## Summary
Add possibility to Isolate/Release SentinelOne host from Alert details
flyout.
Add support for displaying S1 Agent status in UI.
Add an experimental flag to S1 Connector.
Rename S1 connector actions from `Agent` to `Host`
Add a feature flag to security_solution to control enrollment of this
feature.
Update parallel script to support all FTR config options
Add `cypress-data-session` plugin to allow better caching of test data
(mostly for Dev experience)
Testing instruction:
1. Ensure you have
2. From root Kibana folder run
https://p.elstc.co/paste/URVrCEcR#aG1X9p3BMCRUDY+IzfIg5mGomcTGxwkYO6RGxSIAyWz
3. In Cypress run
```x-pack/plugins/security_solution/public/management/cypress/e2e/sentinelone/isolate.cy.ts```
4. 💚
<img width="2375" alt="Zrzut ekranu 2023-11-15 o 12 38 27"
src="c7ddc20e-9944-452c-b739-fa2d9fbf072b">
<img width="2374" alt="Zrzut ekranu 2023-11-15 o 12 38 32"
src="ab3ced14-0a5c-4f40-a92e-844feb849bb4">
<img width="2370" alt="Zrzut ekranu 2023-11-15 o 12 38 38"
src="96ccd237-56a6-449e-979d-f4fe8ffbe048">
<img width="2373" alt="Zrzut ekranu 2023-11-15 o 12 38 46"
src="924013aa-79ef-405b-ae73-139cf0644ebf">
<img width="2374" alt="Zrzut ekranu 2023-11-15 o 12 39 17"
src="e1ff5b05-8b80-40a9-84b1-dd21bf9e059c">
<img width="2374" alt="Zrzut ekranu 2023-11-15 o 12 39 58"
src="15fc5d36-970f-47cb-ae2f-f8a19628e6f4">
<img width="2374" alt="Zrzut ekranu 2023-11-15 o 12 40 03"
src="5860a0c9-a6e5-43b9-b37d-aa68e4e71f26">
<img width="2373" alt="Zrzut ekranu 2023-11-15 o 12 40 09"
src="5e2c5d41-c96a-4c32-8d51-a8408efea8e3">
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
The files table allows copying a file's hash(MD5, SHA1, or SHA256) when
available.
We only recently opted in for the hashing of uploaded files so
previously uploaded files will not display the Copy to Clipboard button.
The activity feed in a case's detail view will not display this action.
4bb2ce33-f999-4d7f-b2c7-f224bb42a162
## Release Notes
Users can copy to the clipboard the hashes of files uploaded to cases.
Partially resolves https://github.com/elastic/kibana/issues/172379
Removes "Technical Preview" and "Tell us what you think!" from the Log
threshold alert details page.
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
It fixes#172495 by considering the Query related config in the Kbiana
advanced settings.
### Before
<img width="975" alt="Screenshot 2023-12-04 at 13 33 07"
src="c61f728c-c1c2-4265-ba34-0ad324887f3d">
### After
<img width="999" alt="Screenshot 2023-12-04 at 17 50 56"
src="4da6a4c2-f317-4e1f-b14f-d2e2dfedad00">
## Summary
Partially resolves: https://github.com/elastic/kibana/issues/164255,
this is 2/3 of the scoped query changes.
Maintenance window scoped query frontend changes. Adds the ability to
add and edit scoped query for maintenance windows. Due to limitations
with the alerts search bar and each solution fetches AAD fields, we only
allow users to associate scoped query with 1 category (manangement,
o11y, or security solution). The intended usage in this case is for the
user to create multiple maintenance windows if they wish to apply scoped
queries to multiple solutions.
### To test:
go to
`x-pack/plugins/alerting/public/pages/maintenance_windows/constants.ts`
and set `IS_SCOPED_QUERY_ENABLED` to `true`
### Scoped query off, multiple category allowed:
### Scoped query on, multiple category disallowed:
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Minor changes to model selection list in inference pipeline
configuration flyout:
* Remove `licensePageUrl` in favor of `modelDetailsPageUrl` as they
point to the same location
* Update page URLs for E5 model variants
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
We are removing the E5 model deployment callout from the Pipelines tab
in favor of the model selector list with action buttons (#171436). The
orphan code cleanup will happen in a separate PR.
