### Fix: Bedrock Streaming Error on ES|QL Actions
#### Summary
When an ES|QL is generated, we present two action buttons:
- Visualize Query
- Display Results
These actions were not working as expected when using Bedrock as the
model provider.
#### Error Details
```txt
Encountered error in Bedrock stream of type validationException messages.8: Did not find 1 `tool_result` block(s) at the beginning of this message. Messages following `tool_use` blocks must begin with a matching number of `tool_result` blocks.
```
#### Root Cause
We were sending a tool_use block in the assistant message without
immediately following it with the corresponding tool_result block. This
violates Bedrock’s message protocol.
## Summary
This PR only renames the helper, no test implementations were changed.
Why now?
Migrating tests from Enzyme to RTL means that all usage of
`mountWithIntl` has to change and will likely be replaced by the helper
that wraps RTL render with I18n. [A shorter name improves devEx](url).
ATM, consumption is limited to a few tests, reducing the number of
codeowner reviews required.
### Identify risks
- [x] In progress work and open PRs might fail. Updating from main will
prompt an undefined function that will need to be renamed.
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
part of #212776
## Summary
Improves screen reader accessibility for the GenAI connector panels in
the Observability AI Assistant by providing more descriptive
announcements when these panels are opened. Previously, Kibana would
announce a generic modal dialog message (from EUI) without context,
which could confuse screen reader users.
### Problem
When a user with a screen reader (e.g., VoiceOver) clicks on the “Set up
GenAI connector” button, Kibana announces a generic message like “modal
dialog” without explaining what the modal is about.
### Fix
• Include aria-label to the `CreateConnectorFlyout` component
### How to Test
1. Navigate to Observability → AI Assistant
2. Use VoiceOver (macOS) or another screen reader
3. Click “Set up GenAI connector”
4. Verify that the screen reader announces "create connector flyout".
## Summary
Introduces a new fleet config variable to be able to set the default the
fleet setting for `prerelease_integrations_enabled`.
This is to be used in the new search_ai_lake tier for the ai4dsoc
project as we want to enable pre-release versions by default.
## How to test
1. Set `xpack.fleet.prereleaseEnabledByDefault: true` in your
`kibana.dev.yml`
2. Start up elasticsearch and kibana
3. Navigate to the integrations page and the toggle to enable should be
on
<img width="750" alt="Screenshot 2025-04-16 at 3 25 50 PM"
src="https://github.com/user-attachments/assets/17d14630-94f5-4f2a-ab32-d733d0b36d48"
/>
OR
1. Add the following to `serverless.security.dev.yml`:
```
xpack.securitySolutionServerless.productTypes:
[
{ product_line: 'ai_soc', product_tier: 'search_ai_lake' },
]
```
2. Restart Kibana serverless for security
3. Navigate to the Configurations -> Integrations page
4. Click on the 'Splunk' integration and verify it loads the page
<img width="750" alt="Screenshot 2025-04-16 at 5 15 28 PM"
src="https://github.com/user-attachments/assets/ba4bf986-1b47-4703-9f33-9a0a7a437539"
/>
___
Relates: https://github.com/elastic/security-team/issues/11789
**!!MAJORITY OF THE CHANGED FILES ARE MOVED OR COPIED!!**
### Vision
According to the product vision we will build a new simple UI/UX in the
future https://github.com/elastic/security-team/issues/11790
This PR is a first iteration on enabling Content Connectors Management
UI in Serverless Kibana Stack Management.
Elastic Managed content connectors will be available only for Security
and Observability projects.
### Current PR scope
1. Used initial search_connectors plugin and renamed it to
content_connectors + moved from `x-pack/solutions/search` to
`x-pack/platform/plugins/shared`
2. Copy relevant connectors UI and routes from enterprise_search plugin.
3. Introduce the new Stack Management card/navigation option under the
Data section.
4. Enabled this plugin only in Serverless for Security and Observability
projects.
5. For making PR smaller Pipelines tab was not moved. And according to
Search team vision this functionality should be dropped anyway soon.
