## Summary
Related to https://github.com/elastic/kibana/issues/144161
Found that on a bulk update tags task failure, the task didn't stop
after 3 retries (should be over in less then a minute), the retries kept
happening for 2 hours.
This change removes the retry task if 3 retries are reached.
Also testing in cloud deployment to see if the tags error can be
reproduced with this fix.
I could reproduce the reported error locally, and seeing it goes away
with this fix.
To verify:
- Add at least 50k agents with the `create_agents` script in kibana repo
- open Kibana, select the 50k agents, and open Actions / Add tags
- Try this in a few seconds: add 2 new tags, and remove one of them
- Wait about 30s, the agents should reflect the changes
- Check the logs to see that the tasks are removed after 3rd retry is
reached or successful.
- Check that there are no more running tasks. Any running task can be
found in Kibana Console by running this query: `GET
.kibana_task_manager/_search?q=task.taskType:"fleet:update_agent_tags:retry"`
Locally simulated an error to test that the retry (and check) task is
removed:
```
[2022-12-07T15:52:16.415+01:00][ERROR][plugins.fleet] Retry #3 of task fleet:update_agent_tags:retry:848984ab-c11d-4ebe-8d1f-606143dd656b failed: failing task
[2022-12-07T15:52:16.416+01:00][WARN ][plugins.fleet] Stopping after 3rd retry. Error: failing task
[2022-12-07T15:52:16.416+01:00][INFO ][plugins.fleet] Removing task fleet:update_agent_tags:retry:check:848984ab-c11d-4ebe-8d1f-606143dd656b
[2022-12-07T15:52:16.416+01:00][INFO ][plugins.fleet] Removing task fleet:update_agent_tags:retry:848984ab-c11d-4ebe-8d1f-606143dd656b
```
While working on another project I found a circular dependency between
the `@kbn/shared-ux-page-solution-nav` and
`@kbn/shared-ux-page-kibana-template-types` packages. My upcoming PR
will prevent this from happening in the future, but for now this is just
a small change to fix the issue.
This PR deletes users actions when the case is deleted. It makes a few
improvements:
- Uses point in time finder for the different case entities when
deleting instead of requesting a single page of 10k results
- Refactors the User actions class to receive the
`unsecuredSavedObjectClient` as a parameter when initializing the class
- Adds the audit log message when a user action is created
- Leverages the bulk delete method from the saved object core library
Fixes: https://github.com/elastic/kibana/issues/143657https://github.com/elastic/kibana/issues/145124
<details><summary>User actions removed when deleting cases</summary>
https://user-images.githubusercontent.com/56361221/204568129-525e176c-84af-4197-8f80-fc0801676226.mov
</details>
## Example Audit Log Messages
```
[2022-11-29T10:10:32.365-05:00][INFO ][plugins.security.audit.ecs] User created case id: f7138410-6ff7-11ed-860b-4fd7293e59c1 - user action id: f73256b0-6ff7-11ed-860b-4fd7293e59c1
[2022-11-29T10:11:08.716-05:00][INFO ][plugins.security.audit.ecs] User assigned uids: [u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0] to case id: f7138410-6ff7-11ed-860b-4fd7293e59c1 - user action id: 0cf9e670-6ff8-11ed-860b-4fd7293e59c1
```
## Testing
To view the audit log message add these fields to your `kibana.dev.yml`
file
```
xpack.security.audit.enabled: true
xpack.security.audit.appender.type: 'console'
xpack.security.audit.appender.layout.type: 'pattern'
xpack.security.audit.appender.layout.highlight: true
```
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Part of #140828
PR for run yml file
[elastic/kibana-buildkite/pull/67](https://github.com/elastic/kibana-buildkite/pull/67)
This PR moves data set extraction step in separate pipeline, still
reporting KIbana scalability and ES Rally output in Kibana-related
bucket.
Reporting ES Rally data to required bucket will be added in the
follow-up PR.
## Summary
Closes#102493
This PR introduces the ability to define an absolute time shift as a new
type of time shift in Lens.
