## Summary
Bring in the changes from https://github.com/elastic/eui/pull/8304,
specifically ESLint rules:
- `no-restricted-eui-imports`
- `no-css-color` (migrated from `@kbn/eslint-plugin-css`)
- `prefer-css-attribute-for-eui-components` (migrated from
`@kbn/eslint-plugin-css`)
Relates to https://github.com/elastic/eui/issues/8201,
https://github.com/elastic/eui-private/issues/275
## QA
### Instructions
1. Checkout this branch: `gh pr checkout 210082`.
2. Reinstall dependencies: `yarn kbn bootstrap`.
3. See output of ESLint. There should be no errors.
4. Test below cases.
### Test cases
#### `no-restricted-eui-imports`
Example files:
- JSON imports: `src/platform/packages/shared/kbn-ui-theme/src/theme.ts`
- `@kbn/ui-theme`:
`src/platform/plugins/private/vis_types/vega/public/data_model/utils.ts`
#### `no-css-color`
Example file:
`src/platform/plugins/shared/kibana_react/public/page_template/no_data_page/no_data_card/elastic_agent_card.tsx:50`
#### `prefer-css-attribute-for-eui-components`
Example file:
`x-pack/examples/alerting_example/public/alert_types/always_firing.tsx:166`
Related to https://github.com/elastic/kibana/pull/216397
Closes https://github.com/elastic/kibana/issues/216763
This change ensures that we do not send the `release` request and
`extendTtl` request simultaneously in `withLock`. This caused a conflict
causing tests to fail:
```
└-> "before all" hook for "should return the result of the callback"
│ERROR Failed to release lock "my_lock_with_ttl_extension": version_conflict_engine_exception
│ Root causes:
│ version_conflict_engine_exception: [my_lock_with_ttl_extension]: version conflict, required seqNo [43], primary term [1]. current document has seqNo [44] and primary term [1]
```
Flaky tests:
https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/8142
## 📓 Summary
Closes#215887
Until the access to dotted fields is not supported, we'll warn the user
about the unreliability of the simulation outcome when using those
fields in processor. configurations.
The unsupported fields that will make the warning appear are derived by
the sample docs, deriving a list of existing fields that have some
nested dot-separated field names.
https://github.com/user-attachments/assets/46228821-601c-4a32-995c-1699be6c4ce3
## 🧪 Test
To reproduce it, ingest docs manually with
```tsx
POST logs-mytest.otel-default/_doc
{
"body": {
"text": "This is the message"
},
"severity_text": "WARN",
"resource": {
"attributes": {
"host.name": "my-host",
"host.arch": "arm"
}
}
}
```
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Mike Birnstiehl <114418652+mdbirnstiehl@users.noreply.github.com>
## Summary
~**DO NOT MERGE:** depends on
https://github.com/elastic/kibana/issues/213468~
This PR reintegrates the work from the `workchat_m1` branch into `main`:
- introduces a 4th solution type, `chat`, that will be used for the
*WorkChat* project type.
- edit things in various platform code to introduce/handle that new
project type
- add plugins and packages for the workchat app.
### To AppEx reviewers:
File change count is scary, but you can safely ignore anything from
`xpack/solutions/chat` (given it's solution code), and focus on your
owned changes, which are way more reasonable
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Joe McElroy <joseph.mcelroy@elastic.co>
Co-authored-by: Rodney Norris <rodney.norris@elastic.co>
Co-authored-by: Jedr Blaszyk <jedrazb@gmail.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Co-authored-by: Meghan Murphy <meghan.murphy@elastic.co>
## Summary
Fix part of #214593
This PR fixes the Metric chart side of the `Collapse by` problem.
In shorts:
* The `Collapse by` control disappears when the primary metric is not
numeric
* while the UI hides it the state still holds it.
