Joe Reuter
de059eb516
🌊 Streams: Add experimental badge to nav entry ( #217819 )
...
This PR adds the experimental badge to the nav entry for streams (if
enabled)
<img width="343" alt="Screenshot 2025-04-10 at 12 47 22"
src="https://github.com/user-attachments/assets/765e0dd2-6ebd-4516-b024-ec207fcea43f "
/>
We also render a tech preview badge in the classic observability sub
nav:
<img width="224" alt="Screenshot 2025-04-10 at 12 52 04"
src="https://github.com/user-attachments/assets/c51210c0-056e-4ead-97ee-891e3fb6851f "
/>
Important to note: we don't render a badge in the classic main nav since
it's not supported there:
<img width="257" alt="Screenshot 2025-04-10 at 12 52 29"
src="https://github.com/user-attachments/assets/5a1fb3c8-88dd-49c9-bade-82965f367e46 "
/>
2025-04-10 15:10:53 +02:00
Marco Antonio Ghiani
03ee308036
[Streams 🌊 ] Fix privileges issues on routing ( #217793 )
...
## 📓 Summary
This work addresses the following issues on some stream management
pages:
- privileges...
- a user should still be able to reorder processors during a simulation,
even if doesn't have `manage` permissions to save it then.
- a user should be able to read an existing processor configuration,
even if doesn't have `manage` permissions to save it then.
- the "only simulate" routing tooltip was shown always, even when
creating a child stream is possible.
- a toast error was shown on streams re-ordering even if everything was
saved correctly:
<img width="2090" alt="Screenshot 2025-04-10 at 11 07 02"
src="https://github.com/user-attachments/assets/9838b2dd-3c0d-406f-a989-337a832d7131 "
/>
2025-04-10 15:08:25 +02:00
David Sánchez
08fc18b155
[Security Solution][Defend Workflows] Changes owner of osquery types ( #217633 )
...
## Summary
Updates CODEOWNERS file to move osquery types ownership to Defend
Workflows team.
Copy of: https://github.com/elastic/kibana/pull/217111
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
2025-04-10 14:59:15 +02:00
Cristina Amico
f87cf9c8b4
[Fleet] Add msi installer command for fleet server and agents ( #217217 )
...
Closes https://github.com/elastic/kibana/issues/206629
## Summary
Added MSI windows commands for fleet server, managed agents and
standalone agents.
Docs about this type of install are
[here](https://www.elastic.co/guide/en/fleet/8.17/install-agent-msi.html )
### Testing
- Add a fleet server and verify that there is a new platform type
`Windows MSI`
- It should be available also for elastic agents, both managed and
standalone
<img width="793" alt="Screenshot 2025-04-04 at 16 34 04"
src="https://github.com/user-attachments/assets/59cf5ea8-566d-4488-9a56-8ec2e9a1f3de "
/>
<img width="764" alt="Screenshot 2025-04-04 at 16 45 00"
src="https://github.com/user-attachments/assets/0d0f9b51-0982-41a4-a32f-02a46b75e5a4 "
/>
<img width="784" alt="Screenshot 2025-04-04 at 17 21 34"
src="https://github.com/user-attachments/assets/3dfd0c25-c9f8-47bf-bc3d-e9c9ff9c5417 "
/>
### Checklist
- [ ] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing ), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md )
- [ ]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html )
was added for features that require explanation or tutorials
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html )
were updated or added to match the most common scenarios
---------
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
2025-04-10 14:26:16 +02:00
Konrad Szwarc
827199b8a1
[EDR Workflows] Automatic Troubleshooting feedback ( #217660 )
...
This PR adds a link to a survey users can take to provide feedback on
the insights feature. We're using `ela.st` shortened links, which also
allow us to monitor engagement.
The survey link should only be displayed once the user has received
results (insights). It should not be shown if the user hasn't performed
a scan yet or if no insights were returned.
When results are present
When no scan has been yet performed
When no insights were generated
2025-04-10 13:22:56 +02:00
Ignacio Rivas
95f80dac20
[UA] Remove enterprise search related code ( #217439 )
2025-04-10 12:41:15 +02:00
Sergi Romeu
6190ca8c14
[A11y][APM] Improve aria-label for correlations ( #217512 )
...
## Summary
Closes https://github.com/elastic/kibana/issues/194975
This PR improves the `aria-label` attributes in the latency correlations
page to add more context about the selected field.
2025-04-10 11:52:11 +02:00
Georgiana-Andreea Onoleață
47726988dc
[ResponseOps][Cases]Fix table layout in the add to existing case modal ( #217653 )
...
