## Summary
In #189895 we added logic to the `getColorCategories` util function to
handle transpose columns. This mistakenly assumed the first row of the
datatable would include all transposed column ids (i.e.
`${value}---${columnId}`). After closer analysis this case is only
present the in datatable rendering (i.e. `table_basic.tsx`), but in this
context we also have the original non-transposed datatable.
So to simplify this we revert this logic to not care about transposed
datatables. Now the color mappings are correctly assigned across **split
by** columns.
<img width="720" alt="image"
src="https://github.com/user-attachments/assets/c588930e-53b9-409f-a257-2c5be35aaa38"
/>
Fixes#208555
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
## Release note
Fixes an issue in Lens (#208555) Table where a split-by metric on a
terms rendered incorrect colors in table cells.
---------
Co-authored-by: Marta Bondyra <4283304+mbondyra@users.noreply.github.com>
Co-authored-by: Marco Liberati <dej611@users.noreply.github.com>
## Summary
This PR is a followup to #205990, which removed references to all of the
deprecated/renamed EUI vars in preparation for 9.0. Here, we address
some of the non-critical tech debt related to the EUI refresh, namely
the [removal of static EUI
tokens](https://github.com/elastic/kibana/issues/199715#json-tokens)
from our codebase.
I made every attempt not to change any styles in this PR, except to
simplify CSS to produce an equivalent design. A common example of this
was removing a static `margin` or `padding` declaration referencing
`euiThemeVars.size*`, and swapping it with an equivalent `gutterSize`
prop on the `EuiFlexGroup` container, or with an `align-self` or other
equivalent flexbox directive.
## Screenshots of Areas Affected
The majority of changes here involved the Exception List/Item pages.
I've attached screenshots of their current layout for comparison/review:
<details>
<summary>
<h3>Rule Exceptions Tab</h3>
</summary>
<kbd>
<h3>Before</h3>
<img width="1395" alt="Rule exceptions tab - before"
src="https://github.com/user-attachments/assets/db7a5487-7df3-4a5f-b88e-90ab34784970"
/>
</kbd>
<kbd>
<h3>After</h3>
<img width="1421" alt="Rule exceptions tab - after"
src="https://github.com/user-attachments/assets/77cbdefc-cbec-4b9e-8436-197f2f2f6677"
/>
</kbd>
</details>
<details>
<summary>
<h3>Shared Exception Lists</h3>
</summary>
<kbd>
<img width="1517" alt="Shared Exception Lists"
src="https://github.com/user-attachments/assets/5448dd65-60f7-470c-bf7a-7af75bb914fa"
/>
</kbd>
</details>
<details>
<summary>
<h3>Shared Exception List Details</h3>
</summary>
<kbd>
<img width="1517" alt="Shared Exception List Details"
src="https://github.com/user-attachments/assets/6e03fef6-af58-40bb-98c5-188651a584cc"
/>
</kbd>
</details>
<details>
<summary>
<h3>Threshold Input</h3>
</summary>
<kbd>
<img width="1046" alt="Threshold Input"
src="https://github.com/user-attachments/assets/28738857-6bdf-404f-a790-a9f4e66ff27a"
/>
</kbd>
</details>
### Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
While working on replacing all `styled-components`with `@emotion/react`
I realized that there is some dead code in the Timelines plugin. Both
the `Overflow` and `ColumnToggle` components used in the `HoverActions`
code exported to other plugins are not used anywhere.
Moreover that `HoverConfig` logic has been deprecated for years now...
I thought about removing all the other hover action components
(`AddToTimeline`, `Copy`, `FilterIn` and `FilterOut`) but these are
currently in used in other plugins (`threat_intelligence` and
`kubernetes_security`) so the effort to replace these are a bit more
involved and will be done in a separate PR
This PR also removes an unused LoadingPanel component.
**No changes to the application are introduced in this PR!**
Fixes: https://github.com/elastic/kibana/issues/195191
Move log threshold rule type params to the new package.
P.S.: I've moved function `validateKQLStringFilter` and test for it in
my previous PR: https://github.com/elastic/kibana/pull/205507
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
**Fixes https://github.com/elastic/kibana/issues/208251**
## Summary
This bug was caused by the local generated MITRE data we have stored in
`x-pack/solutions/security/plugins/security_solution/public/detections/mitre/mitre_tactics_techniques.ts`
having an inconsistency in the way its reference urls were written
compared to the TRADE team's prebuilt rule packages. The trailing
backslash was present in the prebuilt rule packages (and added by
browsers) but not in the url field from the `.json` file we scrape the
MITRE data from in our script.