6. Extended fleet package logic to include elastic_connectors for
security and o11y serverless projects
7. Added back `search:agentless-connectors-manager` task
In Stack Management navigation:
<img width="2062" alt="Screenshot 2025-04-15 at 3 51 43 PM"
src="https://github.com/user-attachments/assets/5c93ba01-9a6a-4eac-a21d-1370f03b8f35"
/>
Stack Management cards:
<img width="2081" alt="Screenshot 2025-04-10 at 8 41 43 PM"
src="https://github.com/user-attachments/assets/3def1c12-561b-4a84-8241-4dd61cd9313d"
/>
Create Elastic Managed Connector UI (on Agentless):
<img width="1822" alt="Screenshot 2025-04-15 at 3 55 29 PM"
src="https://github.com/user-attachments/assets/6e9fea48-85e7-43df-919d-0e5492d0e704"
/>
Create Self Managed Connector UI:
<img width="2064" alt="Screenshot 2025-04-15 at 3 55 49 PM"
src="https://github.com/user-attachments/assets/d5051898-c8fa-4e41-b9ea-b41d4ed4a0d5"
/>
### Next steps
- [ ] Remove duplicated code between content_connectors,
enterprise_search and serverless_search
- [ ] Extract [common server
libs](https://github.com/elastic/kibana/tree/main/x-pack/solutions/search/plugins/enterprise_search/server/lib)
to the shared package `kbn-search-connectors`
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Steph Milovic <stephanie.milovic@elastic.co>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Co-authored-by: Artem Shelkovnikov <artem.shelkovnikov@elastic.co>
Co-authored-by: Artem Shelkovnikov <lavatroublebubble@gmail.com>
Co-authored-by: Kyle Pollich <kyle.pollich@elastic.co>
Closes: #218351
**Description**
When user clicks on assign new roles to a space button, the resulting
flyout gets announced incorrectly as "you are in a modal dialog..."
which doesn't give any context to non-sighted user.
**Changes made:**
1. added 'aria-labelledby' attribute
**Screen:**
<img width="1323" alt="image"
src="https://github.com/user-attachments/assets/63ffdcca-2139-4302-9dce-ded3a4d3b9a2"
/>
## Summary
After #217202 and #217034 this the another attempt with `lodash` and
`lodash/fp`.
In short:
`lodash` and `lodash/fp` have a special webpack treatment as they are
imported within the shared bundle.
Now webpack is not smart enough to understand that `import camelCase
from 'lodash/camelCase';` is still pointing to `lodash` and it thinks
that `lodash/camelCase` is a different package, de-optimizing the
bundling caching system.
So I’ve tweaked the import to make it point to the shared bundle and
save few kbs here and there
## Summary
Pre-requisite for https://github.com/elastic/kibana/pull/216088, as the
`AI Assistant Management` configuration settings should be available for
Search too.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Consolidate time handling by:
- making sure the useTimefilter hook exposed from the data plugin
materializes both absolute and relative time ranges on a time range
update, and a refresh
- signal the type of refresh: no refresh (ie, date range change),
time-shift (refresh pressed, but for a materialized time range that is
different than the previous one), override (refresh on an absolute time
range)
- expose TimeState - the original time range, the absolute version of
it, and start/end epoch ms
- use global time ranges in Streams where possible
- move time refresh logic into `useStreamsAppFetch` (opt-in)
---------
Co-authored-by: Joe Reuter <email@johannes-reuter.de>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
## Summary
Resolves: https://github.com/elastic/kibana/issues/187481
* Enhances the integration upgrade callout to give special attention to
breaking changes in the changelog.
* Callout includes a CTA to review breaking changes
* If one breaking change between current and latest version CTA is a
direct link the PR
* If many breaking changes, a flyout is opened listing those breaking
changes
* Includes "I understand" checkbox that must be clicked before upgrade
is allowed
## Summary
Hides security sub-privileges for ai4soc/search_ai_lake tier.
### Reasoning for changes added to `x-pack/packages/security`:
Currently, the feature description of Security feature is tied to the
fact that it has a list of sub-privileges. This is true on ESS and
`essentials/complete` serverless tiers.
With the introduction of the lower `search_ai_lake` tier, security
feature would not have any sub-privileges available and thus it does not
make sense to show that description.
The ideal way to handle this would be to load feature privileges config
settings at the plugin level
(security_solution/security_solution_serverless) and set `description`
to `null | undefined` based on the tier, as currently the feature
privileges settings live in [kibana_features file
(v2_features)](795094d8c6/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_features.ts (L72))
(also another set in v1_features) and the plugins only select a set of
those based on the [feature keys
available](d4a33a2b61/x-pack/solutions/security/plugins/security_solution_serverless/common/pli/pli_config.ts)
on each tier. The refactoring to pass in feature configs at the plugin
level (instead of just feature keys) is not in the scope of the work cut
out for RSA conf.
Thus the other simpler approach in this PR is to allow overriding the
description field on the tier specific config file.
## How to Test
1. While on the Kibana root directory, run ES/Kibana on serverless mode
with:
```bash
yarn es serverless --kill --projectType security --kibanaUrl=http://0.0.0.0:5601
```
and on a new window
```bash
yarn serverless-security --no-base-path
```
Enable the AI for SOC tier, by adding the following to your
`serverless.security.dev.yaml` file:
```json5
xpack.securitySolutionServerless.productTypes:
[
{ product_line: 'ai_soc', product_tier: 'search_ai_lake' },
]
```
2. Once Kibana is up and running login in with the `admin` role using
the role dropdown.