Closes https://github.com/elastic/kibana/issues/216582
## Summary
- increased column width to fit the `select` button
https://github.com/user-attachments/assets/64199991-c765-40e4-8d17-38cb6dfd16f6
2025-04-10 12:32:28 +03:00
Joe Reuter
9924886236
Remove .swn file ( #217795 )
...
This is a vim swap file I accidentally commited, let's get rid of it.
2025-04-10 11:23:22 +02:00
Ievgen Sorokopud
fc11ca94f5
[Attack Discovery][Scheduling] Attack Discovery scheduling rule management ( #12003 ) ( #216656 )
...
## Summary
Main ticket ([Internal
link](https://github.com/elastic/security-team/issues/12003 ))
To allow users to schedule Attack Discovery generations, we will use
either [Alerting
Framework](https://www.elastic.co/guide/en/kibana/current/alerting-getting-started.html ).
These changes add functionality to manage new alerts type - Attack
Discovery Schedule.
### Introduced endpoints
- **Create** AD scheduling rule route: `POST
/internal/elastic_assistant/attack_discovery/schedules`
- **Read/Get** AD scheduling rule by id route: `GET
/internal/elastic_assistant/attack_discovery/schedules/{id}`
- **Update** AD scheduling rule by id route: `PUT
/internal/elastic_assistant/attack_discovery/schedules/{id}`
- **Delete** AD scheduling rule by id route: `DELETE
/internal/elastic_assistant/attack_discovery/schedules/{id}`
- **Enable** AD scheduling rule by id route: `POST
/internal/elastic_assistant/attack_discovery/schedules/{id}/_enable`
- **Disable** AD scheduling rule by id route: `POST
/internal/elastic_assistant/attack_discovery/schedules/{id}/_disable`
- **Find** all existing AD scheduling rules route: `GET
/internal/elastic_assistant/attack_discovery/schedules/_find`
## NOTES
The feature is hidden behind the feature flag:
> xpack.securitySolution.enableExperimental:
['assistantAttackDiscoverySchedulingEnabled']
## cURL examples
<details>
<summary>Create AD scheduling rule route</summary>
```curl
curl --location 'http://localhost:5601/internal/elastic_assistant/attack_discovery/schedules ' \
--header 'kbn-xsrf: true' \
--header 'elastic-api-version: 1' \
--header 'x-elastic-internal-origin: security-solution' \
--header 'Content-Type: application/json' \
--data '{
"name": "Test Schedule",
"schedule": {
"interval": "10m"
},
"params": {
"alertsIndexPattern": ".alerts-security.alerts-default",
"apiConfig": {
"connectorId": "gpt-4o",
"actionTypeId": ".gen-ai"
},
"end": "now",
"size": 100,
"start": "now-24h"
}
}'
```
</details>
<details>
<summary>Read/Get AD scheduling rule by id route</summary>
```curl
curl --location 'http://localhost:5601/internal/elastic_assistant/attack_discovery/schedules/{id} ' \
--header 'kbn-xsrf: true' \
--header 'elastic-api-version: 1' \
--header 'x-elastic-internal-origin: security-solution'
```
</details>
<details>
<summary>Update AD scheduling rule by id route</summary>
```curl
curl --location --request PUT 'http://localhost:5601/internal/elastic_assistant/attack_discovery/schedules/{id} ' \
--header 'kbn-xsrf: true' \
--header 'elastic-api-version: 1' \
--header 'x-elastic-internal-origin: security-solution' \
--header 'Content-Type: application/json' \
--data '{
"name": "Test Schedule - Updated",
"schedule": {
"interval": "123m"
},
"params": {
"alertsIndexPattern": ".alerts-security.alerts-default",
"apiConfig": {
"connectorId": "gpt-4o",
"actionTypeId": ".gen-ai"
},
"end": "now",
"size": 35,
"start": "now-24h"
},
"actions": []
}'
```
</details>
<details>
<summary>Delete AD scheduling rule by id route</summary>
```curl
curl --location --request DELETE 'http://localhost:5601/internal/elastic_assistant/attack_discovery/schedules/{id} ' \
--header 'kbn-xsrf: true' \
--header 'elastic-api-version: 1' \
--header 'x-elastic-internal-origin: security-solution'
```
</details>
<details>
<summary>Enable AD scheduling rule by id route</summary>
```curl
curl --location --request POST 'http://localhost:5601/internal/elastic_assistant/attack_discovery/schedules/{id}/_enable ' \
--header 'kbn-xsrf: true' \
--header 'elastic-api-version: 1' \
--header 'x-elastic-internal-origin: security-solution'
```
</details>
<details>
<summary>Disable AD scheduling rule by id route</summary>
```curl
curl --location --request POST 'http://localhost:5601/internal/elastic_assistant/attack_discovery/schedules/{id}/_disable ' \
--header 'kbn-xsrf: true' \
--header 'elastic-api-version: 1' \
--header 'x-elastic-internal-origin: security-solution'
```
</details>
<details>
<summary>Find all existing AD scheduling rules route</summary>
```curl
curl --location 'http://localhost:5601/internal/elastic_assistant/attack_discovery/schedules/_find ' \
--header 'kbn-xsrf: true' \
--header 'elastic-api-version: 1' \
--header 'x-elastic-internal-origin: security-solution'
```
</details>
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
2025-04-10 11:03:04 +02:00
Konrad Szwarc
387e2d95ec
[EDR Workflows] Extend Defend Insights telemetry events to include new fields. ( #216967 )
...