For example, this is the url from the script:
```
https://attack.mitre.org/techniques/T1078/004
```
and this is the url directly from the rule package:
```
https://attack.mitre.org/techniques/T1078/004/
```
This PR adds a normalization function that adds a trailing backslash to
the comparison string for the diff algorithm if it doesn't already
exist.
### Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
## Summary
This removes an override that was applied to the charts theme prior to
updating the `Theme` in `@elastic/charts`. This is no longer needed and
is now using the wrong color.
## Release note
Fixes issue with `Amsterdam` theme where charts render with the
incorrect background color.
fix https://github.com/elastic/kibana/issues/209081
Updates UI copy for the batch reindexing API only supporting indices.
Note to reviewers: There wasn't an entry for the translation id for
French.
---------
Co-authored-by: Jean-Louis Leysens <jloleysens@gmail.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Resolves https://github.com/elastic/kibana/issues/208750
## Summary
Removes the hard-coded value in the summarized alerts query, and uses
the max alerts config instead.
### Checklist
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
### To verify
1. Set `xpack.alerting.rules.run.alerts.max` in kibana.yml and start
Kibana
2. Create a summary alerting rule
3. Verify that the size in the summary alert query is the same value as
the max alerts config
Closes#209227
## Summary
This PR fixes a failed test: It was not possible to reproduce it locally
but I saw in the failed build that the page (chart) was still loading
when it failed so I added `waitForChartsToLoad` in the places where we
check the charts in the Overview tab.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Close https://github.com/elastic/kibana/issues/209471
# Backport
This will backport the following commits from `8.18` to `main`:
- [[UA] Preserve hidden status of original index during reindexing
(#209512)](https://github.com/elastic/kibana/pull/209512)
<!--- Backport version: 9.6.4 -->
### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)
<!--BACKPORT [{"author":{"name":"Jean-Louis
Leysens","email":"jeanlouis.leysens@elastic.co"},"sourceCommit":{"committedDate":"2025-02-04T13:20:51Z","message":"[UA]
Preserve hidden status of original index during reindexing
(#209512)","sha":"ed5b521cb491ccb4e1491190f221209de1c2a90f","branchLabelMapping":{"^v8.16.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Core","release_note:skip","Feature:Upgrade
Assistant","backport:skip"],"title":"[UA] Preserve hidden status of
original index during
reindexing","number":209512,"url":"https://github.com/elastic/kibana/pull/209512","mergeCommit":{"message":"[UA]
Preserve hidden status of original index during reindexing
(#209512)","sha":"ed5b521cb491ccb4e1491190f221209de1c2a90f"}},"sourceBranch":"8.18","suggestedTargetBranches":[],"targetPullRequestStates":[]}]
BACKPORT-->
## Summary
Resolves#180590
Since SLO instanceId is provided in all APIs, it will be made required
for sloWithDataResponseSchema and the SLOWithSummaryResponse type.
Checks for the existence of instanceId have either been removed or
changed to check for ALL_VALUE (`*`)
---------
Co-authored-by: Kevin Delemme <kevin.delemme@elastic.co>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
**Fixes: https://github.com/elastic/kibana/issues/202966**
**Fixes: https://github.com/elastic/kibana/issues/206527**
## Summary
The issue that causes the overarching problem mentioned in the ticket is
that we add an extra `alias: null` property to the filter via the kibana
filter utils instead of keeping the `alias` field unset. This is
functionally the same rule but since the prebuilt rule objects are
technically different (`alias` is set to `undefined` instead of `null`),
we mark these rules as customized and causes the query fields to show as
a modified field on update.
To address this, since changing the kibana util filter would be very
invasive and touching a lot of code, we instead normalize the field on
our side before version comparison. This fixes the bug reported and
improves resiliency of rule upgrades in the future.