The idea is to avoid to push down the absolute logic to the agg level,
rather translate as soon as possible the absolute shift into a relative
one (in seconds, the minimal time unit allowed) and perform all checks
in this format.
**Note**:
The feature is currently enabled as formula-only and using it in a Quick
function context will validate it as an invalid shift.
**Details**:
The used format for anchoring right now is:
* `startAt(2022-11-03T18:30:27.278Z)` for start anchoring (from the
given date used as `start` anchor forward to a dynamic end date), and
<img width="1172" alt="Screenshot 2022-11-15 at 15 13 36"
src="https://user-images.githubusercontent.com/924948/201942522-8515f845-b065-448b-bc3b-da72ea8f9de3.png">
* `endAt(2022-11-03T18:30:27.278Z)` for end anchoring (from the given
date backward to a start date dynamically computed)
<img width="1168" alt="Screenshot 2022-11-15 at 15 13 21"
src="https://user-images.githubusercontent.com/924948/201942569-91175316-1cb6-45af-8d32-83eb91d5ad9a.png">
* when an absolute time shift is detected in formula then the shifts
suggestions are translated into absolute shifts
<img width="304" alt="Screenshot 2022-11-15 at 15 18 08"
src="https://user-images.githubusercontent.com/924948/201942631-b4906a11-9de0-4ce0-94f8-16d9576247bf.png">
<img width="281" alt="Screenshot 2022-11-15 at 15 18 17"
src="https://user-images.githubusercontent.com/924948/201942633-20c52277-450e-4191-94a7-74f21a6255af.png">
### Basics
* [x] Add a Absolute time shift validation function
* [x] Add a strict shift parser to duration (in seconds)
* [x] Add a function to extract tokens from raw string
* Enable the feature in Lens
* [x] formula
* [x] parsing
* [x] formula validation
* [x] suggestion adapted to work with the Absolute shift
* [x] errors
* [x] warnings
* interval-based validations are skipped for absolute shifts as issues
are resolved at expression translation time anyway
* [x] via API (formula helper)
### Implementation details
While the range is computed correctly based on the current interval, the
actual shift is rounded to prevent issues on data fetching. The interval
is computed with an algorithm similar to the one used by ES and the
shift is offset to the closest multiple of that interval (i.e. if the
current shift is `1.78` times the interval, then the shift is rounded to
`2` intervals in a way to include the given date).
### Checklist
Delete any items that are not applicable to this PR.
- [ ] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [ ]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] Any UI touched in this PR is usable by keyboard only (learn more
about [keyboard accessibility](https://webaim.org/techniques/keyboard/))
- [ ] Any UI touched in this PR does not create any new axe failures
(run axe in browser:
[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),
[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))
- [ ] If a plugin configuration key changed, check if it needs to be
allowlisted in the cloud and added to the [docker
list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)
- [ ] This renders correctly on smaller devices using a responsive
layout. (You can test this [in your
browser](https://www.browserstack.com/guide/responsive-testing-on-local-server))
- [ ] This was checked for [cross-browser
compatibility](https://www.elastic.co/support/matrix#matrix_browsers)
### Risk Matrix
Delete this section if it is not applicable to this PR.
Before closing this PR, invite QA, stakeholders, and other developers to
identify risks that should be tested prior to the change/feature
release.
When forming the risk matrix, consider some of the following examples
and how they may potentially impact the change:
| Risk | Probability | Severity | Mitigation/Notes |
|---------------------------|-------------|----------|-------------------------|
| Multiple Spaces—unexpected behavior in non-default Kibana Space.
| Low | High | Integration tests will verify that all features are still
supported in non-default Kibana Space and when user switches between
spaces. |
| Multiple nodes—Elasticsearch polling might have race conditions
when multiple Kibana nodes are polling for the same tasks. | High | Low
| Tasks are idempotent, so executing them multiple times will not result
in logical error, but will degrade performance. To test for this case we
add plenty of unit tests around this logic and document manual testing
procedure. |
| Code should gracefully handle cases when feature X or plugin Y are
disabled. | Medium | High | Unit tests will verify that any feature flag
or plugin combination still results in our service operational. |
| [See more potential risk
examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) |
### For maintainers
- [ ] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
Co-authored-by: Stratoula Kalafateli <efstratia.kalafateli@elastic.co>
## Summary
Ref: https://github.com/elastic/kibana/issues/146871
Also restores functionality where if a user tries to import an exception
list that already exists within the system, they are offered up options
as to how to proceed; either by overwriting the current list or
importing this list as a different list.