This PR introduces a new event type,
`endpoint_workflow_insights_remediated_event`, and extends some of the
existing ones. The goal is to enable better monitoring of the **Defend
Insights** feature usage.
### Event Types
- **`defend_insight_success`** – Sent when the Scan button triggers an
API call and an insight is successfully created. This carries most of
the valuable data, such as result contents, duration, etc.
- **`endpoint_workflow_insights_remediated_event`** – Sent when a
Trusted App is added as a result of an insight, and that insight is
marked as remediated.
- **`defend_insight_error`** – Sent when insight generation fails and no
results are returned.
### Data sent to telemetry
**`defend_insight_error`**
```
actionTypeId – Kibana connector type
errorMessage – Error message from ES/LLM
model – LLM model
provider – Model provider
```
**`endpoint_workflow_insights_remediated_event`**
```
insightId – The ID of the action that was sent to the endpoint (currently unused)
```
**`defend_insight_success`**
```
actionTypeId – Kibana connector type
eventsContextCount – Number of events sent as context to the LLM
insightsGenerated – Number of Defend insights generated
durationMs – Duration of the request in milliseconds
model – LLM model
provider – Model provider
insightType – Type of Defend insight (e.g., incompatible-antivirus)
insightsDetails – Details of the generated insights (e.g., ["ClamAV", "Avast"])
```
2025-04-10 10:37:20 +02:00
Gerard Soldevila
4ca5e062f7
SKA: Make src/test plugins part of platform ( #217715 )
...
## Summary
This is needed by https://github.com/elastic/kibana/pull/216088 , in
order to enable these plugins on CI for FTR tests.
2025-04-10 10:33:31 +02:00
Robert Stelmach
8df83d2716
[Dataset Quality] Add 'source' and 'target' fields to 'Dataset Quality Navigated' event ( #217575 )
2025-04-10 10:13:46 +02:00
Stratoula Kalafateli
15d3e26678
[ES|QL] Allows editing values ( #217780 )
...
## Summary
My refactor caused a bug, in editing the button wasn't active. This PR
is fixing it
<img width="1649" alt="image"
src="https://github.com/user-attachments/assets/4da7eace-8b44-49a6-b3a5-9908ce16b63b "
/>
2025-04-10 10:10:46 +02:00
Philippe Oberti
579dbae6a1
[AI4DSOC] Alert summary table setup ( #216744 )
...
## Summary
This PR adds the foundation for the table in the AI for SOC alerts
summary page.
These changes implement a new usage of the GroupedAlertTable component.
These are the functionalities implemented in this PR:
- default 3 options when opening the `Group alerts by` dropdown:
- Integration: grouping by `signal.rule.id` field
- Severity: grouping by `kibana.alert.severity`
- Rule name: grouping by `kibana.alert.rule.name`
- we have custom group title renderer:
- for the group by Integration, we render the icon and the name of the
integration if found, or we fallback to the `signal.rule.id` value
- for the others we use the same code as the default GroupedAlertTable
- we have custom group statistics:
- for Integration we show severities, rules and alerts
- for Severity we show integrations, rules and alerts
- for Rules we show integrations, severities and alerts
- for everything else we show integrations, severities, rules and alerts
#### Here a video showing default grouping on the alert summary page
https://github.com/user-attachments/assets/43694969-8b43-4451-8f51-00622178ddf5
#### And another one showing custom fields and page refresh
https://github.com/user-attachments/assets/7b8d1047-4704-4149-a481-19721a381154
## Notes
Follow PRs will tackle custom column titles, cell renderers, row
actions... for the table (wip
[here](https://github.com/elastic/kibana/pull/217124 )).