3. Navigate to `app/management/roles/edit`
4. Click on `Assign to space` button and assign a space to that role on
the `Assign role to spaces` flyout.
5. Expand the `Security` category and verify that `Security` feature is
listed in the list of features.
6. Also verify that there is neither an accordion icon beside `Security`
feature nor a description text under it about sub-privileges.
### Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
- [ ] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)
- [ ]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] If a plugin configuration key changed, check if it needs to be
allowlisted in the cloud and added to the [docker
list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)
- [ ] This was checked for breaking HTTP API changes, and any breaking
changes have been approved by the breaking-change committee. The
`release_note:breaking` label should be applied in these situations.
- [ ] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
- [ ] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
### Identify risks
Does this PR introduce any risks? For example, consider risks like hard
to test bugs, performance regression, potential of data loss.
Describe the risk, its severity, and mitigation for each identified
risk. Invite stakeholders and evaluate how to proceed before merging.
- [ ] [See some risk
examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)
- [ ] ...
Closes: #218362
**Description**
When user tabs through content rows on content tab, the information
about saved objects in the content row is announced as "link 1, link2"
which doesn't give any context to non-sighted user.
**Changes made:**
1. Set `aria-label` for mentioned place
# Screen
<img width="1063" alt="image"
src="https://github.com/user-attachments/assets/452885c2-9738-4d17-84c9-3033250c6841"
/>
## Summary
This PR adds new config option `defaultSolution`
(`xpack.spaces.defaultSolution`) which lets you specify a default
solution, similar to the way cloud plugin does it.
Addresses: #213144
## Summary
Just had some fun and made fp-ts available in the shared bundle, with
support for partial imports.
Changes in this PR:
* aligned `fp-ts` direct imports to the format: `fp-ts/<module>`
* Mapped the direct imports into the shared bundle re-using the same
`fp-ts` module under the hood
Closes: #215112
**Description**
Dialog modal, flyout, field visible title should be announced for the
users, especially using assistive technology to know what dialog modal,
flyout opened, what field is active and what is needed to enter in it.
**Changes made:**
1. Added `aria-labelledby={flyoutTitleId}` for mentioned places
Fixes https://github.com/elastic/kibana/issues/208671
## Summary
Before this PR, the displayed index mode of the data streams was
determined based on the index mode of the associated index template.
However, the index mode can also be set through the component template,
so that logic is not reliable and can cause incorrectly displayed index
mode like described in https://github.com/elastic/kibana/issues/208671.
In this PR, we replace this logic with the recently added `index_mode`
field to the Es Get Data Streams API (see
https://github.com/elastic/elasticsearch/pull/122486).
**How to test:**
1. Create a component template with a LogsDB index mode (you can also
test with other index modes):
```
PUT _component_template/my-component-template
{
"template": {
"settings": {
"index": {
"mode": "logsdb"
}
}
}
}
```
2. Create an index template that is composed of the component template
above:
```
PUT _index_template/my-index-template
{
"index_patterns": [
"my-ds-*"
],
"data_stream": {},
"composed_of": [
"my-component-template"
]
}
```
3. Create a data stream that matched the index pattern from the index
template above:
```
PUT _data_stream/my-ds-1
```
4. Go to the data streams table and verify that the index mode is
displayed correctly in the table.
<img width="1165" alt="Screenshot 2025-03-24 at 18 12 04"
src="https://github.com/user-attachments/assets/ea211c14-3d03-49c7-ace7-88b15e294d1f"
/>
5. Click on the created data stream and verify that the displayed index
mode in the details panel is correct:
<img width="1165" alt="Screenshot 2025-03-06 at 14 36 12"
src="https://github.com/user-attachments/assets/954864e2-ae2a-4cb8-9eef-2c5f8b417f52"
/>
---------
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Closes: #214760
**Description**
Dialog modal, flyout, field visible title should be announced for the
users, especially using assistive technology to know what dialog modal,
flyout opened, what field is active and what is needed to enter in it.
