## Summary
Updates custom query rule alert suppression logic to group all documents
that don't populate a groupBy field together instead of excluding them
from the results entirely.
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
This adds a renovate config for core jest packages, but skips a few jest
related libraries. They need to be updated separately and then added to
the config. jest-styled-components breaks a bunch of snapshots, for
example.
Resolves https://github.com/elastic/kibana/issues/146469
## Summary
Fixes a bug where multiple popovers were displayed after a monitor was
deleted from Uptime.
This fix ensures only 1 popover is displayed, and only one monitor is
deleted
### Testing
1. Create a few monitors
2. Delete a monitor
3. Ensure only that monitor is deleted and only one success popover
appears when deleting
## Summary
fixes https://github.com/elastic/enterprise-search-team/issues/3314
Updates the data model to have a name (now free form text field) and an
id (generated from the name)
- name is now no longer treated as an id. Name is free form and can
accept any value
- id is generated from name. This is lowercased, prefix / postfix
underscores are stripped, special chars are stripped. Generally fit to
be an index name
- we create the name for the eventsDatastream at collection creation
time. This means we can display this in the UI + change the name in
future.
- If a name that creates an id which already exists, an error will be
displayed so the developer can choose another name.
**Advantages**
- better UX
- id is a faster / safer creation & lookup
https://user-images.githubusercontent.com/49480/204269407-53322fd3-ccc2-4c97-857b-888dfe585b12.mov
## Summary
Add some fields to Endpoint telemetry which are mistakenly stripped by
the PII filter. These fields enable the Endpoint Protections team to
better triage alerts and create exceptions.
### Checklist
Delete any items that are not applicable to this PR.
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
### For maintainers
- [ ] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
closes https://github.com/elastic/kibana/issues/145745
The feature Service Metrics was released and marked as a technical
preview in 8.5 and it was disabled by default.
As we expect to have some breaking changes in the following releases, we
disable and remove the feature so it would simplify the backward
compatibility.
The PR includes:
1. Disable service metrics
2. Remove the option to enable it from labs and advanced settings.
closes https://github.com/elastic/kibana/issues/146206
**Before** we were averaging the memory and billed duration and then we
calculated the compute usage.
**Now** We first calculate the compute usage then get the average and
then convert to GB-Sec.
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
closes#142667
More details about the issue can be found
[here](https://github.com/elastic/kibana/issues/142667)
## Problem
The problem here is the use of bucket script in the query which doesn't
return a single metric value and thus can't be used for pipeline
aggregation.
```
bucket_script: {
buckets_path: {
value: 'rx_avg',
period: 'rx_period>period',
},
script: {
source: 'params.value / (params.period / 1000)',
lang: 'painless',
},
gap_policy: 'skip'
}
```
## Proposed Solutions:
1. Using
[Runtime](https://www.elastic.co/guide/en/elasticsearch/reference/current/runtime.html)
field as below:
```
"runtime_mappings": {
"rx_bytes_per_period": {
"type": "long",
"script": {
"source": """
emit(doc['host.network.ingress.bytes'].size()==0 ? -1 : (doc['host.network.ingress.bytes'].value/doc['metricset.period'].value));
"""
}
}
}
```
2. Using
[Scripted_Metric](https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-metrics-scripted-metric-aggregation.html):
```
scripted_metric": {
"init_script": "state.bytes_per_period = []",
"map_script": "state.bytes_per_period.add(doc['host.network.ingress.bytes'].value/(doc['metricset.period'].value/1000))",
"combine_script": "double avg_bytes_per_period = 0; for (t in state.bytes_per_period) { avg_bytes_per_period += t } return avg_bytes_per_period/state.bytes_per_period.size()",
"reduce_script": "double result = 0; for (a in states) { result += a) } return result/states.size()"
}
```
## Conclusion
I decided to go with the runtime field as its a bit more concise and
easier to understand and performance wise it was slightly faster than
the scripted metric in most times.
### Testing
Navigate to `Observability` -> `Overview` -> `Hosts Table` try to filter
with Rx and Tx columns
Fixes#146342
There was a semicolon added to the JSX markup which would show on slower
devices where loading takes longer.
Please refer to the issue for a screenshot of that.
## Summary
Closes https://github.com/elastic/ingest-dev/issues/1261
Merged: [elasticsearch
change](https://github.com/elastic/elasticsearch/pull/91701) to give
kibana_system the missing privilege to read logs-elastic_agent* indices.
## Top 3 most common errors in the Elastic Agent logs
Added most common elastic-agent and fleet-server logs to telemetry.
Using a query of message field using sampler and categorize text
aggregation. This is a workaround as we can't directly do aggregation on
`message` field.
```
GET logs-elastic_agent*/_search
{
"size": 0,
"query": {
"bool": {
"must": [
{
"term": {
"log.level": "error"
}
},
{
"range": {
"@timestamp": {
"gte": "now-1h"
}
}
}
]
}
},
"aggregations": {
"message_sample": {
"sampler": {
"shard_size": 200
},
"aggs": {
"categories": {
"categorize_text": {
"field": "message",
"size": 10
}
}
}
}
}
}
```
Tested with latest Elasticsearch snapshot, and verified that the logs
are added to telemetry:
```
{
"agent_logs_top_errors": [
"failed to dispatch actions error failed reloading q q q nil nil config failed reloading artifact config for composed snapshot.downloader failed to generate snapshot config failed to detect remote snapshot repo proceeding with configured not an agent uri",
"fleet-server stderr level info time message No applicable limit for agents using default \\n level info time message No applicable limit for agents using default \\n",
"stderr panic close of closed channel n ngoroutine running Stop"
],
"fleet_server_logs_top_errors": [
"Dispatch abort response",
"error while closing",
"failed to take ownership"
]
}
```
Did some measurements locally, and the query took a few ms only. I'll
try to check with larger datasets in elastic agent logs too.