Mocks for reference:
https://www.figma.com/design/DYs7j4GQdAhg7aWTLI4R69/AI4DSOC?node-id=3284-69401&p=f&m=dev
## How to test
This needs to be ran in Serverless:
- `yarn es serverless --projectType security`
- `yarn serverless-security --no-base-path`
You also need to enable the AI for SOC tier, by adding the following to
your `serverless.security.dev.yaml` file:
```
xpack.securitySolutionServerless.productTypes:
[
{ product_line: 'ai_soc', product_tier: 'search_ai_lake' },
]
```
Use one of these Serverless users:
- `platform_engineer`
- `endpoint_operations_analyst`
- `endpoint_policy_manager`
- `admin`
- `system_indices_superuser`
Then:
- generate data: `yarn test:generate:serverless-dev`
- create 4 catch all rules, each with a name of a AI for SOC integration
(`google_secops`, `microsoft_sentinel`,, `sentinel_one` and
`crowdstrike`)
- change [this
line](https://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/security_solution/public/detections/hooks/alert_summary/use_fetch_integrations.ts#L73 )
to `installedPackages: availablePackages` to force having some packages
installed
- change [this
line](https://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/security_solution/public/detections/hooks/alert_summary/use_integrations.ts#L63 )
to `r.name === p.name` to make sure there will be matches between
integrations and rules
### Checklist
- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing ), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md )
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html )
were updated or added to match the most common scenarios
https://github.com/elastic/security-team/issues/11973
2025-04-10 08:52:14 +02:00
Kibana Machine
c2de4d02cf
[api-docs] 2025-04-10 Daily api_docs build ( #217777 )
...
Generated by
https://buildkite.com/elastic/kibana-api-docs-daily/builds/1038
2025-04-10 08:22:12 +02:00
Kibana Machine
cb0202e8c9
skip failing test suite ( #217739 )
2025-04-10 01:02:07 +02:00
Quynh Nguyen (Quinn)
e2f09452cc
[AI Assistant] Fix error creating an AI connector in Observability AI Assistant ( #217740 )
...
## Summary
This PR fixes https://github.com/elastic/kibana/issues/207912 , which
causes error when creating an AI connector in Observability AI Assistant
Before:
After:
<img width="1150" alt="image"
src="https://github.com/user-attachments/assets/f53b2c35-3e6e-4e45-ba24-907e6b55cf03 "
/>
https://github.com/user-attachments/assets/f3f96f75-577f-421c-aeb7-de4ce9d234e9
### Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
- [ ] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing ), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md )
- [ ]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html )
was added for features that require explanation or tutorials
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html )
were updated or added to match the most common scenarios
- [ ] If a plugin configuration key changed, check if it needs to be
allowlisted in the cloud and added to the [docker
list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker )
- [ ] This was checked for breaking HTTP API changes, and any breaking
changes have been approved by the breaking-change committee. The
`release_note:breaking` label should be applied in these situations.
- [ ] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1 ) was
used on any tests changed
- [ ] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process )
### Identify risks
Does this PR introduce any risks? For example, consider risks like hard
to test bugs, performance regression, potential of data loss.
Describe the risk, its severity, and mitigation for each identified
risk. Invite stakeholders and evaluate how to proceed before merging.
- [ ] [See some risk
examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx )
- [ ] ...
2025-04-09 15:54:30 -06:00
Dima Arnautov
70c817db22
Connectors: Filter inference connectors without existing endpoints ( #217641 )
...
## Summary
Updated the `getAll` method in the actions client to exclude inference
connectors that lack inference endpoints.
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html )
were updated or added to match the most common scenarios
- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process )
2025-04-09 23:15:38 +02:00
Xavier Mouligneau
b28cc66c3e
[CLOUD] Fix get internal/cloud/solution to send 500 ( #217707 )
...
## Summary
This API was returning a 500 error because the saved object type did not
exist. To avoid that, if the saved object type cannot be found, we will
return a "Not Found" response instead.
<img width="798" alt="image"
src="https://github.com/user-attachments/assets/9ef78e59-4253-401b-9f29-52c3b1563884 "
/>
### Checklist
Check the PR satisfies following conditions.
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html )
were updated or added to match the most common scenarios
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
2025-04-09 15:35:57 -04:00
Matthew Kime
b542a760cf
[index mgmt] Fix preview of index templates which are used by data streams ( #217604 )
...
## Summary
Fixes error message when attempting to preview an index template which
is used by a data stream.
When previewing a saved index template, a index template name and index
pattern were provided. If the index pattern didn't match data streams
that relied on the index template (and they never did) an error would be
shown. As it turns out, supplying the index pattern was entirely
unnecessary. This PR simply removes the index pattern from the api call
and adds a test to make sure that preview functionality works when index
templates match data streams.