Extended APM synthtrace to support mobile use cases and added a mobile
scenario that generates trace data.
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Kate Patticha <aikaterini.patticha@elastic.co>
## Summary
In this PR we are returning in response for bulkDelete API actual rules
which have being deleted like we do for the bulk editing API. Security
solution needs that information as part of the API contract so they can
have their stateful rule table still working the way it is.
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Adds tests to check the response of the index exists endpoint:
```
/api/ml/index_exists
```
Also fixed the behavior of the endpoint when passed an index with a
wilcard expression so that it no longer returns `true` if an index does
not exist matching the expression by adding `allow_no_indices: false` to
the query parameters.
Part of https://github.com/elastic/kibana/issues/142456
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Closes https://github.com/elastic/kibana/issues/111246
Removes the implementation of the vislib pie. Specifically:
- Removes the `visualization:visualize:legacyPieChartsLibrary` advanced
setting which was used as a fallback to vislib pie,
- Cleanups the vislib code from the pie
Part of: #144296
## Summary
First step of `[ESQL] Improve the typing experience` (#144296). This PR
is the skeleton for later parts, but already supports basic parsing
scenarios.
## What was done:
- [x] Added new `ESQL` language in `@kbn/monaco` package. Parsing was
done using the `antl` syntax;
- [x] `kbnUiSharedDeps`-srcJs bundle has been optimised, all workers
have been moved into separate chunks. This gave almost minus` 2 MB` 🕺
- [x] existing `esql` lang was renamed to `sql`. In order not to confuse
anyone in the future
- [x] some code from `painless` folder was moved to `common` and reused
in ESQL (probably needs some refactoring in future)
## Next steps:
- [ ] improving `ANLT` syntax to cover all cases
- [ ] implementing `Autocomplete` feature
## How to use new `ESQL Lang`:
To use new language 2 properties should be set for `CodeEditor`
component
```ts
import { ESQL_LANG_ID, ESQL_THEME_ID } from '@kbn/monaco';
import { CodeEditor } from '@kbn/kibana-react-plugin/public';
<CodeEditor
...
languageId={ESQL_LANG_ID}
options={{
...
theme: ESQL_THEME_ID,
}}
/>
```
Currently syntax highlighting looks like:
<img width="450" alt="image"
src="https://user-images.githubusercontent.com/20072247/205685072-0658fad1-d034-4d36-a44d-6a49e7365ab3.png">
<img width="450" alt="image"
src="https://user-images.githubusercontent.com/20072247/205685220-c67db50c-6f3b-49b5-9576-d1ee68428184.png">
Will be updated in Step 2
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Marco Liberati <dej611@users.noreply.github.com>
Resolves#146286
## 📝 Summary
In this PR, I exposed ObservabilityAlertSearchBar from the Observability
plugin to be used in other plugins such as APM.
I've added `ObservabilityAlertSearchBarProvider` in order for other
plugins to provide Kibana dependencies to the shared component.
