## Summary
Updates to unified field list on typing are debounced - this way we
don't get so many updates when typing in the search input.
Flaky test runner:
https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/6424
## Performance comparison
Test: typing the string: activem for metricbeat data (~6000 fields)
before (costly update on every keystroke):
<img width="669" alt="Screenshot 2024-06-28 at 17 28 38"
src="7075f7bc-2d90-4177-acac-69ac101b2ef1">
after (only one costly update when user stops typing):
<img width="269" alt="Screenshot 2024-06-28 at 17 24 43"
src="8c0ce4a3-7c1a-428b-a482-f6b4d87911e0">
Resolves: #187268
This PR classifies the verification_errors thrown by the Elasticsearch
Query (ES|QL) rules as user error.
## To verify
Create an Elasticsearch Query with ES|QL and use anon-existing field in
the query.
Let the rule run.
`/api/task_manager/metrics?reset=false` should show a user error under
`alerting:__es-query"`
```
"alerting:__es-query":{"success":0,"not_timed_out":1,"total":1,"total_errors":1,"user_errors":1,"framework_errors":0}
```
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
This PR aligns the naming of the entity discovery framework components
to the following pattern:
`entities-{schema version}-{history|latest}-{definition ID}` (with a few
differences here and there, the index has a leading dot, some indices
have a date after them).
---------
Co-authored-by: Chris Cowan <chris@elastic.co>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
This PR adds OpenAPI schemas for Defend Workflows API endpoints that
previously didn't have them. Here are the changes made:
1. Added a schema for `/api/endpoint/isolate`, which is deprecated and
now redirects as a `308` to the new path
(`/api/endpoint/action/isolate`). It's tagged with `x-labels` as `ess`
only.
2. Added a schema for `/api/endpoint/unisolate`, which is deprecated and
now redirects as a `308` to the new path
(`/api/endpoint/action/unisolate`). It's tagged with `x-labels` as `ess`
only.
3. Added a schema for
`/api/endpoint/protection_updates_note/{package_policy_id}`.
4. Added `x-labels` field to all existing Defend Workflows API paths for
proper tagging.
For more information on `x-labels`, please refer to
https://github.com/elastic/kibana/pull/184348
## Summary
This PR removes `@timestamp` from the latest index template mappings.
This will help users who explore `.entities-observability.latest-v1.*`
in Discover ES|QL by using the date picker to filter the results.
### Testing
Using the following ES|QL in Discover:
```
FROM .entities-observability.latest-v1.* | LIMIT 10
```
The date picker should look like this:
<img width="932" alt="image"
src="bf75c785-44f6-41b9-b12f-661327012819">
Co-authored-by: Milton Hultgren <milton.hultgren@elastic.co>
This changes the resource names from being stateful to being static.
This makes it easier to import them since they don't have to be passed
around, and "go-to-definition" actually takes you to the implementation
point instead of the types.
## Summary
Ticket https://github.com/elastic/kibana/issues/187384
These changes fix the error on saving the alert
> An error occurred during rule execution: message: "[1:6778] failed to
parse field [kibana.alert.original_event.action] of type [keyword] in
document with id '027b925ae2799635a0dee97a6aa9d58dc87d9771'."
which happens due to not stripping non-ECS compliant sub-fields of the
`event.action` field.
See the main ticket for steps to reproduce the issue.
## Summary
In rare cases when the list of continuous transform exceeds the allowed
URL length, we fetch stats for all transforms.
The elasticsearch client has `transform-id` param as optional, but we
actually have to pass `_all` or `*`. This PR sets the `transform_id`
param explicitly in this case.
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
This PR does three things:
* Try to download agent from the central repository (expected to fail
for now as 8.15.0 agent isn't released yet
* Adjust snippet to also set up local data dir correctly
* Update k8s manifest via
https://github.com/elastic/opentelemetry-dev/pull/299
## Summary
We have been asked to stop using the `second quality gate` terminology
in favor of `kibana QA quality gate`. This PR updates the readmes to
reflect the new changes.
**‼️ DO NOT MERGE UNTIL 8.15 IS CUT**
## Summary
Part of https://github.com/elastic/kibana/issues/171425.
This PR allows parsed KQL expressions that don't have a key/field. For
example, the follow query expressions are now allowed when searching
agents:
```
last_checkin_message.keyword : "Running" and Development
```
```
macbook
```
```
"8.15.0" and tags : "Development"
```
This PR also:
* Enables the flag `enableStrictKQLValidation` now that both free-form
text expressions are allowed and validation remains on expressions which
specify a field
* Syncs the maintained agent mappings used for populating suggestions
with the [real mappings in
ES](248b045d70/x-pack/plugin/core/template-resources/src/main/resources/fleet-agents.json)
### Checklist
Delete any items that are not applicable to this PR.
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
## Summary
Adds an endpoint dedicated to fetching alerts group aggregations to
avoid adding runtime mappings and client-side controlled scripts to the
`internal/rac/alerts/find` endpoint.
The new endpoint injects a `groupByField` runtime field used to
normalize the values of the field used for grouping, to account for null
and multi-element arrays.
#184635 depends on this
Closes#186383
## To verify
Review the added
[tests](x-pack/plugins/rule_registry/server/routes/get_alerts_group_aggregations.test.ts).
