* [ML] Initial commit for auditbeat hosts ECS
Rename fields for ECS
Rework dashboards due to bwc
* [ML] Further auditbeat tidy up and consistency changes
Custom urls should link to saved search, not discover
Ensure savedSearchId is used for visualizations
Ensure filter terms are consistent
TODO Decide if we should rename to auditd module
TODO Fix for new saved object format
* [ML] Refinements for auditbeat host module
Remove duplicated title from visState
Shrink panel heights in row 1
* [ML] Refinements to auditbeat module
Update module name from auditd to auditbeat
Add useMargins true for dashboards
Add filter to custom url for
exists auditd.data.syscall
not exists container.runtime
event.module: auditd
* [ML] Initial commit for auditbeat_process_docker_ecs
Update for ECS using
container.name (instead of container.id)
container.runtime: docker
process.executable
event.module: auditd
auditd.data.syscall exists
TODOs
Use auditd.message_type: syscall (instead of auditd.data.syscall)
Possibly combine with auditbeat hosts saved objects (depending on host.name being shared)
Possibly combine to single dashboard
Test against live auditbeat data collection
Removes support for the k6 navigation style from master. All but the first commit are targeted at a specific section of Kibana. Please take a look at the areas you're familiar with and check it off the list. We'll plan to merge this right before feature freeze.
- [ ] home
- [ ] discover
- [ ] context
- [ ] visualize
- [ ] dashboard
- [ ] devtools
- [ ] timelion
- [ ] graph
- [x] monitoring
- [ ] gis
- [ ] infra
- [x] ml
- [ ] security
- [ ] uptime
- [x] beatscm
@elastic/kibana-app @elastic/kibana-security @elastic/ml-ui @elastic/infrastructure-ui @elastic/kibana-gis @elastic/stack-monitoring @elastic/es-ui
With security enabled, the internal user wouldn't have enough permissions to run the integrity check. This changes the check to use the currently logged in user. Also fixes some typos in messages.
* Dashboard visual pass (initial)
* Adjusted panel header
..And used a different selector for editing mode to fix bug of `.dshPanel--editing` needing a hard refresh to update.
* better positioning of legend toggle
* Fixed legend toggle position
* Fixed some visualize sidebar font sizes
* better position for resize handle
* Consolidated error and warning messages
* Last edits and removing old testing things
* snaps
* Fix tag cloud
* Comment out markdown-it for now, since it’s not working
* update area chart snapshot
* Styled empty dashboard state
* PR feedback
- background fix
- dark mode highlight color fix
- euiScrollbars
- euiSpacer
* Fix reporting
* More PR comments
- No edit button in mobile
- No markdown comment for panel error
- i18n id addition
- Remove euiHeader sharing fix
* Revert “hide edit button”
* [ML] Adding index migration warnings
* small refactor
* correctlng comment
* adding upgrade service to manage upgradeInProgress state
* removing missing function
See https://github.com/elastic/elasticsearch/pull/38254
Using the `version` parameter to implement optimistic concurrency is not going to be supported in 7.0, so we need to replace our usage of document version with the new `_seq_no` and `_primary_term` parameters. These fields are returned in the same way that `_version` was returned on all read/write requests except for search, where it needs to be requested by sending `seq_no_primary_term: true` in the body of the search request. These parameters are sent back to Elasticsearch on write requests with the `if_seq_no` and `if_primary_term` parameters, and are functionally equivalent to sending a `version` in a write request before elastic/elasticsearch#38254.
To make these updates I searched the code base for uses of a `version` and `_version`, then triaged each usage, so I'm fairly confident that I got everything but it's possible something slipped through the cracks, so if you know of any usage of the document version field please help me out by double checking that I converted it.
- [x] **Saved Objects**: @elastic/kibana-platform, @elastic/es-security - for BWC and ergonomics the `version` provided by the Saved Objects client/API was not removed, it was converted from a number to a string whose value is `base64(json([_seq_no, _primary_term]))`. This allows the Saved Objects API and its consumers to remain mostly unmodified, as long as the underlying value in the version field is irrelevant. This was the case for all usages in Kibana, only thing that needed updating was tests and TS types.
