## Summary
Adopted `BedrockChat` from `@langchain/community` package that adds
support for tools calling
https://js.langchain.com/v0.2/docs/integrations/chat/bedrock/
Adopted `ChatGoogleGenerativeAI ` from `@langchain/google-genai` package
that adds support for tools calling
https://js.langchain.com/v0.2/docs/integrations/chat/google_generativeai
Hidden behind FF:
`--xpack.securitySolution.enableExperimental=[assistantBedrockChat]`
As of this PR `integration_assistant` is still going to use
`ActionsClientSimpleChatModel`. After the FF will be enabled by default
we will switch `integration_assistant` to use new chat model.
Thank you @stephmilovic a ton 🙇
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Steph Milovic <stephanie.milovic@elastic.co>
Co-authored-by: Garrett Spong <spong@users.noreply.github.com>
This PR adds the `service.logs` dataset to Data Forge . The EEM project
needs this dataset to test the default service logs entity definition.
This dataset is different because I wanted to create a fully compliant
data stream. This change also includes changes to the name of the
default ingest pipeline to `logs@custom` to work with the `logs-*-*`
component templates and ingest pipelines. If a document has
`data_stream.dataset` it will now be routed to
`logs-${doc.data_stream.dataset}-default`. If the document has
`data_stream.type`, `data_stream.dataset`, and `data_stream.namespace`
it will be index to `{type}-{dataset}-{namespace}` following the default
data stream conventions.
Because I've changed the name of the ingest pipeline, I also had to
update the index templates for the other datasets.
### Testing
Use the following YAML:
```yaml
---
elasticsearch:
installKibanaUser: false
kibana:
installAssets: false
host: "http://localhost:5601/kibana"
indexing:
dataset: "service.logs"
eventsPerCycle: 100
interval: 10000
schedule:
- template: "good"
start: "now-1h"
end: false
eventsPerCycle: 100
```
Click on "Logs" under "Observability", you should see something like:
<img width="2048" alt="image"
src="https://github.com/user-attachments/assets/64837c5c-9380-4897-9ccc-acae313683ee">
To check the other data source, change `dataset` to `fake_stack`,
`fake_logs`, `fake_hosts` and check `event.ingested` is set on the
documents; none of these show up in the "Logs Explorer", you'll have to
check them out seperately via "Dev Console".
## Summary
Part of #187684.
This moves functions related to log rate changes to the
`@kbn/aiops_log_rate_analysis` package.
- `getLogRateAnalysisType` was renamed to
`getLogRateAnalysisTypeForHistogram` to indicate its use with histogram
data.
- `getLogRateAnalysisTypeForCounts` was added for cases where we don't
have the histogram data available but just the doc counts for baseline
an deviation time ranges. This isn't used yet as of this PR but will be
in a follow up in combination with the o11y AI assistant.
- `getSwappedWindowParameters` is a helper to consolidate inline code
that's used to swap baseline and deviation when we detected a dip in log
rate.
- Rounding for the log rate change messages was tweaked. Changes below
`10x` will now be rounded to one digit to avoid messages like `1x
increase`.
- Tweaked/Shortened the message for 0 in baseline or deviation to just
`45 up from 0 in baseline` / `down to 0 from 45 in baseline`.
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
## Summary
This PR closes https://github.com/elastic/kibana/issues/188171 by
converting the route validate to Zod for `get`, `reset`, and `delete`
APIs. This also changes the validation for the `create` API to use
`buildRouteValidationWithZod` along with adding `strict()` to each of
the schemas.
Closes https://github.com/elastic/elastic-entity-model/issues/103
---------
Co-authored-by: Kevin Lacabane <kevin.lacabane@elastic.co>
Runtime mappings need to be passed to the categorization request factory
function and the field validation function.
Initially they were excluded because we only allow pattern analysis on
text fields and it is not possible to create a text runtime field.
However it is possible to apply a filter which uses a runtime field and
doing so causes pattern analysis to fail.
@walterra I have not investigated log rate analysis' behaviour, in this
PR I have just updated the call to `createCategoryRequest` to pass
`undefined`
To test, create a runtime mapping in the data view. Use this in the
query bar or in a filter in Discover and ML's Log Pattern Analysis page.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Contributes to:
- https://github.com/elastic/security-team/issues/9954
The PR contains the base for the `DistributionBar` component to be used
in the new Entity Flyout Insights.