<img width="636" alt="Screenshot 2023-12-04 at 14 18 43"
src="1b0fbce1-34aa-44d4-a9b9-f783761ea2bd">
Resolves https://github.com/elastic/kibana/issues/171576
## 🌮 Summary
This PR introduces a compact view and a way to toggle form the default
(row card) and compact view on the SLO list page.
The compact view uses a simple EuiTable.
By default, the compact view is used, but happy to revert that.
Name | Screenshot |
-- | --
Very large view |
Smaller view |
Name truncated with tooltip |
The final UX can be seen below:
5d143933-c2d3-4a4b-9cc8-55a9018ae834
---------
Co-authored-by: Dominique Clarke <dominique.clarke@elastic.co>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
In this PR we:
* Allow using JWT credentials to grant API keys
* Extend default value of `elasticsearch.requestHeadersWhitelist` to
include both `authorization` and `es-client-authentication` to support
JWT with required client authentication _by default_. See
https://www.elastic.co/guide/en/elasticsearch/reference/8.11/jwt-auth-realm.html#jwt-realm-configuration
* Add API integration tests for both JWTs with client authentication and
without it
__NOTE:__ We're not gating this functionality with the config flag
(`xpack.security.authc.http.jwt.taggedRoutesOnly`) as we did for the
Serverless offering. It'd be a breaking change as we already implicitly
support JWT authentication without client authentication, and to be
honest, it's not really necessary anyway.
## Testing
Refer to the `Testing` section in this PR description:
https://github.com/elastic/kibana/pull/159117.
Or run already pre-configured Kibana functional test server:
1. `node scripts/functional_tests_server.js --config
x-pack/test/security_api_integration/api_keys.config.ts`
2. Create a role mapping for JWT user:
```bash
curl -X POST --location "http://localhost:9220/_security/role_mapping/jwt" \
-H "Authorization: Basic ZWxhc3RpYzpjaGFuZ2VtZQ==" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-d "{
\"roles\": [ \"superuser\" ],
\"enabled\": true,
\"rules\": { \"all\": [{\"field\" : { \"realm.name\" : \"jwt_with_secret\" }}] }
}"
```
3. Send any Kibana API request with the following credentials:
```bash
curl -X POST --location "xxxx"
-H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2tpYmFuYS5lbGFzdGljLmNvL2p3dC8iLCJzdWIiOiJlbGFzdGljLWFnZW50IiwiYXVkIjoiZWxhc3RpY3NlYXJjaCIsIm5hbWUiOiJFbGFzdGljIEFnZW50IiwiaWF0Ijo5NDY2ODQ4MDAsImV4cCI6NDA3MDkwODgwMH0.P7RHKZlLskS5DfVRqoVO4ivoIq9rXl2-GW6hhC9NvTSkwphYivcjpTVcyENZvxTTvJJNqcyx6rF3T-7otTTIHBOZIMhZauc5dob-sqcN_mT2htqm3BpSdlJlz60TBq6diOtlNhV212gQCEJMPZj0MNj7kZRj_GsECrTaU7FU0A3HAzkbdx15vQJMKZiFbbQCVI7-X2J0bZzQKIWfMHD-VgHFwOe6nomT-jbYIXtCBDd6fNj1zTKRl-_uzjVqNK-h8YW1h6tE4xvZmXyHQ1-9yNKZIWC7iEaPkBLaBKQulLU5MvW3AtVDUhzm6--5H1J85JH5QhRrnKYRon7ZW5q1AQ'
-H 'ES-Client-Authentication: SharedSecret my_super_secret'
....for example....