Follow up to https://github.com/elastic/kibana/pull/195174
Closes https://github.com/elastic/kibana/issues/212781
2025-04-09 12:29:12 -05:00
Kevin Delemme
b6de659199
fix(slo): search bar filters ( #217702 )
2025-04-09 18:49:54 +02:00
Coen Warmer
46b4e1fc6d
Add support for wrapping elements in eslint-plugin-eui-a11y plugin ( #216339 )
...
## Summary
Adds support for wrapping elements.
| Code | Turns into |
|--------|--------|
| <img width="764" alt="Screenshot 2025-04-01 at 09 25 09"
src="https://github.com/user-attachments/assets/9b5d2743-3b61-4d21-b726-0a0be9539d99 "
/> | <img width="827" alt="Screenshot 2025-04-01 at 09 25 20"
src="https://github.com/user-attachments/assets/9879d1cb-e22f-4c80-a666-001b273d6d7d "
/>
| <img width="744" alt="Screenshot 2025-04-01 at 09 25 54"
src="https://github.com/user-attachments/assets/c4320ff8-baa2-4fcc-9b3c-f7ab86c1cb23 "
/> | <img width="838" alt="Screenshot 2025-04-01 at 09 26 07"
src="https://github.com/user-attachments/assets/d81a1232-a643-4775-ac83-a1a97bcbc528 "
/> |
**Message**
<img width="804" alt="Screenshot 2025-03-25 at 13 59 36"
src="https://github.com/user-attachments/assets/8eaa2f54-aee6-4828-b1d5-15d4d2bfb4c0 "
/>
**Exceptions**
If elements have a `aria-label`, `aria-labelledby` or `label`, they are
not flagged.
**Autofix suggestion**
- autofixes are translated with `i18n.translate`
- if `i18n` is not imported yet, an import statement is added
- If a `placeholder` prop is found, it uses that as the `i18n.translate`
default message for `aria-label`
- If the element has children, it uses the text value of the children as
the default message for the `i18n.translate` default message for
`aria-label`
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Milosz Marcinkowski <38698566+miloszmarcinkowski@users.noreply.github.com>
2025-04-09 18:16:00 +02:00
Jacek Kolezynski
9d659b76dd
[Security Solution] Improving documentations for bulk_actions ( #216852 )
...
**Resolves: https://github.com/elastic/security-docs/issues/3019 **
## Summary
In this PR I am improving documentation for the bulk_actions endpoint.
The focus is on improving descriptions of parameters and providing
examples for all important situations, especially setting / adding
actions.
# Testing
1. cd x-pack/solutions/security/plugins/security_solution
2. yarn openapi:bundle:detections
3. Take the bundled file
(docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml)
and load it into bump.sh console to see the changes.
4. Compare the changes with the [Legacy
documentation](https://www.elastic.co/guide/en/security/current/rule-api-overview.html )
You can also use this [link](https://bump.sh/jkelas/doc/kibana_wip/ )
where I deployed the generated bundled doc.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
2025-04-09 18:03:19 +02:00
Brad White
b6907a54d8
[FIPS][Build] Add Cloud FIPS ARM artifacts ( #217380 )
...
## Summary
Closes #217355
[Test
run](https://buildkite.com/elastic/kibana-artifacts-snapshot/builds/5927#_ )
in the artifact pipeline. Then tested the ARM Cloud FIPS on an ARM GCP
instance.
2025-04-09 09:55:03 -06:00
Tiago Costa
c2774e3e7d
skip flaky suite ( #217357 )
2025-04-09 16:39:56 +01:00
Tiago Costa
87f2948550
skip flaky suite ( #217356 )
2025-04-09 16:39:35 +01:00
Tiago Costa
b07d32403c
skip flaky suite ( #209911 )
2025-04-09 16:35:40 +01:00
Kibana Machine
347e1037a2
skip failing test suite ( #216512 )
2025-04-09 17:33:17 +02:00
Lisa Cawley
c2b76a9813
Add APM UI API examples ( #212317 )
...
Co-authored-by: Bryce Buchanan <75274611+bryce-b@users.noreply.github.com>
2025-04-09 08:23:18 -07:00
Alex Szabo
5c68342cea
Skip flaky suite: https://github.com/elastic/kibana/issues/217668 ( #217676 )
...
## Summary
Skips recently failing test suite:
https://github.com/elastic/kibana/issues/217668
2025-04-09 17:22:47 +02:00
Melissa Alvarez
d99e258925
Update preconfigured connector name ( #217570 )
...