Not included:
- badges per distribution with the number of documents and pretty names
- on hover interaction
## Screenshots
<img width="980" alt="Screenshot 2024-07-17 at 15 13 48"
src="https://github.com/user-attachments/assets/f2ca53ee-c054-4923-aa3f-7dd4017754cb">
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
This PR is a follow up to #187901 – It restores the `await
queue.drain()` function call in the `createEvents()` method. Without the
`queue.drain()` call, the script will run out of memory when indexing
more than 24 hours of data because it will generate events faster than
the queue can drain them and eventually run out of memory.
This PR closes
https://github.com/elastic/elastic-entity-model/issues/116 by ensuring
that `destination` is always set when the schema is parsed along with
ensuring that if for some reason desitnation is not set, we fallback in
the actual metadata code as well. I also added a unit test for each of
the different `metadata` formats:
- String
- Object with only `source`
- Object with `source` and `limit`
- Object with `source`, `limit`, and `destination`
---------
Co-authored-by: Chris Cowan <chris@elastic.co>
Co-authored-by: Chris Cowan <chris@chriscowan.us>
Co-authored-by: Nathan L Smith <nathan.smith@elastic.co>
## Summary
This PR enables the automatic setup of the Knowledge Base and LangGraph
code paths for the `8.15` release. These features were behind the
`assistantKnowledgeBaseByDefault` feature flag, which will remain as a
gate for upcoming Knowledge Base features that were not ready for this
release.
As part of these changes, we now only support the new LangGraph code
path, and so were able to clean up the non-kb and non-RAGonAlerts code
paths. All paths within the `post_actions_executor` route funnel to the
LangGraph implementation.
> [!NOTE]
> We were planning to do the switch to the new
[`chat/completions`](https://github.com/elastic/kibana/pull/184485/files)
public API, however this would've required additional refactoring since
the API's slightly differ. We will make this change and delete the
`post_actions_executor` route for the next release.
### Checklist
Delete any items that are not applicable to this PR.
- [X] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [ ]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- Working with docs team to ensure updates before merging, cc
@benironside
- [X] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: Steph Milovic <stephanie.milovic@elastic.co>
## Summary
This change includes updates to the builtin service definition:
- removal of the high cardinality metadata fields until we have a
solution in place
- fetching of the metrics from the preaggregated apm metrics
- fixed metrics aggregations
- increased history transform frequency and delay to cover for delayed
ingestion
---------
Co-authored-by: Milton Hultgren <milton.hultgren@elastic.co>
Co-authored-by: Søren Louv-Jansen <sorenlouv@gmail.com>
## Summary
This PR adds a new setting, `indexing.artificialIndexDelay`, to the
indexing configuration to control how much artificial delay to add to
the timestamps. This PR also adds a "final" ingest pipeline to each data
source along with injecting a new base `component_template` which
includes the `event.ingested` field.
The artificial delay is useful for testing transforms on data that has a
significant delays. It also allows us to test if we miss data when
syncing on the transforms using `event.ingested`.
- Installs default ingest pipeline to add event.ingested to each
document
- Adds final_pipeline to each install_index_template
- Inject base component_template to each index_template at install time
- Add artificial delay for "current" events, historical events are
ingested without delay.
- Change index math to produce monthly indices
### How to test:
Copy the following to `fake_logs.delayed.yaml`:
```YAML
---
elasticsearch:
installKibanaUser: false
kibana:
installAssets: true
host: "http://localhost:5601/kibana"
indexing:
dataset: "fake_logs"
eventsPerCycle: 100
artificialIndexDelay: 300000
schedule:
- template: "good"
start: "now-1h"
end: false
eventsPerCycle: 100
```
Then run `node x-pack/scripts/data_forge.js --config
fake_logs.delayed.yaml`. This should index an hour of data immediately,
then add a 300s delay when indexing in "real time". The logs will look
like:
```
info Starting index to http://localhost:9200 with a payload size of 10000 using 5 workers to index 100 events per cycle
info Installing index templates (fake_logs)
info Installing components for fake_logs (fake_logs_8.0.0_base,fake_logs_8.0.0_event,fake_logs_8.0.0_log,fake_logs_8.0.0_host,fake_logs_8.0.0_metricset)
info Installing index template (fake_logs)
info Indexing "good" events from 2024-07-09T16:23:36.803Z to indefinitely
info Delaying 100 by 300000ms
info Waiting 60000ms
info { took: 2418721239, latency: 541, indexed: 6000 } Indexing 6000 documents.
