* Speed up spaces tests by letting v2 migrations do less work (#91829)
* Don't mess with v2 migration's index
* Speed up spaces tests by letting v2 migrations do less work
* Add disabled mapping for spaces so that plugin can be disabled
* Add security as codeowners of xpack saved object api integration suite
# Conflicts:
# .github/CODEOWNERS
# x-pack/test/functional/es_archives/saved_objects_management/spaces_integration/mappings.json
# x-pack/test/saved_object_api_integration/common/fixtures/es_archiver/saved_objects/spaces/mappings.json
* Fix backport for ES _types
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Adding .only clause for testing purposes.
* Removing .only and reenabling test. Also changing back to group 13.
* Removing .only and reenabling test. Also changing back to group 13.
* Removed comment mentioning github issue.
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: John Dorlus <silne.dorlus@elastic.co>
* [Time to Visualize] Add Discrete Library Option to Save Modal (#94589)
* save modal UI and Redirect and save to library
Co-authored-by: Poff Poffenberger <poffdeluxe@gmail.com>
# Conflicts:
# .github/CODEOWNERS
# x-pack/test/functional/apps/lens/add_to_dashboard.ts
* Update x-pack/test/functional/apps/lens/add_to_dashboard.ts
* Delete CODEOWNERS
* [DOCS] Reformats Dashboard and adds Lens reference
* ⚗️ First trial of Lens FAQ
* Fixes broken title levels
* Link fix
* Fixes tsvb link
* Fixes tsvb link
* [DOCS] Reformats Dashboard and adds Lens reference
* ⚗️ First trial of Lens FAQ
* Fixes broken title levels
* Link fix
* Fixes tsvb link
* Fixes tsvb link
* [Lens] Add drag and drop keyboard navigation docs
* remove unlinked files
* [Lens] tutorial advanced first version
* corrections
* Kaarinas changes
* corrections after CR
* Update docs/user/dashboard/lens-advanced.asciidoc
* 📝 Add more Lens related FAQ
* Updates Lens page
* Update docs/user/dashboard/lens.asciidoc
* drag and drop copy and gif
* some corrections after Wylie's second review
* Review comments
* Final changes
* Update lens-advanced.asciidoc
ordering fixed
* Comment organization
* Final clean up
Co-authored-by: dej611 <dej611@gmail.com>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Marta Bondyra <marta.bondyra@elastic.co>
Co-authored-by: Marta Bondyra <marta.bondyra@gmail.com>
Co-authored-by: dej611 <dej611@gmail.com>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Marta Bondyra <marta.bondyra@elastic.co>
Co-authored-by: Marta Bondyra <marta.bondyra@gmail.com>
* Fix links to the numeral formatting in the advanced settings (#84167)
* Fix a link to the numeral formatting in the index pattern field settings (#84167)
# Conflicts:
# docs/development/core/public/kibana-plugin-core-public.doclinksstart.md
# src/core/public/doc_links/doc_links_service.ts
# src/plugins/index_pattern_field_editor/public/components/field_format_editor/editors/bytes/__snapshots__/bytes.test.tsx.snap
# src/plugins/index_pattern_field_editor/public/components/field_format_editor/editors/number/__snapshots__/number.test.tsx.snap
# src/plugins/index_pattern_field_editor/public/components/field_format_editor/editors/number/number.tsx
# src/plugins/index_pattern_field_editor/public/components/field_format_editor/editors/percent/__snapshots__/percent.test.tsx.snap
# src/plugins/index_pattern_field_editor/public/components/field_format_editor/editors/percent/percent.test.tsx
* updated serialization and deserialization behavior of dissect and gsub processors, also addded a test
* also fix grok processor
* pivot input checking to use JSON.stringify and JSON.parse
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* fix index pattern create with cross cluster and partial results and update tests
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* WIP: Add basic structure of our ML Job callout
* Tests are not implemented
* logic is questionable
* Detections now makes redundant ML API calls
* Fix JSDoc reference
* Move ML Jobs callout to Rules page
As opposed to the more general Detections page.
