## Summary
Closes https://github.com/elastic/kibana/issues/143727
When Inventory rule is created for `Kubernetes Pods` as node type, the
`context.container` will contain an array of containers. For other node
types, the `context.container` will contain single container
information. This is to cover the use case where Kubernetes pod has more
than one container.
## Manual testing
### 1. Create rule for `Kubernetes Pods`
- Create Inventory rule for `Kubernetes Pods`
- Select a connector to schedule action
- Add `{{context}}` in the action template
- Wait for alerts to be generated
- Observe `context.container` lists all containers
<img width="803" alt="Screenshot 2022-11-04 at 10 55 19"
src="https://user-images.githubusercontent.com/69037875/199945124-08590d1e-50ed-4b41-a256-8b16548dbdbd.png">
### 2. Create rule for `Hosts`
- Create Inventory rule for `Hosts`
- Select a connector to schedule action
- Add `{{context}}` in the action template
- Wait for alerts to be generated
- Observe `context.container` contains single container
<img width="520" alt="Screenshot 2022-11-04 at 10 59 31"
src="https://user-images.githubusercontent.com/69037875/199945890-a38a695a-61bc-49cb-9eb4-6fa806f4bdc9.png">
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
This PR adds improvements to ML Job management UX within rules:
* ML job will be automatically enabled on rule creation, enabling rule
in Rules Table or Rule's details page
* ML rule details page has switch button to enable/disable the ML job
* Rules page shows the warning icon for the ML rules with non-running
jobs. Pressing the icon will show the list of the non-running jobs and
suggestion to go to the rule’s details page for further investigations
Main ticket:
[#1912](https://github.com/elastic/security-team/issues/1912)
https://user-images.githubusercontent.com/2700761/200577590-0fe03b25-b486-4ae7-8ca9-625047daddbc.mov
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Resolves https://github.com/elastic/kibana/issues/142896
Passes `{ force: true }` option when upgrading packages via the
`managed_package_policy` flow.
This ensures that Synthetics packages are able to be auto-upgraded via
the Fleet setup flow when a new package version is available, while
still restricting users from editing managed Synthetics packages from
the UI.
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Resolves https://github.com/elastic/kibana/issues/144915
Adds the `migratedType` to the synthetics monitor saved object migration
for 8.6.0. This value represents the schema for the encrypted saved
object. Although it hasn't changed from 8.5.0 -> 8.6.0, it is
recommended to always include this value explicitly.
## Summary
- Adds a message, to the Download link displayed after successfully
retrieving a file from the host via `get-file`, that files are
periodically cleaned up.
We store stack frame types with a run-length encoding in Elasticsearch
and decode the raw data in Kibana. The current implementation was
working fine when the frame type did not change often but failed for
long sequences of unique frame types. With this commit we make sure that
these longer sequences can also properly decoded.
Co-authored-by: Tim Rühsen <tim.ruhsen@elastic.co>
In this PR, I'm removing the `maxConcurrency` from a few task types
given they only have a single task created for each type. The
concurrency setting limits how many tasks of such type a single Kibana
process should handle at most, and internally requires a separate task
claiming query to run every poll interval to claim those tasks.
With this PR, task manager goes from running 4 update_by_query requests
to 2 every 3 seconds, removing stress put onto Elasticsearch.
For more details, see `maxConcurrency` here
https://github.com/elastic/kibana/tree/main/x-pack/plugins/task_manager#task-definitions.
## Summary
- [x] Updates the logic for showing host isolation pages for RBAC v1.
- [x] should allow `superusers` to delete an artifact if exists even
when the license is below `platinum`
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
Fixes https://github.com/elastic/kibana/issues/143547
To make sure the correct semantic elements are used, you can pass the
`component` prop to the page template components. As the eui components
`EuiPageTemplate`, `EuiPageTemplate.Section` and so bring styling with
them there's not much value in trying to put them into the places of
manual `section`s used in Lens today because we would end up overruling
all of these default styles anyway as Lens is pretty special in terms of
page layout to make best use of the existing screen real estate.