...
```
Then after `300s`, it will index another `100` documents every `60s`.
You can also inspect the delay per minute using the following ES|QL in
Discover:
```
FROM kbn-data-forge-fake_logs.fake_logs-* | eval diff=DATE_DIFF("seconds", @timestamp, event.ingested) | STATS delay=AVG(diff) by timestamp=BUCKET(@timestamp, 1 minute)
```
This should give you a chart that looks something like this:
<img width="1413" alt="image"
src="2f48cb85-a410-487e-8f3b-41311ff95186">
There should also be a 5 minute gap at the end in Discover:
<img width="1413" alt="image"
src="660acc87-6958-4ce9-a544-d66d56f805dd">
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
In this PR Security Gen AI related APIs are changed from internal to
public.
Conversations APIs:
- POST/PUT/GET/DELETE
`"/api/security_ai_assistant/current_user/conversations/{id}"`
- GET `"/api/security_ai_assistant/current_user/conversations/_find"`
Prompts APIs:
- POST `"/api/security_ai_assistant/prompts/_bulk_action"`
- GET `"/api/security_ai_assistant/current_user/conversations/_find"`
Anonymization APIs:
- POST `"/api/security_ai_assistant/anonymization_fields/_bulk_action"`
- GET `"/api/security_ai_assistant/anonymization_fields/_find"`
## Summary
This makes semantic text work with non-root level reference fields. It
also correctly adds copy_to to existing copy_to fields instead of
replacing them, and streamlines a lot of the code.
To test these changes:
- Create an index
- Go to the index mappings page at
`app/management/data/index_management/indices/index_details?{yourIndexName}=blah&tab=mappings`
- Add an object field with a text field inside
- Add a semantic text field referencing that text field
- If you're on a Macbook, create a new inference endpoint with the model
`.elser_model_2` instead of using the default inference endpoint.
- Add a second semantic text field referencing that text field
- Save your mappings
- Use JSON view to verify that the newly created text field contains a
`copy_to` field referencing both newly created semantic text fields
- Verify that the newly created semantic text fields are also in the
JSON view
### Checklist
Delete any items that are not applicable to this PR.
- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] Any UI touched in this PR is usable by keyboard only (learn more
about [keyboard accessibility](https://webaim.org/techniques/keyboard/))
- [x] Any UI touched in this PR does not create any new axe failures
(run axe in browser:
[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),
[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))
- [x] This renders correctly on smaller devices using a responsive
layout. (You can test this [in your
browser](https://www.browserstack.com/guide/responsive-testing-on-local-server))
- [x] This was checked for [cross-browser
compatibility](https://www.elastic.co/support/matrix#matrix_browsers)
This PR consists of the following changes:
- An option to delete an existing inference endpoint
- Filtering the endpoints based on 'provider' and 'type'
- Search option
- Display the trained models deployment status
- Display additional 3rd party providers (Mistral, Azure OpenAI, Azure
AI Studio)
- Add licensing for gating enterprise licensed users
### Stack Management
### Serverless
---------
Co-authored-by: Liam Thompson <32779855+leemthompo@users.noreply.github.com>
This PR adds a `version` field to the `EntityDefinition` type, making it
required in the API calls. It must be a SemVer string.
The version is added to the ingest pipelines and transforms as part of
their metadata.
The version is included in the output documents alongside the schema
version.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Enables tracing Langchain invocations in the integrations assistant
using the Langsmith settings stored by the Security AI Settings.