* Extends callout logic to include installation of any affected jobs
* If old jobs are used with new ECS data, you'll be missing
anomalies/alerts
* If new jobs are used with old ECS data, you'll be missing
anomalies/alerts
* Flesh out our link to ML Job compatibility docs
This page doesn't exist yet; the URI/copy is subject to change.
* ML Job Upgrade -> ML Job Compatibility
This is a more accurate name for the concept since the problem is more
general than presence/absence of an upgrade.
* Add some placeholder copy to get the ball rolling
* Test callout behavior with different API responses
* Prevent fetching ML data when ML popover is opened/closed
We already fetch this data when the component is initially rendered. In
the normal workflow of page load -> open popover, we perform six (6) ML
API calls, 3 of which are redundant.
The one downside of this is that opening/closing the popover will not
refresh data; however, this workflow would previously have resulted in 6
API calls as well.
* Revert "Prevent fetching ML data when ML popover is opened/closed"
This reverts commit 810b78d2b9.
* Update link to relevant documentation
We're going to add a new section to this existing page, and link
directly to that heading. We should be able to generate whatever anchor
we need here, so choosing one arbitrarily on the assumption that docs
can make it work.
* Update copy from product
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Ryland Herrick <ryalnd@gmail.com>
* Updated to allow chunked queries and to increase the timeouts of the REST backend (#94531)
Increases the pre-packaged socket timeout and chunks the requests. Existing e2e tests should cover the changes. Interesting enough, when the server sends back a 408, Chrome will re-send the same request again which can cause socket/network saturations. By increasing the timeout, Chrome will not resend the same request again on timeout.
Right now, there is not a way to increase the timeouts for the alerting framework/saved objects as far as I know for connections. That would be an additional safety measure in additional to doing chunked requests. Chunked requests will ensure that the pre-packaged rule does not exhaust ephemeral ports and limit the concurrent requests.
See this issue talked about below:
https://github.com/sindresorhus/ky/issues/233https://groups.google.com/a/chromium.org/g/chromium-dev/c/urswDsm6Pe0https://medium.com/@lighthopper/connection-retry-schedule-in-chrome-browser-a9c814b7dc20
**Manual testing**
You can bump up the rule version numbers manually through a search and replace and then install them. You can add a `console.trace()` to the backend and slow down the requests to ensure they are not happening more than once.
```
Trace:
at updatePrepackagedRules (/Users/frankhassanabad/projects/kibana/x-pack/plugins/security_solution/server/lib/detection_engine/rules/update_prepacked_rules.ts:34:11)
at createPrepackagedRules (/Users/frankhassanabad/projects/kibana/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/add_prepackaged_rules_route.ts:140:9)
at runMicrotasks (<anonymous>)
at processTicksAndRejections (internal/process/task_queues.js:93:5)
at /Users/frankhassanabad/projects/kibana/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/add_prepackaged_rules_route.ts:66:27
at Router.handle (/Users/frankhassanabad/projects/kibana/src/core/server/http/router/router.ts:272:30)
at handler (/Users/frankhassanabad/projects/kibana/src/core/server/http/router/router.ts:227:11)
at exports.Manager.execute (/Users/frankhassanabad/projects/kibana/node_modules/@hapi/hapi/lib/toolkit.js:60:28)
at Object.internals.handler (/Users/frankhassanabad/projects/kibana/node_modules/@hapi/hapi/lib/handler.js:46:20)
at exports.execute (/Users/frankhassanabad/projects/kibana/node_modules/@hapi/hapi/lib/handler.js:31:20)
at Request._lifecycle (/Users/frankhassanabad/projects/kibana/node_modules/@hapi/hapi/lib/request.js:371:32)
at Request._execute (/Users/frankhassanabad/projects/kibana/node_modules/@hapi/hapi/lib/request.js:279:9)
```
Delete any items that are not applicable to this PR.
- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
* Wrong import as alerting is now called alerts. bad merge
### Summary
Addresses #92732
7.11+ versions of threshold preview histogram were aggregating by "event.category". This PR updates the preview histogram to take into account threshold field groups and cardinality.
It may need to be called out in documentation or updated to remind users that preview is not an exact guarantee of what signals will be produced as it does not take into account interval and any timestamp_override. Threshold gets a tad bit more confusing because of the multiple aggregations occurring (threshold --> group by field --> histogram).