### Testing (copied from ticket)
- Ensure the `prebuiltRulesCustomizationEnabled` feature flag is enabled
- Allow internal APIs via adding `server.restrictInternalApis: false` to
`kibana.dev.yaml`
- Clear Elasticsearch data
- Run Elasticsearch and Kibana locally (do not open Kibana in a web
browser)
- Install an outdated version of the `security_detection_engine` Fleet
package
```bash
curl -X POST --user elastic:changeme -H 'Content-Type: application/json' -H 'kbn-xsrf: 123' -H "elastic-api-version: 2023-10-31" -d '{"force":true}' http://localhost:5601/kbn/api/fleet/epm/packages/security_detection_engine/8.14.1
```
- Install prebuilt rules
```bash
curl -X POST --user elastic:changeme -H 'Content-Type: application/json' -H 'kbn-xsrf: 123' -H "elastic-api-version: 1" -d '{"mode":"ALL_RULES"}' http://localhost:5601/kbn/internal/detection_engine/prebuilt_rules/installation/_perform
```
- Open a `threat_match` rule for editing. For example `Threat Intel Hash
Indicator Match` with rule_id `aab184d3-72b3-4639-b242-6597c99d8bca`.
With this fix, users should **NOT** see any extra fields in the rule
upgrade flyout, nor should the rule be marked as "Modified" if opened
and saved with no other modifications
### Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
This PR updates the ES|QL grammars (lexer and parser) to match the
latest version in Elasticsearch.
---------
Co-authored-by: Stratoula Kalafateli <efstratia.kalafateli@elastic.co>
## Summary
Make the Security Solution `endpoint-meta-telemetry` task send the new
Endpoint field `Endpoint.metrics.top_process_trees`
### Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
## Summary
Improved handling for operator-defined role mappings:
- Detail page with operator-defined role mappings is now marked with
lock icon and tooltip
- Operator-defined role mappings have a read-only experience.
<img width="1256" alt="Screenshot 2025-01-29 at 11 45 27"
src="https://github.com/user-attachments/assets/911dd2cd-4fe8-4141-8d8a-ffde974884d7"
/>
<img width="1234" alt="Screenshot 2025-01-28 at 15 21 44"
src="https://github.com/user-attachments/assets/d9a03431-f8da-471e-8c94-f504aa00623d"
/>
### How to test
1. Create a `settings.json` file in
`$ES_HOME/config/operator/settings.json`, and define some role mappings
there. Here's an example that will create 2 operator mappings:
```json
{
"metadata": {
"version": "1",
"compatibility": "8.4.0"
},
"state": {
"role_mappings": {
"operator_role_mapping_1": {
"enabled": true,
"roles": [
"kibana_user"
],
"metadata": {
"from_file": true
},
"rules": {
"field": {
"username": "role-mapping-test-user"
}
}
},
"operator_role_mapping_2": {
"enabled": true,
"roles": [
"fleet_user"
],
"metadata": {
"from_file": true
},
"rules": {
"field": {
"username": "role-mapping-test-user"
}
}
}
}
}
}
```
2. Navigate to `Role Mappings` page and check the UI has a read only
view.
3. Navigate to `Role Mappings Details` page and check the UI has a read
only view.
### Checklist
- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
__Closes: https://github.com/elastic/kibana/issues/194635__
### Release Notes
Improved handling for operator-defined role mappings
---------
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
## 🍒 Summary
This PR adds support to `/api/streams` endpoints for the
`GroupStreamDefinition` type. Group streams are simply a list of member
streams along with dashboards. An example of the definition looks like:
```JSON
{
"name": "nginx-logs",
"stream": {
"grouped": {
"description": "A collection of streams for Nginx",
"members": [
"logs",
"logs.nginx"
]
}
},
"dashboards": []
}
```
The following APIs support `GroupStreamDefinition`:
- `GET /api/streams`
- `GET /api/streams/{id}`
- `PUT /api/streams/{id}`
- `DELETE /api/streams/{id}`
- `GET /api/streams/{id}/_details`
This PR only includes the support to the APIs, I will submit a follow PR
for the UI.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Joe Reuter <johannes.reuter@elastic.co>
## Summary
While working on 9.x Upgrade testing, i found that when running
synthtrace scenarios pointing to a 7.x cluster, it tries to fetch the
latest version of the APM package. In 7.x, the `latestVersion` item was
present under a different node in the API response. Hence adding this
fix.
## Summary
This package relies on devOnly packages, thus it must be devOnly too.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Closes#184582
## Summary
This PR fixes an issue with processes missing from the processes table
and not being searchable.