The evaluation settings tab is still under an experimental flag, to see
it:
```
xpack.securitySolution.enableExperimental: ['assistantModelEvaluation']
```
### Screenshots
<img width="1317" alt="Settings"
src="6aed1ef6-3750-4259-9fe2-b8bf1aed5504">
After one execution of the integration assistant:
<img width="1240" alt="langsmith"
src="dd3dd99c-7c83-4a35-95b2-789e7a341031">
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
## Summary
Refactors the function argument structure of code used on Kibana server
for Log Rate Analysis from individual arguments to single objects that
contain all options. The options structure looks like this:
```
{
// "meta" args like dependencies, general callbacks etc. on the outer most level
esClient,
abortSignal,
...
// within "arguments" we pass in actual options that necessary for the logic of the function
arguments: {
start,
end,
query,
fields,
...
}
}
```
The main benefit is that code where these functions are used become
easier to read. Instead of the strict order of args that sometimes
included `undefined` or just a value where it's hard to guess for which
argument it's used for, this enforces to have the names of options show
up in the consuming code. Here's an example:
Before:
```
await fetchHistogramsForFields(
client,
requestBody.index,
histogramQuery,
[
{
fieldName: requestBody.timeFieldName,
type: KBN_FIELD_TYPES.DATE,
interval: overallTimeSeries.interval,
min: overallTimeSeries.stats[0],
max: overallTimeSeries.stats[1],
},
],
-1,
undefined,
abortSignal,
stateHandler.sampleProbability(),
RANDOM_SAMPLER_SEED
)
```
After:
```
(await fetchHistogramsForFields({
esClient,
abortSignal,
arguments: {
indexPattern: requestBody.index,
query: histogramQuery,
fields: [
{
fieldName: requestBody.timeFieldName,
type: KBN_FIELD_TYPES.DATE,
interval: overallTimeSeries.interval,
min: overallTimeSeries.stats[0],
max: overallTimeSeries.stats[1],
},
],
samplerShardSize: -1,
randomSamplerProbability: stateHandler.sampleProbability(),
randomSamplerSeed: RANDOM_SAMPLER_SEED,
},
})) as [NumericChartData]
```
### Checklist
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
## Summary
*(Yeah, the title is pretty bad I apologize, I couldn't find something
sexy. OTOH, "sexy" and "logging" are usually antonyms, like "sport car"
and "fiat panda", or "server language" and "javascript")*
### 1. Provide a more developer-friendly alternative to
`Logger.isLevelEnabled`.
**With `isLevelEnabled`**
```ts
if(logger.isLevelEnabled('info')) {
const message = someExpensiveMessageProbablyBasedOnJsonStringifyOrSomething();
logger.info(message);
}
```
**With this PR:**
```ts
logger.info(() => someExpensiveMessageProbablyBasedOnJsonStringifyOrSomething());
```
### 2. Adapt calls to `log.debug` (arguably) costly to use this syntax
Aka any call relying on `JSON.stringify` or function calls.
I used the new syntax for those, except when the tests were too
complicated to fix or when the code did not allow it (e.g. untyped let
variables infered from return from assignations don't play well with
closures)
Moving prompts persistence layer from the local storage to the server
side data stream `.kibana-elastic-ai-assistant-prompts`
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Updates
### Latest updates
- Expose whether KB is configured to run in FIPS mode from Core ->
Security
<img width="653" alt="Screenshot 2024-06-20 at 9 55 17 PM"
src="56a9f50f-0a05-41ca-9292-ed225b3d8062">
Consolidating all FIPS PRs into this PR
*Previous PRs were Approved
### Changes
- Config option is now experimental:
`xpack.security.experimental.fipsMode.enabled`
- Documentation has been revised
- Listed as an experimental feature
- Added keystore references for adding a password
## Summary
Closes#169738Closes#169739Closes#169740Closes#185948
FIPS is a platinum license feature.
KIbana instances must have a platinum or better license to start up in
FIPS mode, a lesser license will result in Kibana failing to start up
If the license is degraded, Kibana will still run, but an error will be
logged letting the user know that Kibana will not be able to restart.
## Config changes
This PR required the changes that were approved from [a previous
PR](https://github.com/elastic/kibana/pull/174558), since that PR
couldn't be merged into main, I merged it here.