* the `toExpression` is responsible to evaluate the current state and
find if `collapseFn` is compatible before adding it
* The `Collapse by` control has moved into the Data section of the
panel, aligning the Metric chart to the rest
<img width="1057" alt="Screenshot 2025-04-01 at 18 57 31"
src="https://github.com/user-attachments/assets/1d441329-3611-4452-a40d-54ea25964166"
/>
<img width="1056" alt="Screenshot 2025-04-01 at 18 57 12"
src="https://github.com/user-attachments/assets/66111c2a-957d-44dc-8361-45300df99662"
/>
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Tests added in https://github.com/elastic/kibana/pull/216397 are failing
on MKI. Skipping temporarily in the affected environment
### Error
```
└- ✖ fail: Serverless Observability - Deployment-agnostic API integration tests observability AI Assistant LockManager Basic lock operations acquires the lock when not held
│ ResponseError: security_exception
│ Root causes:
│ security_exception: action [indices:admin/create] is unauthorized for user [testing-internal] with effective roles [superuser] on restricted indices [.kibana_locks-000001], this action is granted by the index privileges [create_index,manage,all]
```
### Root cause
```ts
const es = getService('es');
es.deleteByQuery({ index: '.kibana_locks-000001', query: { match_all: {} }});
```
`native-hdr-histogram` is a native module and its prebuilds are failing
the bootstrap on macos machines during bootstrap since early today.
Its usage its contained in a single dev package and therefore this PR
attempts to port into `hdr-histogram-js`.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Depends on https://github.com/elastic/kibana/pull/216052 being merged.
---
This is a follow-up PR based on @dmlemeshko's
[comment](https://github.com/elastic/kibana/pull/216052/files#r2015868889).
This PR introduces the following changes:
* Adds tests to all Scout CLI commands: `discover-playwright-configs`,
`run-tests`, `start-server`
* Some of the tests verify that this change works correctly:
https://github.com/elastic/kibana/pull/216052
* For each command file it separates the `run` function from the
`Command` itself to make the `run` handler easier to test.
### Bonus: code coverage
The `Command`s itself aren't tested (which explains the uncovered lines
below) - happy to receive your feedback on this.
| File | % Stmts | % Branch | % Funcs | % Lines | Uncovered Line #s
|----------------------------------------------------------------------------------------|---------|----------|---------|---------|------------------------------------------------------------------------------------
| platform/packages/shared/kbn-scout/src/cli | 91.89 | 78.57 | 66.66 |
91.89 |
| config_discovery.ts | 95.65 | 90 | 80 | 95.65 | 88
| run_tests.ts | 85.71 | 50 | 50 | 85.71 | 44
| start_server.ts | 85.71 | 50 | 50 | 85.71 | 34
### Try it out locally
```shell
yarn test:jest --config src/platform/packages/shared/kbn-scout/jest.config.js --coverage
```
# @kbn/profiler-cli
Profile Kibana while it's running, and open the CPU profile in
Speedscope.
## Usage
Run a command by either preceding it with the profiler script:
`node scripts/profile.js -- $command`
Or by piping it in:
`$command | node scripts/profile.js`
You can also just run it until SIGINT:
`node scripts/profile.js`
Or with a timeout:
`node scripts/profile.js --timeout=10000`
## Examples
### Commands
You can copy a curl request from the browser, and place it after the
command:
`node scripts/profile.js --connections=10 --amount=50 -- curl ...`
You can also use stdin for this, for example:
`pbpaste | node scripts/profile.js`
When using stdin, take into consideration that there is some lag between
starting the script and connecting the profiler, so the profiler might
miss the first second or so of the running process.
You can also use any other command, like `autocannon`, `sleep` or
`xargs`.
### SigInt
By default, the profiler will run until the process exits:`node
scripts/profile.js`. This is useful when you have a long running process
running separately and you want to collect the profile over a longer
time period. Be aware that this might cause memory issues because the
profile will get huge. When you press Cmd+C, the profiler will
gracefully exit and first write the profile to disk and open Speedscope.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Closes https://github.com/elastic/obs-ai-assistant-team/issues/238
This introduces a lightweight library for managing distributed locks
using Elasticsearch. It lets developers coordinate operations across
multiple Kibana instances by ensuring that only one client holds a given
lock at a time. The library uses an Elasticsearch index with TTL-based
locks.
Usage:
```ts
const lockManagerService = new LockManagerService(coreSetup, logger);
lockManagerService.withLock('my_lock', () => {
// perform operation
});
```
## Summary
Refactors `runExecutors` to take a `SecurityAlertType` instead of an
alerting framework `RuleType` and moves the logic to convert the
`SecurityAlertType` into a `RuleType` into `runExecutors`. This makes
the signature of `runExecutors` much simpler and reduces a lot of the
duplication in the `switch` below.