- Additional fixes: The chart size was not set correctly and they were
not visible so it is fixed now:
| Before | After |
| ---- | ------ |
|
|
|
⚠️ _UPDATE_ I also updated the archive used in the API test with the one
we have for the e2e name (and matched the name with the old one) so we
have consistent results and also the correct fields / mappings
### Solution details
After some digging into the fields I ended up **not** using the
suggested `process.name` because it gave us too generic information for
the table (we should still use the command there) also tried the process
id but then the search by command won't work properly. So I found a
field that is not ignored and contains the same information called
`process.command_line`and used it:
<img width="538" alt="image"
src="https://github.com/user-attachments/assets/ce4d35a6-e912-4656-bee1-8137d5635432"
/>
## Testing
- Follow the steps in the issue inside `How to reproduce` to create the
two processes
- Note: in order to see the process summary, you need to enable it in
the config ( ⚠️ for the oblt hosts I checked it is not enabled and the
summary section showed N/A ) :
https://github.com/user-attachments/assets/41bdcc8d-6b87-4351-b866-2e706dd11dfd
- The metrics charts should be visible
- The search should work as expected:
- And the missing.... process should be visible
Fixes https://github.com/elastic/kibana/issues/187065
## Summary
In the repository creation endpoint, when the validation failed, we were
showing duplicated errors. This was caused by how the validation schema
was build. This PR refactors the duplication schema so it doesn't
duplicate the nama field.
### How to test
* RunES with yarn es snapshot --license=trial -E
path.repo=/tmp/es-backups
* Navigate to repos list and try creating a new repo
* Fill the name input with an string longer than 1000 chars.
* Verify the error message when saving the repo is not duplicated
### Screenshot
<img width="1032" alt="Screenshot 2025-02-03 at 15 24 27"
src="https://github.com/user-attachments/assets/75231f68-a13e-44bf-8d8a-be488c9f25e5"
/>
As titled. The Project Switcher was created in #155582 as a means of
allowing a developer to switch between project types without having to
restart Kibana. Since that first PR, Kibana *must* be started with a
particular project configuration in mind-- the switcher now does
nothing. This PR removes it and deprecates the config keys.
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[react-reverse-portal](https://togithub.com/httptoolkit/react-reverse-portal)
| dependencies | minor | [`^2.1.2` ->
`^2.2.0`](https://renovatebot.com/diffs/npm/react-reverse-portal/2.1.2/2.2.0)
|
---
### Release Notes
<details>
<summary>httptoolkit/react-reverse-portal
(react-reverse-portal)</summary>
###
[`v2.2.0`](https://togithub.com/httptoolkit/react-reverse-portal/compare/v2.1.2...v2.2.0)
[Compare
Source](https://togithub.com/httptoolkit/react-reverse-portal/compare/v2.1.2...v2.2.0)
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Renovate
Bot](https://togithub.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MjUuMSIsInVwZGF0ZWRJblZlciI6IjM3LjQyNS4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJUZWFtOkRhdGFEaXNjb3ZlcnkiLCJiYWNrcG9ydDphbGwtb3BlbiIsInJlbGVhc2Vfbm90ZTpza2lwIl19-->
Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com>
Resolves https://github.com/elastic/kibana/issues/196584
## Summary
This PR updates the task poll interval logic for projects using the mget
strategy to optimize request loads to Elasticsearch, particularly for
smaller projects with low utilization. When task manager (TM)
utilization is below 25%, the poll interval will be set to 3 seconds
instead of the current 500 milliseconds. This change does not affect
projects utilizing `update_by_query`.
The existing backpressure logic remains unchanged for handling errors.
The only adjustment occurs in scenarios where there are no errors, the
TM utilization is below 25%, and the poll interval is less than 3
seconds. In such cases, the poll interval will increase to 3 seconds,
even if the backpressure logic has not fully reset the interval to its
original value.
I just chose 25%, but I am definitely open to other ideas.
### Checklist
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
### To verify
- Start Kibana and go to
`http://localhost:5601/api/task_manager/_health` and verify the poll
interval is 3s
- Create some alerting rules scheduled to run every second, and let them
run. I created 4 rules.
- Check `http://localhost:5601/api/task_manager/_health` again to verify
that with rules running the poll interval is back to 500ms. (It may take
a couple refreshes for the health api to reflect the changes)
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