## Summary
Update Preconfigured connector name to `Elastic Managed LLM`.
### Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
- [ ] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing ), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md )
- [ ]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html )
was added for features that require explanation or tutorials
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html )
were updated or added to match the most common scenarios
- [ ] If a plugin configuration key changed, check if it needs to be
allowlisted in the cloud and added to the [docker
list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker )
- [ ] This was checked for breaking HTTP API changes, and any breaking
changes have been approved by the breaking-change committee. The
`release_note:breaking` label should be applied in these situations.
- [ ] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1 ) was
used on any tests changed
- [ ] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process )
### Identify risks
Does this PR introduce any risks? For example, consider risks like hard
to test bugs, performance regression, potential of data loss.
Describe the risk, its severity, and mitigation for each identified
risk. Invite stakeholders and evaluate how to proceed before merging.
- [ ] [See some risk
examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx )
- [ ] ...
2025-04-09 09:15:11 -06:00
Christiane (Tina) Heiligers
50ddab4418
[Unzyme] src/core/packages/apps ( #217599 )
...
## Summary
Fix https://github.com/elastic/kibana/issues/217589
Related to #217387
Migrates `metric_tiles` and `status_table` unit tests from `enzyme`
snapshot tests to explicit assertions using `RTL`. Explicit assertions
have the advantage of being more readable, targeted, reducing noise due
to unrelated changes (e.g. EUI updates) and to make debugging easier.
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html )
were updated or added to match the most common scenarios
2025-04-09 07:57:29 -07:00
Saikat Sarkar
8b6e73b462
[Playground chat] Change the text for Elastic LLM ( #217591 )
...
## Summary
This PR changes the name from **Elastic LLM** to **Elastic Managed LLM**
in the playground.
<img width="860" alt="Screenshot 2025-04-08 at 2 58 21 PM"
src="https://github.com/user-attachments/assets/2c92cab8-8e63-42e4-91db-b4fd05af4a0a "
/>
### Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
- [ ] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing ), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md )
- [ ]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html )
was added for features that require explanation or tutorials
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html )
were updated or added to match the most common scenarios
- [ ] If a plugin configuration key changed, check if it needs to be
allowlisted in the cloud and added to the [docker
list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker )
- [ ] This was checked for breaking HTTP API changes, and any breaking
changes have been approved by the breaking-change committee. The
`release_note:breaking` label should be applied in these situations.
- [ ] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1 ) was
used on any tests changed
- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process )
### Identify risks
Does this PR introduce any risks? For example, consider risks like hard
to test bugs, performance regression, potential of data loss.
Describe the risk, its severity, and mitigation for each identified
risk. Invite stakeholders and evaluate how to proceed before merging.
- [ ] [See some risk
examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx )
- [ ] ...
2025-04-09 08:51:32 -06:00
Tre
3917dbccd6
[SKIP ON MKI] .../build_dashboard.ts ( #217507 )
...
see details: https://github.com/elastic/kibana/issues/207097
2025-04-09 09:42:34 -05:00
Jedr Blaszyk
7951e7bca5
feat: workchat home screen ( #217650 )
...
## Summary
Workchat home screen.
Used avatars as agent icons, works pretty nice imo
conversation history limited to 10 in the right column.
<img width="1709" alt="Screenshot 2025-04-09 at 13 24 59"
src="https://github.com/user-attachments/assets/8f1fce7d-bace-4cd1-97de-0b0bc9c1b526 "
/>
### Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing ), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md )
- [ ]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html )
was added for features that require explanation or tutorials
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html )
were updated or added to match the most common scenarios
- [ ] If a plugin configuration key changed, check if it needs to be
allowlisted in the cloud and added to the [docker
list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker )
- [x ] This was checked for breaking HTTP API changes, and any breaking
changes have been approved by the breaking-change committee. The
`release_note:breaking` label should be applied in these situations.
- [ ] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1 ) was
used on any tests changed
- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process )
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
2025-04-09 16:39:40 +02:00
Drew Tate
7e35e92b4b
[ES|QL] validation and autocomplete for FORK ( #216743 )
...
## Summary
Part of https://github.com/elastic/kibana/issues/210339
Adds
- AST support
- Validation (mostly delegates validation to the subcommands)
- Autocomplete
https://github.com/user-attachments/assets/9fed4401-adf9-48b7-a43f-096e07054966
Also, reworked the `WHERE` replacement range logic, cleaning things up
and fixing small things to make it work within `FORK`.