## Testing
### Locally
In your `kibana.dev.yml` add:
`xpack.security.experimental.fipsMode.enabled: true`
To allow Kibana to start without actually providing a compliant OpenSSL
provider, in `x-pack/plugins/security/server/config.ts` change L328 from
`if (isFipsEnabled !== isNodeRunningWithFipsEnabled)` to `if (false)`
You are now configured to run in FIPS-spoof mode!
Run: `yarn es snapshot` and `yarn start` > You should see Kibana fail to
start with an error about using a basic license.
Run: `yarn es snapshot --license trial` and `yarn start` > Kibana should
start.
Login as `elastic` and navigate to Stack Management > License Management
Switch your license to `basic` and accept.
In your logs, you will see an error letting users know that you no
longer have an appropriate license and Kibana will not restart.
### For FIPS enthusiasts
Start an ES instance in a method of your choosing, but not using `yarn
es snapshot`. I like to use an 8.15.0-snapshot from the `.es/cache`
directory by running `tar -xzvf
elasticsearch-8.15.0-SNAPSHOT-darwin-aarch64.tar.gz ` and cd into the
new directory's `bin` folder to run `./elasticsearch`
Ensure you have Docker running locally.
From any command line, run: `docker run --rm -it -e
XPACK_SECURITY_FIPSMODE_ENABLED='true' -p 5601:5601/tcp
docker.elastic.co/kibana-ci/kibana-ubi-fips:8.15.0-SNAPSHOT-bc3150316ed317c08d57c6bd785ba39586072e1d`
This will start Kibana into Interactive Setup mode, copy and paste the
token from the ES startup logs.
Kibana should fail to start and you should see Kibana fail to start with
an error about using a basic license.
Repeat the above process except before you paste the token from ES, do
the following to enable a trial license on your ES instance:
In a new terminal window, navigate to your the top level of your
elasticsearch folder and run
`curl -X POST --cacert config/certs/http_ca.crt -u
elastic:YOUR_PASSWORD_HERE
"https://localhost:9200/_license/start_trial?acknowledge=true&pretty"`
You should receive a successful response.
Now paste the token from the ES startup logs into the Kibana Interactive
Setup window and Kibana should start.
Login as `elastic` and navigate to Stack Management > License Management
Switch your license to `basic` and accept.
In your logs, you will see an error letting users know that you no
longer have an appropriate license and Kibana will not restart.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: lcawl <lcawley@elastic.co>
## Summary
This PR adds Field statistics embeddable as panel in Dashboard
By default, it will enable the ES|QL editor for the field stats panel.
It will allow for editing of the ES|QL query, and time range.
4b5438c7-051f-4627-aab1-b802c23ca652
e9bae0e4-17cf-4a86-ad70-0da9d3667b53
If and only if ES|QL is disabled, it will show the data view picker as a
fallback.
### Checklist
Delete any items that are not applicable to this PR.
- [ ] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [ ]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
- [ ] Any UI touched in this PR is usable by keyboard only (learn more
about [keyboard accessibility](https://webaim.org/techniques/keyboard/))
- [ ] Any UI touched in this PR does not create any new axe failures
(run axe in browser:
[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),
[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))
- [ ] If a plugin configuration key changed, check if it needs to be
allowlisted in the cloud and added to the [docker
list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)
- [ ] This renders correctly on smaller devices using a responsive
layout. (You can test this [in your
browser](https://www.browserstack.com/guide/responsive-testing-on-local-server))
- [ ] This was checked for [cross-browser
compatibility](https://www.elastic.co/support/matrix#matrix_browsers)
### Risk Matrix
Delete this section if it is not applicable to this PR.
Before closing this PR, invite QA, stakeholders, and other developers to
identify risks that should be tested prior to the change/feature
release.