**Changes made:**
1. Set correct value for` aria-labelledby` attr.
Closes https://github.com/elastic/kibana/issues/208025
This change deleted the "Stream log files" onboarding flow which is now
replaced by the Auto Detect flow.
| Before | After |
| --- | --- |
| 
| 
|
Changes made:
* Deleted UI components responsible for rendering the Custom Logs flow
* Deleted the definition for a custom card in the onboarding search
results
* Deleted API endpoints and supporting files used only by the Custom
Logs flow
* `/internal/observability_onboarding/logs/setup/environment` endpoint
was still used by the OTel Host flow, so it was moved to a dedicated
OTel route and pathname changed to
`/internal/observability_onboarding/otel_host/setup`
* Functionality of the `/internal/observability_onboarding/otel/api_key`
endpoint was merged into the above mentioned OTel route, so UI has to
make a single API request to get all the necessary information from the
server
* Deleted Scout UI tests for the Custom Logs flow
* Deleted API integration tests for the deleted endpoints
* API tests that we previously testing
`/internal/observability_onboarding/logs/flow` were converted to test
`/internal/observability_onboarding/flow'` used by the Auto Detect flow
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Closes https://github.com/elastic/kibana/issues/199188
Allow multiple SAML authc calls to succeed.
## Testing
Configure logging:
```yaml
logging.loggers:
- name: plugins.security
level: debug
```
### See the failure
Pull `main` and copy the code from the following files in this PR into
their respective files on that branch:
- `packages/kbn-mock-idp-plugin/public/login_page.tsx`
- `packages/kbn-mock-idp-plugin/server/plugin.ts`
- `packages/kbn-mock-idp-utils/src/index.ts`
- `packages/kbn-mock-idp-utils/src/utils.ts`
Start KB/ES in serverless from this modified main branch
Open 2 tabs to the local serverless login screen
As the same user, click login and change tabs and click login again
The you will get an error.
Shut down KB/ES
### See the success
Start KB/ES in serverless from this PR
Open 2 tabs to the local serverless login screen
As the same user, click login and change tabs and click login again
Both should succeed
## Release note
Refreshing multiple tabs where the user has logged out will
simultaneously login successfully
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Closes: #214335
**Description**
Dialog modal, flyout, field visible title should be announced for the
users, especially using assistive technology to know what dialog modal,
flyout opened, what field is active and what is needed to enter in it.
**Changes made:**
1. Added `aria-labelledby={flyoutTitleId}` for mentioned places
## Summary
Fix https://github.com/elastic/kibana/issues/217923
Investigations in https://github.com/elastic/kibana/issues/217368 showed
that there was basically no performance impact to passing the AST across
a thread boundary. But we also didn't detect a pressing reason to remove
the worker.
Since then, however, we noticed another cost associated with the worker:
it's a hefty Javascript file, even in production builds. In addition, we
are doing parsing on the main thread _and_ the worker, so the
`kbn-esql-ast` package is actually being loaded and parsed twice by the
browser, once for the main thread and once for the worker.
This PR removes our worker. Our parsing associated with validation and
autocomplete will still be done asynchronously, but on the main thread.
I do not see any regression in perceived performance.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Co-authored-by: Stratoula Kalafateli <efstratia.kalafateli@elastic.co>
This PR closes#215668.
The global parameters are synched in the endpoints where they are
created, edited or deleted.
---------
Co-authored-by: Shahzad <shahzad31comp@gmail.com>
Closes: #216147
**Description**
Dialog modal, flyout, field visible title should be announced for the
users, especially using assistive technology to know what dialog modal,
flyout opened, what field is active and what is needed to enter in it.
**Changes made:**
1. Added` aria-labelledby={flyoutTitleId} `for mentioned places
This PR passes the current sample documents to the default form state
generation for new processors to pick a good default field.
The logic that's actually employed for `dissect` and `grok` is the
following:
* Go through all docs and order string fields occurring by how many
values they have
* Pick the top one from a list of "well known" fields that probably make
sense (in case of a tie, go by a the ordering of the well known fields)
* If no field is found this way, just leave it empty - this still shows
the full table and the user can pick the field they care about
Especially for otel this should be helpful.
Closes: https://github.com/elastic/kibana/issues/217511
**Description**
Dialog modal, flyout, field visible title should be announced for the
users, especially using assistive technology to know what dialog modal,
flyout opened, what field is active and what is needed to enter in it.
**Changes made:**
1. Set correct value for `aria-labelledby` attr.
## Summary
When the datatable comes with empty results the visualization fails with
bad way
<img width="396" alt="image"
src="https://github.com/user-attachments/assets/b4e266d7-edbd-452b-9192-84c957fe98db"
/>
With the fix
<img width="756" alt="image"
src="https://github.com/user-attachments/assets/d061d29e-9246-432a-944b-308b88d161e7"
/>
How to replicate:
- Create a field ES|QL control with 2 values (extension and geo.dest).
You can do it with multiple ways. I created with typing `FROM
kibana_sample_data_logs | STATS count = COUNT(*) BY` and then `Create
control`.
- Use the variable in another panel with query: `FROM
kibana_sample_data_logs | WHERE ??field == "css" | KEEP extension` (The
control value should be in the extension). This will work
- Select the second field (geo.dest). This will return an empty query
and will break the table viz.
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