### Formatting support
https://github.com/user-attachments/assets/3cf5960f-0daf-4339-ad8b-58b30ce86975
### Constraints
- Only one `FORK` command per query
<img width="847" alt="Screenshot 2025-04-04 at 10 43 23 AM"
src="https://github.com/user-attachments/assets/a3b3b5dc-4c86-498b-934c-68d3461f4a89 "
/>
- At least two branches per FORK command
<img width="737" alt="Screenshot 2025-04-04 at 10 51 35 AM"
src="https://github.com/user-attachments/assets/6bf921aa-7167-4791-a29a-66624d2cb75a "
/>
- Only supports `WHERE`, `SORT`, and `LIMIT` (currently)
<img width="816" alt="Screenshot 2025-04-04 at 10 52 39 AM"
src="https://github.com/user-attachments/assets/0fa286c9-9676-471c-93a4-b01ae42d0c6f "
/>
### Checklist
- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing ), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md )
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html )
were updated or added to match the most common scenarios
---------
Co-authored-by: Stratoula Kalafateli <efstratia.kalafateli@elastic.co>
2025-04-09 16:39:09 +02:00
Maryam Saeidi
1b10f35b3d
[Log threshold] Use dataViewLazy during rule execution ( #215306 )
...
## Summary
In this PR, we use dataViewLazy, which avoids calling _field_caps API
(this logic was introduced in this
[PR](https://github.com/elastic/kibana/pull/183694 )).
#### Questions
1. Do we need to call _field_caps API in the log threshold rule
executor? If yes, in which scenario?
No, we don't need to call _field_caps API in rule execution.
2. How to fix the type issues since DataViewLazy misses some fields that
exist in the DataView type.
We decided to use DataViewLazy everywhere on the server side but convert
it to an actual DataView on the client side due to the need for the
fields.
||Screenshot|
|---|---|
|Create||
|createDataViewLazy||
### 🧪 How to test
- Enable APM locally
```
elastic.apm.active: true
elastic.apm.transactionSampleRate: 1.0
elastic.apm.environment: username
```
- Create a log threshold rule and check its execution in
[traces](https://kibana-cloud-apm.elastic.dev/app/apm/traces?rangeFrom=now-15m&rangeTo=now )
filtered for your `username` as the environment. There should be one
with your rule name:
The timing for `_field_caps` would be more if you replace the
`createDataViewLazy` with the `create` function.
---------
Co-authored-by: Faisal Kanout <faisal.kanout@elastic.co>
2025-04-09 16:30:45 +02:00
Tim Sullivan
77523f7b15
NavigationItemOpenPanel: remove handling of landing page ("four squares" design) ( #210893 )
...
## Summary
Part of Epic: https://github.com/elastic/kibana-team/issues/1439
Requires: https://github.com/elastic/kibana/issues/212903
Changes:
1. Moves the Solution Side Nav away from the "four squares" design
pattern: where clicking the item label opens a landing page and the item
icon opens the secondary nav panel. This was a custom component
implemented in the Kibana package, not part of the EUI
`EuiCollapsibleNavBeta` component.
2. Changes some usage of `@emotion/css` to `@emotion/react` for better
developer experience
### Screenshots
<details><summary>Before</summary>
</details>
<details><summary>After</summary>
</details>
### Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html )
were updated or added to match the most common scenarios
- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process )
### Identify risks
Does this PR introduce any risks? For example, consider risks like hard
to test bugs, performance regression, potential of data loss.
Describe the risk, its severity, and mitigation for each identified
risk. Invite stakeholders and evaluate how to proceed before merging.
- [ ] This design pattern was only used in Security Solution. There is a
small risk of regression issues in Security Solution navigation. This
was mitigated by manual testing during development.
2025-04-09 07:25:30 -07:00
Sergi Romeu
a49dc03330
[A11y][APM] Improve aria-label for EuiCodeBlock on onboarding page ( #217292 )
...
## Summary
Fixes #195030
This PR adds `aria-label` with language context for `EuiCodeBlock` in
the APM onboarding page.
2025-04-09 15:55:12 +02:00
Elena Stoeva
b5a30054c7
[Console] Disable autocomplete suggestions inside scripts ( #216986 )
...
Fixes https://github.com/elastic/kibana/issues/212904
## Summary
This PR disables autocomplete suggestions if the curser is inside
scripts (triple-quote strings).