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
This is a refactor:
* Move `FilesContext`, `FilePicker` and `UploadFile` components to
`packages/shared-ux/file` as packages
* Renamed `UploadFile` to `FileUpload` for more consistency
* Also created `packages/shared-ux/file/types` and added
`useBehaviourSubject` to `packages/shared-ux/file/util` (we can consider
moving this elsewhere since that function is not necessarily tied to the
files domain).
* Removed the storybook config from `files` public plugin since there
are no more components there
## How to test
👉🏻 `yarn storybook shared_ux` to see the components in a lab environment
OR
👉🏻 `yarn start --run-examples` then "Developer examples" > "Files
example" to see the components being used in Kibana
Look out for any regressions: for example, in the `FileImage` component
importing `import bh from 'blurhash'` caused a regression because
blurhash does not expose a default export. This was fixed by doing:
`import * as bh from 'blurhash`.
## Notes
* With this change, we needed to move `FilesClient` interface to
packages since it is used by the components. However, we also wanted to
keep `FilesClient` interface as it is currently exported from `files`
plugin because it exposes methods that only the server of `files` plugin
should know about (e.g., the metrics endpoint). I created the
`BaseFilesClient` in the packages directory that is extended in the
`files` plugin as needed. This is a snapshot of the types as they are
provided from the server implementation and will need to be
updated/maintained by hand from here on out.
* With `BaseFilesClient` in `packages`, we lost the type check between
`files` server endpoints and the client methods. To re-establish this
link the `CreateRouteDefinition` type helper got a parameter where the
client method can be passed in to do checks that the server inputs
(query, param and body) as well as outputs (the responses) match what
the client expects using the `X extends Y ? X : unknown` capability of
TS. See this in action in, for example
`src/plugins/files/server/routes/find.ts`. DX will be: if these ever get
out of sync, the server values for `query`, `param` or `body` will map
to `unknown` causing a type issue when trying to use these values. This
can only be fixed by bringing the `FilesClient` types in sync with the
server types.
* Server endpoints that should match expected `FilesClient`
inputs/outputs should use the `CreateRouteDefinition` type helper, but
if the endpoint does not need to map to a client method we can always
skip using `CreateRouteDefinition`.
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
- modify indicators flyout to hide filter in/out button
- delete duplicate flyout component in cases module and use indicators flyout instead
- add fields to query to fetch indicator by id
- sort fields in flyout table views (overview and table tabs)
## Summary
This PR completes the data view editor state service. Of note:
- All form business logic is now in service although validation is still
handled by the form lib
- Service is initialized with dependencies, form config, and initial
state
- Service state is updated via simple method calls
- Service state updates are provided to React code via observables using
`useObservable`
- Service is provided via parent component which uses `useRef` so the
service is created once per flyout creation
IMO the diff isn't very helpful. It might be easier to review the
changed files in completion.
Follow up to https://github.com/elastic/kibana/pull/142421
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
This PR upgrades from `lbmd-store` into `lmdb` which is the new package
and fully compatible with node `v18`.
So far my tests shows the new implementation is compatible with our
usages and I'm actually seeing a great performance boost when comparing
with main specially on subsequent calls of the same command.
This can be tested by running the following 2 times on main vs this
branch `time node scripts/kibana --config
src/cli/serve/integration_tests/__fixtures__/invalid_config.yml
--migrations.skip=true --verbose`
I verify the following on my machine
**main:**
_1st run:_ 36s
_2nd run:_ 34s
**this branch:**
_1st run:_ 35s
_2nd run:_ 6s
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Resolves: https://github.com/elastic/kibana/issues/145739
## Summary
In this PR I am enabling Enable and Disable in menu when Select all is
chosen. And trigger new bulk enable/disable API when Enable/Disable
option will be chosen.
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Fixes#146243
## Summary
Fixes Canvas expression autocomplete
https://github.com/elastic/kibana/pull/143739 upgraded the monaco-editor
dependency which uses a callback to the `onLanguage` method to
initialize the expressions. The PR moved the `monaco.languages.register`
command inside this callback and which was never triggered.
Moving the `monaco.languages.register` command outside the callback
appears to fix the issue.
Adds support for a label `ci:cloud-persist-deployment`, that will
prevent deployments from shutting down until the label is removed.
This also fixes a bug in the conditional checking for whether the cloud
deployment label was removed. If `ci:cloud-deploy` is removed from a PR,
the deployment should now shutdown in the next hour instead of after
48h.
It's easiest to test this after merging. I can alternatively modify the
pipeline to run on a branch, but either way I'll end up pushing commits
and this is fairly straight forward and it breaking is low risk. Either
way works for me.
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Tyler Smalley <tylersmalley@gmail.com>
## Summary
- Changes the Policy List onboarding screen so that if the user does NOT
have access to Fleet, then the "Add Elastic Defend" button is hidden and
a message is displayed instead that points the user to the documentation