- [x] **Reporting/esqueue**: @joelgriffith, @tsullivan - the version parameter was used here specifically for implementing optimistic concurrency, and since its usage was contained within the esqueue module I just updated it to use the new `_seq_no` and `_primary_term` fields.
- [x] **Task Manager**: @tsullivan @njd5475 - Like esqueue this module uses version for optimistic concurrency but the usage is contained with the module so I just updated it to use, store, and request the `_seq_no` and `_primary_term` fields.
- [ ] **ML**: @elastic/ml-ui - Best I could tell the only "version" in the ML code refers to the stack version, 077245fed8
- [ ] **Beats CM**: @elastic/beats - Looks like the references to `_version` in the code is only in the types but not in the code itself. I updated the types to use `_seq_no` and `_primary_term`, and their camelCase equivalents where appropriate. I did find a method that used one of the types referencing version but when investigating its usage it seemed the only consumer of that method was itself so i removed it. 52d890fed7
- [x] **Spaces (tests)**: @elastic/kibana-security - The spaces test helpers use saved objects with versions in a number of places, so I updated them to use the new string versions where the version was predictable, and removed the assertion on version where it wasn't. We test the version in the saved objects code so this should be fine.
* Removing deprecated xpack.monitoring.report_stats setting
* Remove from docs
* Update check in xpack_main plugin to not look at monitoring settings any more
* [Maps] add saved objects for all sample data sets
* add functional tests that compare sample data maps to baseline images
* add check for layer loading in functional tests
* try something out in CI
* try map without EMS regions
* add weblogs test but hide region layer
* skip tests with EMS vector layers
* gis-map to map and ES_GEOHASH_GRID to ES_GEO_GRID
* add resolution property to ES_GEO_GRID source descriptor
* move alphaValue from style descriptor to layer descriptor and rename to alpha
* terms join label change 'group by' to 'of'
* ensure sample data sets work with no internet access
* get functional tests working with updated full screen snapshots
* delete gis folder left overs
* give time for visibility to toggle to fire
* make web logs screen comparision more forgiving
* wait for layers to load on full screen
* Uptime unit tests6.x (#29280)
* Add API functional tests for uptime graphQL.
* Remove obsolete code.
* Add CI group for UI functional tests.
* Delete obsolete code, rename heartbeat es archive.
* Refactor adapter methods.
* Refactor adapter methods.
* Attempt to fix ci-group tag error.
* Skip functional app tests until later PR.
* Remove unused code.
* Add unit tests for ping list and snapshot components.
* Add additional unit tests.
* Remove unused variable.
* Update tests for EmptyState component.
* Update ErrorList component tests.
* Update monitor list unit test.
* Add tests for EmptyStatusBar component.
* Write test for FilterBar component.
* Update PingList test to work with 7.x data.
* Delete obsolete snapshot.
* Add test for Snapshot component.
* Update types.
* Add snapshot histogram test.
* Write tests and improve histogram data formatting function.
* Fix bug and add test to data format function.
* Remove unused localization value.
* Resolve localization conflict.
* Clean up guaranteed truthy property reference.
* Remove expression from localization default message.
* feat(NA): very first version with telemetry working for the upgrade assistant.
* refact(NA): import all types from a file and rewrite first version code.
* chore(NA): missing types for register and makeCollector functions.
* test(NA): tests for upgrade assistant telemetry routes.
* refact(NA): extra spaces on imports and imports order.
* test(NA): for ui_open saved objects on upgrade assistant telemetry.
* test(NA): for usage_collector functions.
* chore(NA): change the return object into the upgrade assistant telemetry.
* chore(NA): fix type imports.
* fix(NA): importing saved objects client types.
* refact(NA): simplify saved objects schema for upgrade assistant telemetry.
* feat(NA): only send upgrade assistant metrics after we have data. Never send telemetry info about a clicked tab if it is the current selected one.