**How to test:**
Verify that there are no autocomplete suggestions when you place the
cursor inside the script in the request below:
```
POST _ingest/pipeline/_simulate
{
"pipeline": {
"processors": [
{
"script": {
"source":
"""
for (field in params['fields']){
if (!$(field, '').isEmpty()){
def value = $(field, '');
def hash = value.sha256();
// Now we need to traverse as deep as needed
// and write to that field
// because we do not have a simple
// set operation available
parts = field.splitOnToken('.');
}
}
""",
"params": {
"fields": [
"user.name",
"geo.city",
"does.not.exist",
"this.is.quite.a.deep.field"
]
}
}
}
]
}
}
```
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
2025-04-09 14:31:09 +01:00
Alejandro Fernández Haro
f833e09121
[Config stack compilation] Read inline security tier ( #217658 )
...
## Summary
I noticed that FTRs providing product tier's configuration didn't load
the configuration coming from the
`serverless.security.{productTier}.yml` files, which is a code smell
since we're not testing the real end product.
This PR makes sure to read the CLI options when deciding if a Security
product tier is selected.
Noticed while working on https://github.com/elastic/kibana/issues/215919
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html )
were updated or added to match the most common scenarios
2025-04-09 15:21:53 +02:00
Cristina Amico
a6308f3b66
[Fleet] Remove kibana_api_key from secrets and use encrypted field instead ( #217472 )
...
Part I of https://github.com/elastic/kibana/issues/217025
## Summary
`kibana_api_key` and `kibana_url` fields are part of remote ES outputs
and where added in https://github.com/elastic/kibana/pull/208516 .
Because of a change in the architecture of remote synced integrations
the secret field is not needed anymore: kibana can't read secrets
directly and fleet server (that can read them) won't be used.
- Remove the `secrets.kibana_api_key` field from remote outputs and
keeps only the `kibana_api_key`, registering it as an encrypted object.
- Remove these fields from full agent policy as they don't need to be
sent to fleet server/agents
- Replace the text field in the output flyout with a password field
<img width="793" alt="Screenshot 2025-04-08 at 15 18 26"
src="https://github.com/user-attachments/assets/4086b769-0a65-49d8-b93d-c51b38509497 "
/>
❗ The `secrets.kibana_api_key` secret field was added in
9.1.0 and the whole feature is under a feature flag so it should be safe
to remove it.
### Checklist
- [ ] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing ), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md )
- [ ]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html )
was added for features that require explanation or tutorials
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html )
were updated or added to match the most common scenarios
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
2025-04-09 14:54:39 +02:00
Gerard Soldevila
47eab38887
Improve modal_service Unit Test ( #216786 )
...
## Summary
Address https://github.com/elastic/kibana/issues/216785
2025-04-09 14:53:08 +02:00
Giorgos Bamparopoulos
411aa9928a
Update chart label when there are no docs ( #217569 )
...
Update chart label when there are no docs
Closes https://github.com/elastic/streams-program/issues/250
### Before
<img width="967" alt="image"
src="https://github.com/user-attachments/assets/2e26b631-4a8a-46a2-80d1-c29f77fec969 "
/>
### After
<img width="943" alt="image"
src="https://github.com/user-attachments/assets/5e2cd7a2-4624-4c3a-9968-4121198fd3df "
/>
2025-04-09 13:46:29 +01:00
Stratoula Kalafateli
751e44d5da
[ES|QL] Creates control by typing a questionmark ( #216839 )
...
## Summary
Closes https://github.com/elastic/kibana/issues/213877
Gives the users the ability to create a control by typing a ?
### Checklist
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html )
were updated or added to match the most common scenarios
2025-04-09 14:39:19 +02:00
Alejandro Fernández Haro
0e882dda8a
[ES 9.0] Remove body workaround (@elastic/kibana-management) ( #217220 )
...
## Summary
Follow up to https://github.com/elastic/kibana/pull/213375 : The latest
version of the ES client fixed the issue
https://github.com/elastic/elasticsearch-js/issues/2584 .
We should be able to remove all usages of `// @ts-expect-error
elasticsearch@9.0.0
https://github.com/elastic/elasticsearch-js/issues/2584 `.
2025-04-09 13:47:40 +02:00
Felix Stürmer
a76e2acaea
[Synthtrace] Fix id generator tests ( #216696 )
...
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
2025-04-09 13:33:53 +02:00
Milton Hultgren
53263fd9fc
[kbn/server-route-repository] Make security required ( #216196 )
...
To mirror the changes in https://github.com/elastic/kibana/pull/215180
2025-04-09 12:51:54 +02:00
Elena Shostak
4f79e2480a
[CodeQL] Set CODEQL_EXTRACTOR_JAVASCRIPT_OPTION_SKIP_TYPES for all branches ( #217647 )
...
## Summary
Set `CODEQL_EXTRACTOR_JAVASCRIPT_OPTION_SKIP_TYPES` for all branches by
default.
2025-04-09 10:48:59 +00:00