curl -X GET --location "http://localhost:5620/internal/security/me" \
-H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2tpYmFuYS5lbGFzdGljLmNvL2p3dC8iLCJzdWIiOiJlbGFzdGljLWFnZW50IiwiYXVkIjoiZWxhc3RpY3NlYXJjaCIsIm5hbWUiOiJFbGFzdGljIEFnZW50IiwiaWF0Ijo5NDY2ODQ4MDAsImV4cCI6NDA3MDkwODgwMH0.P7RHKZlLskS5DfVRqoVO4ivoIq9rXl2-GW6hhC9NvTSkwphYivcjpTVcyENZvxTTvJJNqcyx6rF3T-7otTTIHBOZIMhZauc5dob-sqcN_mT2htqm3BpSdlJlz60TBq6diOtlNhV212gQCEJMPZj0MNj7kZRj_GsECrTaU7FU0A3HAzkbdx15vQJMKZiFbbQCVI7-X2J0bZzQKIWfMHD-VgHFwOe6nomT-jbYIXtCBDd6fNj1zTKRl-_uzjVqNK-h8YW1h6tE4xvZmXyHQ1-9yNKZIWC7iEaPkBLaBKQulLU5MvW3AtVDUhzm6--5H1J85JH5QhRrnKYRon7ZW5q1AQ' \
-H 'ES-Client-Authentication: SharedSecret my_super_secret' \
-H "Accept: application/json"
----
{
"username": "elastic-agent",
"roles": [
"superuser"
],
"full_name": null,
"email": null,
"metadata": {
"jwt_claim_sub": "elastic-agent",
"jwt_token_type": "access_token",
"jwt_claim_iss": "https://kibana.elastic.co/jwt/",
"jwt_claim_name": "Elastic Agent",
"jwt_claim_aud": [
"elasticsearch"
]
},
"enabled": true,
"authentication_realm": {
"name": "jwt_with_secret",
"type": "jwt"
},
"lookup_realm": {
"name": "jwt_with_secret",
"type": "jwt"
},
"authentication_type": "realm",
"authentication_provider": {
"type": "http",
"name": "__http__"
},
"elastic_cloud_user": false
}
```
__Fixes:__ https://github.com/elastic/kibana/issues/171522
----
Release note: The default value of the
`elasticsearch.requestHeadersWhitelist` configuration option has been
expanded to include the `es-client-authentication` HTTP header, in
addition to `authorization`.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Resolves: https://github.com/elastic/kibana/issues/164255
This is part 3/3 of the maintenance window scoped query PR. This change
contains only the task manager changes and has no dependency on other
PRs. To test the changes in this PR, I recommend using this branch
https://github.com/elastic/kibana/pull/172117 which has all of the
frontend changes and the changes in this PR.
This PR adds support for maintenance window scoped query in the task
manager. To do this, we need to perform a fetch on the new persisted
alerts with the scoped query as filters. We then must save these alerts
again with the update maintenance window IDs.
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
closes https://github.com/elastic/kibana/issues/170368
The preview is encoded now.
<img width="698" alt="Screenshot 2023-11-10 at 15 38 47"
src="ab892672-301a-429c-87a2-c0b6b86d288c">
Custom links in the transaction actions button are also encoded.
## Summary
Resolves https://github.com/elastic/kibana/issues/170474
- Moves constants from `server/assets/constants` to
`common/slo/constants`
- Updates all the constants with the new path
- Updates the Lens definition to use the new path
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Fixes https://github.com/elastic/kibana/issues/171243. This PR adds
field `_tier` to the list of omit fields to not show or display. This is
especially relevant when `_tier` is added in the list of meta fields in
Kibana.
Steps to reproduce:
1. In Advanced settings, add `_tier` to the list of meta fields. This
will show _tier as a field across Kibana if data has a tier applied.
<img width="976" alt="image"
src="86ecbbba-c574-42f6-97cf-c465ec334d7e">
### Checklist
Delete any items that are not applicable to this PR.
- [ ] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [ ]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] Any UI touched in this PR is usable by keyboard only (learn more
about [keyboard accessibility](https://webaim.org/techniques/keyboard/))
- [ ] Any UI touched in this PR does not create any new axe failures
(run axe in browser:
[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),
[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))
- [ ] If a plugin configuration key changed, check if it needs to be
allowlisted in the cloud and added to the [docker
list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)
- [ ] This renders correctly on smaller devices using a responsive
layout. (You can test this [in your
browser](https://www.browserstack.com/guide/responsive-testing-on-local-server))
- [ ] This was checked for [cross-browser
compatibility](https://www.elastic.co/support/matrix#matrix_browsers)
### Risk Matrix
Delete this section if it is not applicable to this PR.
Before closing this PR, invite QA, stakeholders, and other developers to
identify risks that should be tested prior to the change/feature
release.
