## Summary
Current PR creates a new platform shared plugin named
`inference_endpoint` to expose in Kibana the new internal API
`_inference/_services`, which returns the list of inference providers
with the configuration settings.
Changed `@kbn/inference_endpoint_ui_common` package to fetch dynamically
the list of providers by using the route introduced in
`inference_endpoint` plugin.
Added fields settings filter based on the selected task in the
`supported_task_types`.
Cleaned up the types consolidating all in the package
`@kbn/inference_endpoint_ui_common`.
Changed .inference connector to use `unified_completion` subAction for
selected `chat_completion` task type.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: pgayvallet <pierre.gayvallet@elastic.co>
fix https://github.com/elastic/kibana/issues/207128
We have an integration test to check that saved objects aren't removed
and another that catches mappings changes.
This PR adds another assertion to ensure that the message is clear:
Removing a saved object type is not allowed after 8.8.
---------
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
## Summary
Part of #195211
- Adds Show Request screen to the new rule form flyout
<details>
<summary>Screenshot</summary>
<img width="585" alt="Screenshot 2025-01-10 at 1 30 15 PM"
src="https://github.com/user-attachments/assets/72500b0d-d959-4d17-944e-a7dc0894fb98"
/>
</details>
- Renders the action connectors UI within the flyout instead of opening
a modal
<details>
<summary>Screenshot</summary>
<img width="505" alt="Screenshot 2025-01-10 at 1 28 38 PM"
src="https://github.com/user-attachments/assets/b5b464c0-7359-43ab-bea1-93d2981a5794"
/>
</details>
- Duplicates the dropdown filter design from the flyout UI within the
action connectors modal when displayed on a smaller screen
<details>
<summary>Screenshot</summary>
<img width="809" alt="Screenshot 2025-01-10 at 1 30 28 PM"
src="https://github.com/user-attachments/assets/5ef28458-1b6d-4a29-961d-fbcc1640e706"
/>
</details>
### Implementation notes
In order to get the action connectors UI to render the same way in both
a modal and the flyout, without duplicating a large amount of code, I
had to introduce a little bit of complexity. Within the Rule Page, it's
as simple as opening the UI inside a modal, but the flyout cannot open a
second flyout; it has to know when and how to completely replace its own
contents.
- The bulk of the action connectors UI is now moved to
`<RuleActionsConnectorsBody>`. `<RuleActionsConnectorsModal>` and
`<RuleFlyoutSelectConnector>` act as wrappers for this component.
- The `<RuleActions>` step no longer handles rendering the connector UI,
because it's not at a high enough level to know if it's in the
`<RulePage>` or the `<RuleFlyout>`. Instead, it simply sends a signal up
the context hierarchy to `setIsConnectorsScreenVisible`.
- A new context called `RuleFormScreenContext` keeps track of
`isConnectorsScreenVisible`, a state for whether or not the action
connectors "screen" is open, regardless of whether that screen is
displayed in a modal or a flyout.
- The Rule Page uses `isConnectorsScreenVisible` to determine whether to
render the modal. This works the same way as it used to, but handled by
the `<RulePage>` instead of the `<RuleActions>` component.
- The Rule Flyout uses `isConnectorsScreenVisible` to determine whether
to continue to render `<RuleFlyoutBody>` or to completely replace its
contents with `<RuleFlyoutSelectConnector>`
For consistency, this PR also moves the Show Request modal/flyout screen
into the same system.
### Testing
To test the new flyout, edit
`packages/response-ops/rule_form/src/create_rule_form.tsx` and
`packages/response-ops/rule_form/src/edit_rule_form.tsx` so that they
render `<RuleFlyout>` instead of `<RulePage>`.