When forming the risk matrix, consider some of the following examples
and how they may potentially impact the change:
| Risk | Probability | Severity | Mitigation/Notes |
|---------------------------|-------------|----------|-------------------------|
| Multiple Spaces—unexpected behavior in non-default Kibana Space.
| Low | High | Integration tests will verify that all features are still
supported in non-default Kibana Space and when user switches between
spaces. |
| Multiple nodes—Elasticsearch polling might have race conditions
when multiple Kibana nodes are polling for the same tasks. | High | Low
| Tasks are idempotent, so executing them multiple times will not result
in logical error, but will degrade performance. To test for this case we
add plenty of unit tests around this logic and document manual testing
procedure. |
| Code should gracefully handle cases when feature X or plugin Y are
disabled. | Medium | High | Unit tests will verify that any feature flag
or plugin combination still results in our service operational. |
| [See more potential risk
examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) |
### For maintainers
- [ ] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Stratoula Kalafateli <efstratia.kalafateli@elastic.co>
## Summary
- adds AI assistant for queries for every rule type, apart Machine
Learning
- AI assistant is shown only when query is not empty and invalid
- When user clicks on assistant it records telemetry event
`open_assistant_on_rule_query_error `
- hidden behind `AIAssistantOnRuleCreationFormEnabled` feature flag
## Design
[Design](https://www.figma.com/file/nbgUduTmTpYNXLf1vDMP7u/General-Enhancements?type=design&node-id=115%3A5166&mode=design&t=2Yi5wvS1aDoYxuyT-1)
## Demo
92435f3b-c51e-471b-940f-604a1f245e94
## Old Demoes
**Note: old demo videos use old UI design, and assistant is shown even
for valid queries.**
<details>
<summary>list of videos</summary>
### ES|QL Case 1
Simple ES|QL query validation error solving
There 2 problems in query highlighted by validation.
First, missing metadata operator
Second, operator `=` instead of `==`
By feeding query twice in Ai Assistant, I was able to get working
solution
1eb49505-b161-4fdb-ac3c-d2833c16e2cd
### ES|QL Case 2
Fixes missing _id field, when metadata operator is present
82024fcb-822e-46f1-a80a-8b9f1725816e
### EQL Case 1
fixes EQL typo
ea18ceec-92f8-4322-b359-50e689a0ef72
</details>
### Issues
Results might not be always consistent and for more complex queries they
might not correct
e3bedfd6-943c-4979-8708-f6c33d1756a6
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
In this feature the following UI changes are required:
Add an accordion layout for wrap all the image link cards.
Change Layout of image cards.
Remove "Default" Header
Change second header label
<img width="1431" alt="Screenshot 2024-06-19 at 15 18 37"
src="df4b9582-d93b-45c9-89bb-3c2e52a01320">
### Checklist
Delete any items that are not applicable to this PR.
- [ ] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Angela Chuang <6295984+angorayc@users.noreply.github.com>
## Summary
Adds the licence and product type controls to the Integration assistant.
### UI
- ESS
Licence: The `Enterprise` license must be active to use the feature. It
is checked inside the _integration_assistant_ plugin itself by default
and the license paywall is displayed in case the license requirement is
not met, no need to configure anything from outside for the license
check.
- Serverless
Product type: The `Security complete` tier must be enabled to use the
feature in security projects. The _integration_assistant_ plugin exposes
a contract API to set up a custom upselling.
The product type check is performed in the
_security_solution_serverless_ plugin and the upselling component is
passed to the _integration_assistant_ plugin to be rendered.
### API
The `withAvailability` wrapper has been introduced to encapsulate this
availability check on all the routes. The `isAvailable` flag is defined
at a plugin level and passed to the router context. The flag is
defaulted to `true` and can be set to `false` by not having the
`Enterprise` license (ESS), or by calling the `setIsActive(false)`
contract exposed (serverless).
All API requests done while the license / product type requirements are
not met will be responded with:
```
404 Not Found: This API route is not available using your current license/tier.
```
### Screenshots
ESS:
Serverless:
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Part of https://github.com/elastic/kibana/issues/186574
Updates imports for types available from the core-security packages.
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Further progress towards cleaning up the sourcerer model, aligning it
with the FieldSpec. This PR removes description and examples fields from
the `BrowserField`, sourcing these from the EcsFlat available in
`@elastic/ecs` package.
## Summary
Reopening https://github.com/elastic/kibana/pull/186326 with my account,
non-internal PRs are just terrible to work with
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Tiago Costa <tiago.costa@elastic.co>
Co-authored-by: Aleh Zasypkin <aleh.zasypkin@elastic.co>
## Summary
Cleaning up the sourcerer model a bit, `category` does not seem to be
used anywhere and it is one of the things that deviate from the
FieldSpec.