* fix(NA): typo on word
* feat(NA): add telemetry schema support for for ui_reindex.
* test(NA): update integration test fixture to include new telemetry stats.
* chore(NA): fix mappings for ui_reindex.
* refact(NA): invest telemetry local expect data order.
* chore(NA): includeDefaults for callCluster.
* chore(NA): remove ignore 404 from callCluster.
* refact(NA): wrap get logging status from cluster settings into a function.
* feat(NA): add reindex ui telemetry.
* fix(NA): typo on mappings. fix(NA): non wait for send telemetry to complete will cause es doc errors when increment counters
* test(NA): wait for telemetry requests to end before esArchiver.unload on functional tests.
* refact(NA): remove bad added async to tabs onclick function.
* Add flag to enable/disable CCR monitoring UI
* Use the cluster setting instead of a new config
* Remove debug
* Update based on PR feedback
* Ensure the CCR tab shows up on the CCR page
* Rework this so we remove the janky UX
* Update tests
* Handle both string and boolean
* Remove debug
* Fix tests
* Refactor this to use the stack_stats part of the cluster_stats document
* Update the api integration tests
* Fix this test
* Remove debug
* Check security privileges before allowing reindexing
* Add global readyForUpgrade flag for Cloud
* Add ml_settings to cluster_settings
* Generalize locking mechanism for stop/starting watcher
* Display ML/Watcher stopping/resuming steps in UI
* Fix type issues
* Handle security being disabled for privilege check
* Use xpack_main.info + add types
* Fix x-pack builds
* Types, and index pattern moved to new format
* fix imports
* API now doing full validation on config blocks
* progress pre-move-blocks to their own api
* Config is now stored as a JSON string keyword to prevent conflict
* New API server is working
* fixing types — progress
* “fixed” all types
* add lib and most adapter methods needed
* wired up more plumbing
* added REST adapter to client for config blocks
* fix some tests
* connect new APIs to beat details page
* fix typo causing several failing tests.
* update test data
* API bug fixes
* fix remaining testing
* revert index name change
* add new routes
* remove whitespace
* fix spelling
* wiring things up and adapting to the new UI
* config block creation works in UI
* config blocks now show up once added
* adding paging to tables
* config list paging works
* version check for UI changes
* fix types
* Update the rest of config UI, still needs create API connection
* create now mass creates tags after tag is created, edit creates and deletes configs in real time
* create config blocks when creating tags
* propperly load tags on their own for beats
* load inital config blocks on edit page
* wired up initial pass at assignable tags
* assignments now work.
* squash many bugs with tag creation, editing, as well as k7 breadcrumbs
* fix label id
* Fix the displaying of module types
* bug fixes for deleting config blocks during initial tag creation
* make name really required on initial walkthrough tag creation
* Fix and enhance deleting a config block from existing tag
* Initial non-working endpoint that validates API and response
* init new endpoint
* beat ID is required
* returns 400 if beat not found
* fix memory adapter for configs
* add new libs to compose
* add index template
* tweak types
* move index template logic to ES event hook
* propperly wait for ES
* add lifecycle names
* fix translations, remove old config update from API
* insert status into ES
* remove old tests
* added RUNNING status
* expand types
* Re-init route
* dont map litterals
* convert timestamp
* updating fields
* Migrate to ESC event.dataset
* Migragte fields to ECS fields
* renaming variable
* Reverting back to host.name
* Changing from Top Hits to Terms Agg for getting node name; change host.name back to host.hostname for name.
* Changing back to host.name
* Moving from using the document source to an aggregation for node name
* Updating tests with new data format and data.
* removing unused fields
* adding test data for docker 6.6.0
* Adding docker tests for 6.6.0
* Fixing jest tests
* Fixing tests
* Adding the most critical line of code in the entire project
* Fix ECS-compatible apache rules and restore old ones
* Fix ECS-compatible nginx rules and restore old ones
* Add tests for apache2 in ECS and pre-ECS format
* Add tests for nginx in ECS and pre-ECS format
* removing console.log
* Fixing tests