## Summary
Skips license checking test in FIPS mode. FIPS runs with the platinum
license so having a test which asserts `basic` causes the CI to fail.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
## Summary
Resolves: https://github.com/elastic/response-ops-team/issues/258
Related Issue: https://github.com/elastic/kibana-team/issues/1173
Based on the issue outlining E&C's deprecated ES usages for 9.0, it
seems like we're mostly fine to proceed with the upgrade. The only issue
that was found was the usage of a `.` pre-fixed index used in the E2E
test that triggered the `index name [.kibana-alerting-test-data] starts
with a dot '.', in the next major version, index names starting with a
dot are reserved for hidden indices and system indices` warning message.
The solution is to simply remove the `.` prefix in our tests.
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Co-authored-by: Mike Côté <mikecote@users.noreply.github.com>
## Summary
This PR adds the Permission Denied screen to the Asset Inventory
onboarding to handle users with insufficient privileges attempting to
enable the entity store. It currently relies on the same mechanisms and
reuses the same callout message used by the Entity Store page.
this pr also updates the following:
- update texts on the get started and initializing screens to match the
latest updates
- update the MissingPrivilegesCallout component to allow displaying full
message instead of line clamping
- adds MissingPrivilegesCallout unit tests
## Screenshots
<img width="1551" alt="image"
src="https://github.com/user-attachments/assets/4bde6f6f-8feb-49da-a8e0-c68e324cb782"
/>
## Summary
Resolves#214260
<img width="1416" alt="Screenshot 2025-03-31 at 11 26 56 PM"
src="https://github.com/user-attachments/assets/d2e048b6-dddd-4127-b551-5a2aae57dbe4"
/>
This PR merges the outdated SLO view with the new SLO management table.
As part of the implementation of the issue, useState hooks have been
replaced with url state management hooks, and the SLO definition API has
been updated to provide the user with the option to pull either outdated
or current definitions. By not providing this value, the user will
receive all definitions.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Change telemetry codeowners entry from platform-analytics to
kibana-telemetry. This somewhat expanded github team will notify
correctly while including more reviewers across orgs. Expands on change
from #214572
cc @elastic/platform-analytics
## Summary
https://github.com/user-attachments/assets/d83e79af-f369-48ab-b7cb-1853086e7ec1
As a part of implementing new Findings Flyout, we are updating the way
we render Findings Flyout in Findings page.
This PR addresses that by using Expandable Flyout API hooks to handle
which Flyout to render, previously we just render the flyout directly
without using hooks
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Paulo Silva <paulo.henrique@elastic.co>
This change reproduces the asciidoc change made in
https://github.com/elastic/kibana/pull/209403 into the new API docs.
It'll be picked up the next time the API docs output is generated and
refreshed.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
- Unskips the Space awareness FTR tests. Unclear why they were failing
and logs did not provide much information.
- added some minor info. logs to the data loading part
Closes#203898
## Summary
This PR fixes a flaky test practice that was causing issues in 7.17
branch.
The flakiness was introduced long ago when the choosen method to
update/add more content to the Vega Spec was done by manually clicking
in the Vega spec editor the left border (where the editor shows the line
numbers) to select all the text in the editor and go to the last line
but a char before the end of the text (right before the closing
bracket).
The failure highlighted by
https://github.com/elastic/kibana/issues/213646 where caused the added
`config` text positioned in the wrong line/column due to the Konami Code
like type of functional test operation.
The fix instead provides a more robust method: it takes the written text
in the editor, parse it to JSON, update the JSON and write it back again
to the editor.
Will fix the issue https://github.com/elastic/kibana/issues/213646 when
backported to 7.17.
## Summary
There is a bug in kibana 8.17, where no transaction marks are shown in
the APM's transaction waterfall ui.
The marks are stored in the field `transaction.marks.agent` of
documents, but kibana apm server is querying `transaction.agent.marks`.
This PR fixes the field name.
I also added `span.id` in the query source to include the marks in the
response, even if there is no `span.links` in the transaction info.