## 🧪 How to test
For testing the implementation, I imported this component in the APM
plugin and used it in the alerts tab, you can do the same locally by
following these steps:
1. Import `ObservabilityAlertSearchBar` in
[APM](https://github.com/elastic/kibana/blob/main/x-pack/plugins/apm/public/components/app/alerts_overview/index.tsx)
and define related hook:
```
import {
ObservabilityAlertSearchBar,
ObservabilityAlertSearchBarProvider,
} from '@kbn/observability-plugin/public';
export const useToasts = () =>
useKibana<ApmPluginStartDeps>().services.notifications!.toasts;
```
2. Replace
[AlertsTableStatusFilter](https://github.com/elastic/kibana/blob/main/x-pack/plugins/apm/public/components/app/alerts_overview/index.tsx#L74)
with the `ObservabilityAlertSearchBar` component:
```
<ObservabilityAlertSearchBarProvider
{...services}
useToasts={useToasts}
>
<ObservabilityAlertSearchBar
appName={'apmApp'}
kuery={''}
onRangeFromChange={(input) => console.log(input)}
onRangeToChange={(input) => console.log(input)}
onKueryChange={(input) => console.log(input)}
onStatusChange={(input) => console.log(input)}
onEsQueryChange={(input) => console.log(input)}
rangeTo={'now'}
rangeFrom={'now-15m'}
status={'all'}
/>
</ObservabilityAlertSearchBarProvider>
```
You should see the new search bar in APM alerts tab:
## Summary
Closes#136141
This splits `rules_client.ts`, a file of over 5000 lines, into multiple
files. It does this by converting all of the `RulesClient` classes into
functions that take a `context` value, which consists of all the
RulesClient's `private` variables.
- `RulesClient` `public` class methods are replaced with higher-order
functions that pass the `context` value into these newly split
functions. These are stored in the ~`rules_client` folder root~
`methods` directory
- `private` methods that required access to `this` are stored in the
`lib` folder, and now take a `context`
- The previous `lib` folder is renamed to `common`, and consists of any
and all functions that don't require access to the `context`. Several
former `private` methods that didn't actually invoke `this` have been
moved to `common`.
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
Co-authored-by: Xavier Mouligneau <xavier.mouligneau@elastic.co>
## Summary
Closes#146546
This PR replaces bash script with node-based runner script.
Script can take relative path to directory with scalability journey
files or relative path to individual journey json file.
`node scripts/run_scalability.js --journey-config-path
scalability_traces/server`
`node scripts/run_scalability.js --journey-config-path
scalability_traces/server/api.core.capabilities.json`
### Checklist
Delete any items that are not applicable to this PR.
- [ ] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [ ]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] Any UI touched in this PR is usable by keyboard only (learn more
about [keyboard accessibility](https://webaim.org/techniques/keyboard/))
- [ ] Any UI touched in this PR does not create any new axe failures
(run axe in browser:
[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),
[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))
- [ ] If a plugin configuration key changed, check if it needs to be
allowlisted in the cloud and added to the [docker
list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)
- [ ] This renders correctly on smaller devices using a responsive
layout. (You can test this [in your
browser](https://www.browserstack.com/guide/responsive-testing-on-local-server))
- [ ] This was checked for [cross-browser
compatibility](https://www.elastic.co/support/matrix#matrix_browsers)
### Risk Matrix
Delete this section if it is not applicable to this PR.
Before closing this PR, invite QA, stakeholders, and other developers to
identify risks that should be tested prior to the change/feature
release.
When forming the risk matrix, consider some of the following examples
and how they may potentially impact the change:
| Risk | Probability | Severity | Mitigation/Notes |
|---------------------------|-------------|----------|-------------------------|
| Multiple Spaces—unexpected behavior in non-default Kibana Space.
| Low | High | Integration tests will verify that all features are still
supported in non-default Kibana Space and when user switches between
spaces. |
| Multiple nodes—Elasticsearch polling might have race conditions
when multiple Kibana nodes are polling for the same tasks. | High | Low
| Tasks are idempotent, so executing them multiple times will not result
in logical error, but will degrade performance. To test for this case we
add plenty of unit tests around this logic and document manual testing
procedure. |
| Code should gracefully handle cases when feature X or plugin Y are
disabled. | Medium | High | Unit tests will verify that any feature flag
or plugin combination still results in our service operational. |
| [See more potential risk
examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) |
### For maintainers
- [ ] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
PR does the following
* Mirror controlGroupInputBuilder methods in ControlGroupContainer API:
* addOptionsListControl
* addRangeSliderControl
* addTimeSliderControl
* Update existing ControlGroupContainer.addDataControlFromField method
have same signature as controlGroupInputBuilder.addDataControlFromField
* Use new ControlGroupContainer APIs when adding controls view React
components
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
