy `siem-detection-engine-rule-actions` `ruleAlertId` and `actions` to saved object references arrays
* Adds an e2e test for `siem-detection-engine-rule-actions`
* Updates the types to work with the migrations and the new and old data structures.
* Decouples and removes reliance on alerting within the types since we do not want development of alerting to get in the way of legacy things and have migration changes by accident.
* Updates the REST interface and code to produce post migration data structures. Removes some types and code where w can since those parts are no longer needed/used.
* Adds `actionRef` to the mapping
Before migration you should see data structures like this if you query:
```json
GET .kibana/_search
{
"query": {
"term": {
"type": {
"value": "siem-detection-engine-rule-actions"
}
}
}
}
```
```json
{
"siem-detection-engine-rule-actions": {
"ruleAlertId": "fb1046a0-0452-11ec-9b15-d13d79d162f3", <-- ruleAlertId which we want in the references array and removed
"actions": [
{
"action_type_id": ".slack",
"id": "f6e64c00-0452-11ec-9b15-d13d79d162f3", <-- id which we want in the references array and removed
"params": {
"message": "Hourly\nRule {{context.rule.name}} generated {{state.signals_count}} alerts"
},
"group": "default"
}
],
"ruleThrottle": "7d",
"alertThrottle": "7d"
},
"type": "siem-detection-engine-rule-actions",
"references": [], <-- Array is empty which instead needs the id's of alerts and actions
"migrationVersion": {
"siem-detection-engine-rule-actions": "7.11.2"
},
"coreMigrationVersion": "7.14.0",
"updated_at": "2021-09-15T22:18:48.369Z"
}
```
After migration you should see data structures like this:
```json
{
"siem-detection-engine-rule-actions": {
"actions": [
{
"action_type_id": ".slack",
"actionRef" : "action_0", <-- We use the name and "actionRef" to be consistent with kibana alerting
"params": {
"message": "Hourly\nRule {{context.rule.name}} generated {{state.signals_count}} alerts"
},
"group": "default"
}
],
"ruleThrottle": "7d",
"alertThrottle": "7d"
},
"type": "siem-detection-engine-rule-actions",
"references" : [
{
"name" : "alert_0", <-- Name is "alert_0"
"id" : "fb1046a0-0452-11ec-9b15-d13d79d162f3", <-- Alert id is now here
"type" : "alert" <-- Type should be "alert"
},
{
"name" : "action_0", <-- Name is "action_0" and should be the same as kibana alerting names theirs for consistencty
"id" : "f6e64c00-0452-11ec-9b15-d13d79d162f3", <-- Id of the action is now here.
"type" : "action" <-- Type should be "action"
}
],
"migrationVersion": {
"siem-detection-engine-rule-actions": "7.16.0"
},
"coreMigrationVersion": "8.0.0",
"updated_at": "2021-09-15T22:18:48.369Z"
}
```
Manual testing
---
There are e2e tests but for any manual testing or verification you can do the following:
If you have a 7.14.0 system and can migrate it forward that is the most straight forward way to ensure this does migrate correctly and forward. You should see that the legacy notification system still operates as expected.
If you are a developer off of master and want to test different scenarios then this section is for below as it is more involved and harder to do but goes into more depth:
* Create a rule and activate it normally within security_solution
* Do not add actions to the rule at this point as we are exercising the older legacy system. However, you want at least one action configured such as a slack notification.
* Within dev tools do a query for all your actions and grab one of the `_id` of them without their prefix:
```json
# See all your actions
GET .kibana/_search
{
"query": {
"term": {
"type": "action"
}
}
}
```
Mine was `"_id" : "action:879e8ff0-1be1-11ec-a722-83da1c22a481"`, so I will be copying the ID of `879e8ff0-1be1-11ec-a722-83da1c22a481`
Go to the file `detection_engine/scripts/legacy_notifications/one_action.json` and add this id to the file. Something like this:
```json
{
"name": "Legacy notification with one action",
"interval": "1m", <--- You can use whatever you want. Real values are "1h", "1d", "1w". I use "1m" for testing purposes.
"actions": [
{
"id": "879e8ff0-1be1-11ec-a722-83da1c22a481", <--- My action id
"group": "default",
"params": {
"message": "Hourly\nRule {{context.rule.name}} generated {{state.signals_count}} alerts"
},
"actionTypeId": ".slack" <--- I am a slack action id type.
}
]
}
```
Query for an alert you want to add manually add back a legacy notification to it. Such as:
```json
# See all your siem.signals alert types and choose one
GET .kibana/_search
{
"query": {
"term": {
"alert.alertTypeId": "siem.signals"
}
}
}
```
Grab the `_id` without the alert prefix. For mine this was `933ca720-1be1-11ec-a722-83da1c22a481`
Within the directory of detection_engine/scripts execute the script:
```json
./post_legacy_notification.sh 933ca720-1be1-11ec-a722-83da1c22a481
{
"ok": "acknowledged"
}
```
which is going to do a few things. See the file `detection_engine/routes/rules/legacy_create_legacy_notification.ts` for the definition of the route and what it does in full, but we should notice that we have now:
Created a legacy side car action object of type `siem-detection-engine-rule-actions` you can see in dev tools:
```json
# See the actions "side car" which are part of the legacy notification system.
GET .kibana/_search
{
"query": {
"term": {
"type": {
"value": "siem-detection-engine-rule-actions"
}
}
}
}
```
Take note that this actually creates the rule migrated since this PR updated the code to produce new side cars. So we have to use some scripting to change the actions to utilize the old format. However, before continuing you should verify that this does fire correctly and that the new format is working as expected. After that replace the structure with the older structure like so below and downgrade the migration version so that we can restart Kibana and ensure that this does migrate correctly forward:
```json
# Get your id of your rules side car above and then use this script to downgrade the data structure
POST .kibana/_update/siem-detection-engine-rule-actions:210f4c90-2233-11ec-98c6-ed2574588902
{
"script" : {
"source": """
ctx._source.migrationVersion['siem-detection-engine-rule-actions'] = "7.15.0";
ctx._source['siem-detection-engine-rule-actions'].actions[0].id = ctx._source.references[1].id;
ctx._source['siem-detection-engine-rule-actions'].actions[0].remove('actionRef');
ctx._source['siem-detection-engine-rule-actions'].ruleAlertId = ctx._source.references[0].id;
ctx._source.references.remove(0);
ctx._source.references.remove(0);
""",
"lang": "painless"
}
}
```
Restart Kibana and now it should be migrated correctly and the system should fire the notifications as expected. You shouldn't see any errors in your console.
In the scripts folder execute the `find_rules.sh` and expect to see actions like so in the rule with the `id` still in the REST interface and we shouldn't see `actionRef` within the actions:
```json
"actions": [{
"id": "42534430-2092-11ec-99a6-05d79563c01a",
"group": "default",
"params": {
"message": "Hourly\nRule {{context.rule.name}} generated {{state.signals_count}} alerts"
},
"action_type_id": ".slack"
}],
```
Take the rule id and query that as well using `./get_rule_by_id.sh` and verify that the action also looks the same and is present within the rule.
You can also verify all of this within the UI's as well for rules to ensure the action is still present and as we expect it to be and work.
### Checklist
Delete any items that are not applicable to this PR.
- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
Co-authored-by: Frank Hassanabad <frank.hassanabad@elastic.co>