(I found the case from RUM data with `transaction.marks.agent` but
without `span.links`, so that the response does not include marks
because there is no `source` field in the query result)
I am not sure if it's the right way to fix it, as i have no
understanding about the relationsip between `transaction.marks.agent`
and `span.links`, so this PR is more like a bug report.
### Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
- [ ] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)
- [ ]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] If a plugin configuration key changed, check if it needs to be
allowlisted in the cloud and added to the [docker
list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)
- [ ] This was checked for breaking HTTP API changes, and any breaking
changes have been approved by the breaking-change committee. The
`release_note:breaking` label should be applied in these situations.
- [ ] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
- [ ] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
### Identify risks
Does this PR introduce any risks? For example, consider risks like hard
to test bugs, performance regression, potential of data loss.
Describe the risk, its severity, and mitigation for each identified
risk. Invite stakeholders and evaluate how to proceed before merging.
- [ ] [See some risk
examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)
- [ ] ...
None
Closes#214558
### Summary
When fetching details for the Span Links flyout, it is possible that the
parent span has not yet been ingested, resulting in an 'Unknown' service
name which might be misleading to users. To avoid confusion, we decided
to add tooltip to the icon with explanation.
<img width="2558" alt="image"
src="https://github.com/user-attachments/assets/9e29544b-28df-43b2-9987-24c6d90c481e"
/>
### How to test:
- use edge-oblt data
- in Applications go to `accountingservice` service
- select `orders receive` transaction
- in trace waterfall click `Span Links` button
## 📓 Summary
These changes lift the check against the definition existence and
narrows its value for the react context consumers.
It also fixes reduntant requests for the AI connectors used for the grok
parsing suggestions.
@flash1293 I'd expect to use the AI capabilities across more places for
the enrichment experience, we should probably lift the AI capabilities
as part of the page initialization at a certain point, although it's not
needed yet 👌
**Partially resolves: #211808**
## Summary
This is the first part of the migration effort, containing changes for:
- CRUD endpoints
- BULK Actions
- Export / Import Rule
- Find Rule
- List Tags
- Get Status
- Install Rule
I migrated the examples and the description of the fields. Some of the
fields contained description that was very similar to the legacy, then I
didn't change it. I only modified the descriptions where it was
valuable.
I also discovered some problems. For example the value for the 'query'
field, always shows 'EQL query to execute'. I reported this to the docs
team, in the 'next-api-reference' channel.
Another issue was with 'related_integrations field', which also didn't
show the long description. I also wrote about it to the docs team
[here](https://elastic.slack.com/archives/C05UL5YC06B/p1740137094701209).
In this PR I decided to try moving the description one level up, where
it renders properly.
# Testing
1. cd x-pack/solutions/security/plugins/security_solution
2. yarn openapi:bundle:detections
3. Take the bundled file
(docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml)
and load it into bump.sh console to see the changes.
4. Compare the changes with the [Legacy
documentation](https://www.elastic.co/guide/en/security/current/rule-api-overview.html)
You can also use this [link](https://bump.sh/jkelas/doc/kibana_wip/)
where I deployed the generated bundled doc.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
This PR updates the evaluator function that compares LLM output to
predefined expected results. The update was needed after we agreed on a
more structured way of evaluating prompts and the insights they produce.
We now use three sets of expected paths:
* Required – paths that must always be returned
* Optional – paths that are nice to have but not mandatory
* Excluded – paths that should never appear in the LLM response
This structure is applied per-OS, and we’ve updated the LangSmith
examples accordingly.
The evaluator’s role is to compare these LangChain-side requirements to
the actual LLM output. It starts by validating that the structure
defined in the LangSmith Web UI matches what the code expects. It then
performs several checks: comparing the number of antivirus groups,
matching the returned groups to the expected ones, verifying the
presence of required and optional paths, and flagging any unexpected
results. The final score reflects how many of these checks passed.
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| docker.elastic.co/wolfi/chainguard-base | digest | `c4e10ec` ->
`29150cd` |
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xMDcuMCIsInVwZGF0ZWRJblZlciI6IjM5LjEwNy4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJUZWFtOk9wZXJhdGlvbnMiLCJiYWNrcG9ydDpza2lwIiwicmVsZWFzZV9ub3RlOnNraXAiXX0=-->
Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com>