Because of this this PR is simply turning the `EuiPageTemplate` into a
div and putting the main role to the top level of the Lens app.
The way how to do this is a bit funky right now, but that's an EUI bug
that will be fixed upstream: https://github.com/elastic/eui/issues/6351
Co-authored-by: Stratoula Kalafateli <efstratia.kalafateli@elastic.co>
## Summary
Closes: #131710
In order to add complimentary features to Lens embeddables via actions,
it's important to be able to capture the relevant information from the
state which is currently loaded.
E.g. https://github.com/elastic/kibana/pull/129762 is pulling out the
used field names from the Lens state. While the state interface is
considered a public interface (as it's also used to configure Lens
embeddables), it would be beneficial to provide use case specific
helpers to extract this information to make this logic easier to
maintain.
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
The analysis can be long running and in cases can time out depending on
server/proxy settings. This update allows a user to try to continue the
analysis if it failed half way through.
Improved the visualization of data in profiling by showing more details
and using more nicely formatted numbers.
Fixes https://github.com/elastic/prodfiler/issues/2772
Co-authored-by: Tim Rühsen <tim.ruhsen@elastic.co>
## Summary
Updates the Series color tooltip to:
`You are unable to apply custom colors to individual series when the
layer includes a "Break down by" field.`
Adds a `isCloudTrial` flag to ML's `/api/ml/info` endpoint.
If `xpack.cloud.trial_end_date` is set in the kibana config and it is
greater than the current time, we can assume that we're currently in a
could trial.
If `xpack.cloud.trial_end_date` is not set, `isCloudTrial` is not added
to the endpoint response. This is the same behaviour as the `cloudId`
property.
Adds a `isCloudTrial()` function to our server info util functions which
can be used in conjunction with our `isCloud()` function.
To test, these cloud settings can be added to the kibana config:
```
xpack.cloud.id: 'cloud_message_test:ZXUtd2VzdC0yLmF3cy5jbG91ZC5lcy5pbyQ4NWQ2NjZmMzM1MGM0NjllOGMzMjQyZDc2YTdmNDU5YyQxNmI1ZDM2ZGE1Mzk0YjlkYjIyZWJlNDk1OWY1OGQzMg=='
xpack.cloud.trial_end_date: '2022-11-20T09:39:52.554Z'
```
## Summary
Completes part of https://github.com/elastic/kibana/issues/138236.
Added support of ad-hoc dataViews while converting TSVB visualizations,
when index pattern string mode is turned on.
Co-authored-by: Uladzislau Lasitsa <vlad.lasitsa@gmail.com>
Co-authored-by: Joe Reuter <johannes.reuter@elastic.co>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Resolves#143962
## 📝 Summary
In this PR, an alerts search bar was added to the rule details page by
syncing its state to the URL. This will enable navigating to the alerts
table for a specific rule with a filtered state based on active or
recovered.
### Notes
- Renamed alert page container to alert search bar container and used it
both in alerts and rule details page (it will be responsible to sync
search bar params to the URL) --> moved to a shared component
- Moved AlertsStatusFilter to be a sub-component of the shared
observability search bar
- Allowed ObservabilityAlertSearchBar to be used both as a stand-alone
component and as a wired component with syncing params to the URL
(ObservabilityAlertSearchBar, ObservabilityAlertSearchbarWithUrlSync)
- Set a minHeight for the Alerts and Execution tab, otherwise, the page
will have extra scroll on the tab change while content is loading (very
annoying!)
## 🎨 Preview
## 🧪 How to test
- Create a rule and go to the rule details page
- Click on the alerts tab and change the search criteria, you should be
able to see the criteria in the query parameter
- Refresh the page, alerts tab should be selected and you should be able
to see the filters that you applied in the previous step
- As a side test, check alert search bar on alerts page as well, it
should work as before
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Adds options to create a shared exception list and creating a single
item to be attached to multiple rules default lists or to add it to
shared lists.
Co-authored-by: Gloria Hornero <gloria.hornero@elastic.co>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