When forming the risk matrix, consider some of the following examples
and how they may potentially impact the change:
| Risk | Probability | Severity | Mitigation/Notes |
|---------------------------|-------------|----------|-------------------------|
| Multiple Spaces—unexpected behavior in non-default Kibana Space.
| Low | High | Integration tests will verify that all features are still
supported in non-default Kibana Space and when user switches between
spaces. |
| Multiple nodes—Elasticsearch polling might have race conditions
when multiple Kibana nodes are polling for the same tasks. | High | Low
| Tasks are idempotent, so executing them multiple times will not result
in logical error, but will degrade performance. To test for this case we
add plenty of unit tests around this logic and document manual testing
procedure. |
| Code should gracefully handle cases when feature X or plugin Y are
disabled. | Medium | High | Unit tests will verify that any feature flag
or plugin combination still results in our service operational. |
| [See more potential risk
examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) |
### For maintainers
- [ ] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Closes#170497
<img width="483" alt="Screenshot 2023-11-16 at 1 25 18 PM"
src="4d974eab-9641-4618-b52a-2facf4c07667">
Adds scope dropdown to ES Query rules created from Discovery. If Logs or
Metrics are selected, rules created here will be visible in
Observability.
Also makes `Logs` the default consumer when creating a rule from either
Discovery and Observability.
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
A follow up of the Quick Wins day, see more [in this
discussion](https://elastic.slack.com/archives/C03E5KGNWT1/p1693994546394189)
**Before**
<img width="194" alt="Screenshot 2023-12-04 at 11 04 42"
src="cd259338-1600-44d7-8fbf-93a2b2a229f8">
**After**
<img width="189" alt="Screenshot 2023-12-04 at 11 05 03"
src="ab3db895-f36a-4e41-820a-e3ebbe1ad083">
Closes#171088
## Summary
This PR fixes the incorrect params when changing aggregation from
nonCount to count:
56ae5612-e254-4815-98fa-e773cbe4ba38
I didn't find an easy way to add a test for this case, as this is a
minor UI issue. It is worth mentioning that the metric threshold rule
will be deprecated eventually. Let me know if you have any suggestions
for it.
## Summary
Currently, Kibana only sends 100 diagnostic telemetry records every 5
mins from the Elastic Endpoint agent. This is rather restrictive and
security researchers in Security Labs would like as much as possible.
This PR inverts the search relationship to the task and pages were
results using Point-In-Time search, and times out after 4 minutes.
### Checklist
Delete any items that are not applicable to this PR.
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
### For maintainers
- [ ] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
## Summary
- addresses milestone 1 of
https://github.com/elastic/security-team/issues/7773 epic
- adds alerts suppression capabilities to threshold rule type
- to enable alerts suppression for threshold rule type use experimental
feature flag `alertSuppressionForThresholdRuleEnabled` in kibana.yml
```
xpack.securitySolution.enableExperimental:
- alertSuppressionForThresholdRuleEnabled
```
- similarly to query rule Platinum license is required
### UI
Few changes in comparison with custom query alerts suppression
1. Suppress by fields removed, since suppression is performed on
Threshold Groups By fields
2. Instead, we show checkbox - so user can opt-in for alert suppression
(either by selected threshold fields or w/o any)
3. Only time interval is radio button is available, suppression in rule
execution is disabled(Threshold rule itself 'suppress' by grouping
during rule execution)
Demo video, shows suppression on interval when users select threshold
group by fields and when do not
7dc476ad-0d0f-4e40-8042-d4dd552759d9
<details>
<summary>
Suppression is enabled, threshold fields selected
</summary>
<img width="1056" alt="Screenshot 2023-11-27 at 16 44 04"
src="c654a7b2-6f70-4a04-8a85-48b2a2445014">
</details>
<details>
<summary>
Suppression is not enabled, threshold fields selected
</summary>
<img width="1036" alt="Screenshot 2023-11-27 at 16 44 27"
src="1cd4145f-df17-4b41-954b-c64de9eac0ff">
</details>
<details>
<summary>
Suppression is not enabled, threshold fields not selected
</summary>
<img width="1050" alt="Screenshot 2023-11-27 at 16 44 42"
src="8b64a65b-4abd-4334-a1a5-e2b00fe7d8a5">
</details>
### Checklist
- [x] Functional changes are hidden behind a feature flag
Feature flag `alertSuppressionForThresholdRuleEnabled`
- [x] Functional changes are covered with a test plan and automated
tests.
Test plan in progress(cc @vgomez-el), unit/ftr/cypress tests added to
cover alert suppression functionality added
- [x] Stability of new and changed tests is verified using the [Flaky
Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner).