Use the Kibana Dev Console to test various body params and aggregations:
1. Create any type of rule that fire alerts
2. Wait for the alerts to be created
3. Call the `_group_aggregations` endpoint, using the feature id(s) that
cover the type of rules you used:
```
POST kbn:internal/rac/alerts/_group_aggregations
{
"featureIds": [...],
...
}
```
See
[here](https://github.com/elastic/kibana/pull/186475/files#diff-0780f60b57fdaa96eda1ab2853064033477617430a17cdb87750cef42c6e8668R22)
and
[here](https://github.com/elastic/kibana/pull/186475/files#diff-0780f60b57fdaa96eda1ab2853064033477617430a17cdb87750cef42c6e8668R37)
to know the available params and pre-defined aggregations.
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
Fixes https://github.com/elastic/kibana/issues/182213
## Summary
Allow creating a preconfigured agent policy only with `name` and `id`.
Previously this way Fleet wouldn't start.
Note that this was already defined this way in the docs, but the schema
wasn't respecting it.
### Testing
- Create a preconfigured fleet policy with just the id and name:
```
xpack.fleet.agentPolicies:
- name: agent-policy
id: agent-default-policy
```
- Verify that Fleet starts correctly
### Checklist
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
## Summary
This PR is a prerequisite to the Locator Implementation for Logs
Explorer - https://github.com/elastic/kibana/pull/186287
## Problem Statement
- Integrations were fetched when the main DQ page loads and stored in
the State Machine. This means when the Flyout Opens, it was referencing
already fetched data from the main page, updating the URL and then that
was used to render certain sections on the Flyout. This causes issues as
when a Locator is used to directly open the Flyout from some other page.
In that case everything happen asynchronously causing the data to be not
present when the flyout open thus those integration sections were not
present.
## Solution
- Now when the flyout is opened or is already open, it reads the basic
params from the URL like `DataStream`. With this information, it make
API call to fetch Integration information and thus making it
independent.
- Does this means you duplicated the Logic to fetch Integrations ? Yes
and No. Logic has to be duplicated as Flyout is moving to its own page
very soon. This means it would anyhow not be able to re-use that
Integration Information available. Secondly the duplication is not one
to one, its more catered towards Flyout logic
- Split the state machine to make Integration Calls only when the opened
Dataset is actually an integration. This is done by chaining the
respective states after the `DataStreamSettings` state confirms presence
of Integration.
## What else has been done
- Type cleaning: A lot of types has to be refactored to make this
change. Also simplified some duplicate types. We were using
- Runtime types
- Types Derived from Runtime Types
- Inferred Types from API Responses
We don't need the 3rd one. 1 and 2 and sufficient.
## Summary
This PR fixes the following bugs in templates:
1. Remove duplicate template tags
2. Set the connector to `none` if the connect is deleted when editing or
selecting a template
## Testing
### Scenario 1
1. Create a couple of templates with the same template tags.
2. Create a template and click to select template tags. In the list of
available template tags, you should not see duplicates.
### Scenario 2
1. Create a template with a connector.
2. Delete the connector.
3. Edit the template and verify that the `none` connector is shown.
4. Go to the create case form and select the template created in step 1.
5. The selected connector should be the `none` connector.
### Checklist
Delete any items that are not applicable to this PR.
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
### For maintainers
- [x] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
---------
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
## Summary
Small fix to address telemetry related errors.
Closes https://github.com/elastic/kibana/issues/186983
Make `avg_number_global_data_tags_per_policy` optional as it can be
undefined.
Filter out nulls or undefined values in `output_types`.
We can't be sure of the node count when running tests, so we just make
sure the counts are above expected values.
Also updates the route access tags to be `access:ml:canGetMlInfo` rather
than `access:ml:canGetJobs` and `access:ml:canGetDatafeeds`.
In serverless, AD can be disabled and these tags would be false.
## Summary
Resolves [#184639](https://github.com/elastic/kibana/issues/184639).
This PR hides the beta integrations toggle if user does not have
sufficient privileges to write this to Fleet settings SO. The real fix
should be handled with #187511.
Closes#187385
## Summary
This PR fixes the issue with the processes tab showing a 500 error in a
toast when performing a full page refresh.
## Testing
Go to asset details and open the processes tab. Refresh the page: there
should not be any error visible.
8998d141-8841-4138-8c76-7f555f6c44f0
## Summary
Closes https://github.com/elastic/kibana/issues/187336
Fix navigating back to Integration policies list after
Cancelling/Submitting the Edit integration policy page.
See steps to verify in the linked issue.
<img width="1119" alt="image"
src="f89028a6-ef71-4b25-aabc-4f80cb36214b">
<img width="1123" alt="image"
src="e844344c-caff-45ee-9ce7-772ba672e328">
## Summary
Closes https://github.com/elastic/observability-dev/issues/3373 and
https://github.com/elastic/observability-dev/issues/3360
Adding the check `viewInAppUrl !== ''` allows the More Action Alerts
Cell to be navigatable by keyboard. The user can now arrow into the cell
and click enter to interact with the actions in the cell. The href prop
was changed to an onClick because the href was blocking the keyboard
accessibility.
---------
Co-authored-by: Dominique Clarke <dominique.clarke@elastic.co>
## Summary
Fixes an issue where the table was not being properly updated upon
deletion.
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