[FTR ESS & Serverless
tests](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/4057)
[Cypress
ESS](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/4058)
[Cypress
Serverless](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/4059)
- [ ] Comprehensive manual testing is done by two engineers: the PR
author and one of the PR reviewers. Changes are tested in both ESS and
Serverless.
- [x] Mapping changes are accompanied by a technical design document. It
can be a GitHub issue or an RFC explaining the changes. The design
document is shared with and approved by the appropriate teams and
individual stakeholders.
Existing AlertSuppression schema field is used for Threshold rule,
similarly to Query. But only `duration` field is applicable and required
- [x] Functional changes are communicated to the Docs team. A ticket or
PR is opened in https://github.com/elastic/security-docs. The following
information is included: any feature flags used, affected environments
(Serverless, ESS, or both).
https://github.com/elastic/security-docs/issues/4315
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
In the "Add inference pipeline" flyout, change the existing pipeline
selector dropdown to a selection list with search. Also re-organize the
option layout to more closely match the layout implemented for ML
pipeline cards in #172209.
Closes https://github.com/elastic/kibana/issues/172133
## Summary
This adds two links to the Profiling tab in Host details:
* Link to the full Profiling app filtered by the current hostname
* Static link to the profiling feedback form
## How to Test
* Connect local kibana to oblt cluster that has Profiling configured
(e.g. edge)
* Add this to your dev `kibana.yml`
```
xpack.profiling.enabled: true
xpack.infra.featureFlags.profilingEnabled: true
# Direct ES URL on the oblt cluster that you're using, in case of edge it's https://edge-oblt.es.us-west2.gcp.elastic-cloud.com:443
xpack.profiling.elasticsearch.hosts: REMOTE_CLUSTER_ES_URL
# If needed create a new user on the remote oblt cluster
xpack.profiling.elasticsearch.username: REMOTE_CLUSTER_USER
xpack.profiling.elasticsearch.password: REMOTE_CLUSTER_PASWORD
```
* Open kibana, go to Hosts
* Open a flyout/full page details and make sure the links are there and
work as expected
In this PR, we added a callout for deploying E5 model in the inference
pipeline. E5 produces dense vector embeddings that can be searched in
multiple languages.
<img width="597" alt="Screenshot 2023-11-29 at 4 14 34 PM"
src="9f49ccb3-20dc-4b6d-90c3-271e223bb3a1">
# Testing
**step 1**: Created inference pipeline using E5 model
<img width="607" alt="Screenshot 2023-11-28 at 4 31 11 PM"
src="c3dcccc4-bf94-453a-87f5-1abb7fb18c73">
**step2**: Load data to the index using the pipeline
<details>
<summary>Click to expand/collapse</summary>
```
POST /test-data-multi-lang/_doc/1643584#0
{
"language": "en",
"title": "Bloor Street",
"passage": "Bloor Street is a major east–west residential and commercial thoroughfare in Toronto, Ontario, Canada. Bloor Street runs from the Prince Edward Viaduct, which spans the Don River Valley, westward into Mississauga where it ends at Central Parkway. East of the viaduct, Danforth Avenue continues along the same right-of-way. The street, approximately long, contains a significant cross-sample of Toronto's ethnic communities. It is also home to Toronto's famous shopping street, the Mink Mile."
}
POST /test-data-multi-lang/_doc/2190499#0
{
"language": "en",
"title": "Elphinstone College",
"passage": "Elphinstone College is an institution of higher education affiliated to the University of Mumbai. Established in 1856, it is one of the oldest colleges of the University of Mumbai. It is reputed for producing luminaries like Bal Gangadhar Tilak, Bhim Rao Ambedkar, Virchand Gandhi, Badruddin Tyabji, Pherozshah Mehta, Kashinath Trimbak Telang, Jamsetji Tata and for illustrious professors that includes Dadabhai Naoroji. It is further observed for having played a key role in spread of Western education in the Bombay Presidency."
}
POST /test-data-multi-lang/_doc/8881#0
{
"language": "en",
"title": "Doctor (title)",
"passage": "Doctor is an academic title that originates from the Latin word of the same spelling and meaning. The word is originally an agentive noun of the Latin verb \"docēre\" [dɔˈkeːrɛ] 'to teach'. It has been used as an academic title in Europe since the 13th century, when the first Doctorates were awarded at the University of Bologna and the University of Paris. Having become established in European universities, this usage spread around the world. Contracted \"Dr\" or \"Dr.\", it is used as a designation for a person who has obtained a Doctorate (e.g. PhD). In many parts of the world it is also used by medical practitioners, regardless of whether or not they hold a doctoral-level degree."
}
POST /test-data-multi-lang/_doc/9002#0
{
"language": "de",
"title": "Gesundheits- und Krankenpflege",
"passage": "Die Gesundheits- und Krankenpflege als Berufsfeld umfasst die Versorgung und Betreuung von Menschen aller Altersgruppen, insbesondere kranke, behinderte und sterbende Erwachsene. Die Gesundheits- und Kinderkrankenpflege hat ihren Schwerpunkt in der Versorgung von Kindern und Jugendlichen. In beiden Fachrichtungen gehört die Verhütung von Krankheiten und Gesunderhaltung zum Aufgabengebiet der professionellen Pflege."
}
POST /test-data-multi-lang/_doc/7769762#0
{
"language": "de",
"title": "Tourismusregion (Österreich)",
"passage": "Unter Tourismusregion versteht man in Österreich die in den Landestourismusgesetzen verankerten Tourismusverbände mehrerer Gemeinden, im weiteren Sinne aller Gebietskörperschaften."
}
POST /test-data-multi-lang/_doc/2270104#0
{
"language": "de",
"title": "London Wall",
"passage": "London Wall ist die strategische Stadtmauer, die die Römer um Londinium gebaut haben, um die Stadt zu schützen, die über den wichtigen Hafen an der Themse verfügte. Bis ins späte Mittelalter hinein bildete diese Stadtmauer die Grenzen von London. Heute ist \"London Wall\" auch der Name einer Straße, die an einem noch bestehenden Abschnitt der Stadtmauer verläuft."
}
POST /test-data-multi-lang/_doc/2270104#1
{
"language": "de",
"title": "London Wall",
"passage": "Die Mauer wurde Ende des zweiten oder Anfang des dritten Jahrhunderts erbaut, wahrscheinlich zwischen 190 und 225, vermutlich zwischen 200 und 220. Sie entstand somit etwa achtzig Jahre nach dem im Jahr 120 erfolgten Bau der Festung, deren nördliche und westliche Mauern verstärkt und in der Höhe verdoppelt wurden, um einen Teil der neuen Stadtmauer zu bilden. Die Anlage wurde zumindest bis zum Ende des vierten Jahrhunderts weiter ausgebaut. Sie zählt zu den letzten großen Bauprojekten der Römer vor deren Rückzug aus Britannien im Jahr 410."
}
GET test-data-multi-lang/_search
POST /_reindex?wait_for_completion=false&pretty
{
"source": {
"index": "test-data-multi-lang",
"size": 50
},
"dest": {
"index": "new-multi-lang-index",
"pipeline": "ml-inference-test-data-multi-lang"
}
}
GET new-multi-lang-index/_search
```
</details>
## Summary
This PR is a starting point for fixing issues about cold and frozen
tiers hits in analyzer.
It introduces another filter to analyzer queries, preventing us from
hitting beforementioned documents.
Relevant setting:
Fixes https://github.com/elastic/kibana/issues/169760
Related to https://github.com/elastic/kibana/issues/171425
## Summary
[Fleet] Replace dataviews suggestions in KQL searchboxes with internal
ones. Now using Fleet mappings to create the suggestions fields instead
of fetching them through dataView plugin.
This is done for two reasons:
- Solves [permission
problems](https://github.com/elastic/kibana/issues/169760) when the user
doesn't have privileges to read Fleet indices
- Allows us to search only those mappings that we want to expose,
instead of all of them
Only weird thing is that the [querystring
component](1f8c816901/src/plugins/unified_search/public/query_string_input/query_string_input.tsx (L161))
has a cap to show max 50 suggestions. Since for agents suggestions we
are showing some more fields, so the ones starting with `u` are not
visible anymore. I though I had a bug in the way I was creating the
`fieldsMap` but in reality there's no way to show more suggestions than
50 (without touching the original component, which I would gladly
avoid).
### Screenshots
There should be no visible difference with the current suggestions.
<details>
<summary>Agents</summary>
</details>
<details>
<summary>Agent policies</summary>
</details>
<details>
<summary>Enrollment keys</summary>
</details>
### Testing
1. With a normal user, navigate to the "agents", "agent policies" and
"enrollment keys" tabs and click on the searchboxes. The suggestions
should be visible as normal
2. Create a user with role Fleet "all", Integrations "all". Log in and
check the above searchboxes, the suggestions should be visible as
normal. Previously they weren't.
### Checklist
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] Any UI touched in this PR is usable by keyboard only (learn more
about [keyboard accessibility](https://webaim.org/techniques/keyboard/))
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Closes https://github.com/elastic/kibana/issues/169444
Add `/assets` endpoint with corresponding public/server client methods.
The method currently returns `host` and `service` asset type.
### Testing
- connect to cluster with apm and metrics data
- hit `/api/asset-manager/assets?from=now-30s&to=now&stringFilters=...`
- response contains both service and host assets, sorted by desc
timestamp
---------
Co-authored-by: Milton Hultgren <miltonhultgren@gmail.com>
Part of #171406
## Summary
This PR changes the Custom threshold title from `Technical Preview` to
`Beta`.
<img
src="8a84ad54-b5f8-4989-a02d-5ab9c861945f"
width=500 />
|Before|After|
|---|---|
||
- Removes old flamegraph code replacing it with the ES Flamegraph API
- Creates new user settings
- Adds a feature flag to use the kibana CO2/Cost calculations instead of
the new version
- Reads CO2 and Cost from /Stacktraces and /Flamegraph APIs
Where do we show the CO2 and Cost values?
- Flamegraph toolip
- Flamegraph Frame information flyout
- Diff Flamegraph Summary
- Functions table
- Function information flyout
- Diff Functions Summary
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Using the docLinks service means documentation links will always point
to the correct version of the docs for the current Kibana version, not
just the latest docs.
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
We offer two variants for each curated (ELSER and E5) ML models:
- Cross-platform (e.g. model ID `.elser_model_2`)
- Linux-optimized (e.g. `.elser_model_2_linux-x86_64`)
This PR adds some logic to filter these curated models to the proper
variants in the pipeline configuration -> model selection list, so that
for these models only those are shown that are compatible with the
current platform's architecture.
Manually tested on a Mac M1:
* All available trained models:
<img width="1375" alt="Screenshot 2023-12-01 at 15 41 51"
src="ace1850a-ed33-48f5-ac98-8dfadff9b5ef">
* Model selection list only shows the cross-platform variants
<img width="1226" alt="Screenshot 2023-12-01 at 15 42 15"
src="f5d6dea2-ed4e-4ad2-9c5d-2f3dcbe5fd92">
* If we temporarily override the ML client's call to tag the Linux
variants as compatible, then those variants show up in the list instead
<img width="1219" alt="Screenshot 2023-12-01 at 15 48 00"
src="987e47f7-3186-47ed-baf0-550e9680a967">
* I also tested that the Deploy and Start buttons trigger the action on
the shown variant of the model (the Linux ones could not actually start
on my Mac, which is expected)
### Checklist
Delete any items that are not applicable to this PR.
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
## Summary
This PR adds custom rendering for each of the default Grouping
visualizations:
- #168543
- #169043
- #169044
- #169045
**It also adds:**
- Fix error handling (follow up from [this
comment](https://github.com/elastic/kibana/pull/169884#issuecomment-1824332654))
- Change the Findings page to have the Misconfiguration tab in the first
position.
- Added `size` property to the `ComplianceScoreBar` component
- Custom message for groups that don't have value (ex. No Cloud
accounts)
- Changed the sort order of grouping components to be based on the
compliance score
- Added compliance score for custom renderers
### Screenshot
Resource
<img width="1492" alt="image"
src="596f8bdb-abcc-4325-8512-23c919c727a9">
Rule name
<img width="1489" alt="image"
src="787138e3-b3b2-4e15-811a-84c583831469">
Cloud account
<img width="1490" alt="image"
src="9a48145d-dba5-4eda-bd7d-a97ed8f78a2d">
<img width="1492" alt="image"
src="399d0be0-4bc0-4090-ac20-e4b016cc4be5">
Kubernetes
<img width="1499" alt="image"
src="3745498a-969a-4769-b4ae-3c932511a5a9">
Custom field:
<img width="1488" alt="image"
src="8c75535d-2248-4cf9-b1cb-9b0d318114e9">
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