<details>
<summary><strong>Use this diff block</strong></summary>
```diff
diff --git a/packages/response-ops/rule_form/src/create_rule_form.tsx b/packages/response-ops/rule_form/src/create_rule_form.tsx
index 2f5e0472dcd..564744b96ec 100644
--- a/packages/response-ops/rule_form/src/create_rule_form.tsx
+++ b/packages/response-ops/rule_form/src/create_rule_form.tsx
@@ -31,6 +31,7 @@ import {
parseRuleCircuitBreakerErrorMessage,
} from './utils';
import { RULE_CREATE_SUCCESS_TEXT, RULE_CREATE_ERROR_TEXT } from './translations';
+import { RuleFlyout } from './rule_flyout';
export interface CreateRuleFormProps {
ruleTypeId: string;
@@ -199,7 +200,7 @@ export const CreateRuleForm = (props: CreateRuleFormProps) => {
}),
}}
>
- <RulePage isEdit={false} isSaving={isSaving} onCancel={onCancel} onSave={onSave} />
+ <RuleFlyout isEdit={false} isSaving={isSaving} onCancel={onCancel} onSave={onSave} />
</RuleFormStateProvider>
</div>
);
diff --git a/packages/response-ops/rule_form/src/edit_rule_form.tsx b/packages/response-ops/rule_form/src/edit_rule_form.tsx
index 392447114ed..41aecd7245a 100644
--- a/packages/response-ops/rule_form/src/edit_rule_form.tsx
+++ b/packages/response-ops/rule_form/src/edit_rule_form.tsx
@@ -26,6 +26,7 @@ import {
import { RULE_EDIT_ERROR_TEXT, RULE_EDIT_SUCCESS_TEXT } from './translations';
import { getAvailableRuleTypes, parseRuleCircuitBreakerErrorMessage } from './utils';
import { DEFAULT_VALID_CONSUMERS, getDefaultFormData } from './constants';
+import { RuleFlyout } from './rule_flyout';
export interface EditRuleFormProps {
id: string;
@@ -193,7 +194,7 @@ export const EditRuleForm = (props: EditRuleFormProps) => {
showMustacheAutocompleteSwitch,
}}
>
- <RulePage isEdit={true} isSaving={isSaving} onSave={onSave} onCancel={onCancel} />
+ <RuleFlyout isEdit={true} isSaving={isSaving} onSave={onSave} onCancel={onCancel} />
</RuleFormStateProvider>
</div>
);
```
</details>
### Still Todo
1. Replace all instances of the v1 rule flyout with this new one (it's
used heavily in solutions, not in Stack Management)
### Checklist
- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Resolves#206433
Added optional `exposeConfig` field to the `preconfiguredActionSchema`
to allow return the configuration for the pre-configured connectors,
which set this value as `true`.
This change is completely backward compatible, because this field is
optional and all the connectors, which don't have the value will remain
to work the same way as before the change (won't return the config).
Changed get and getAll methods of the ActionsClient to reflect opt-in
config based on the set `exposeConfig` value.
## Summary
Breaking change proposal: https://github.com/elastic/dev/issues/2556
This PR updates the upgrade note documentation to explain the 9.0.0
changes around Reporting access control
### [Security Solution] [Security Assistant] Fixes Security Assistant accessibility (a11y) issues
This PR fixes the following Security Assistant accessibility (a11y) issues:
- <https://github.com/elastic/kibana/issues/206348> - _The ai assistant settings and actions button is announced wrong_
- <https://github.com/elastic/kibana/issues/206362> - _Close button on View in AI assistant is missing discernible text_
- <https://github.com/elastic/kibana/issues/206875> - _Anonymization button doesn't get announced and doesn't have enough context in the tooltip about when it gets enabled_
### Details
#### [206348](https://github.com/elastic/kibana/issues/206348) - The ai assistant settings and actions button is announced wrong
This issue was resolved by adding an `aria-label` to the assistant settings context menu.
This fix was desk tested using Voiceover, as illustrated by the following screenshots:
**Before:**
**After:**
Desk testing: see [206348](https://github.com/elastic/kibana/issues/206348) for reproduction steps
#### [206362](https://github.com/elastic/kibana/issues/206362) - Close button on View in AI assistant is missing discernible text
This issue was resolved by adding an `aria-label` to the assistant close button.
This fix was desk tested using Axe, as illustrated by the following screenshots:
**Before:**
**After:**
Desk testing: see [206362](https://github.com/elastic/kibana/issues/206362) for reproduction steps
#### [206875](https://github.com/elastic/kibana/issues/206875) - Anonymization button doesn't get announced and doesn't have enough context in the tooltip about when it gets enabled
Issue [206875](https://github.com/elastic/kibana/issues/206875) includes the following statement:
> Anonymization button doesn't get announced and doesn't have enough context in the tooltip about when it gets disabled. All it says right now "show anonymized"
The first part of the statement above:
> Anonymization button doesn't get announced
appears to be in reference to when the Anonymization toggle button is disabled. This is unfortunately expected, because screen readers do NOT announce disabled buttons, as described in articles like <https://css-tricks.com/making-disabled-buttons-more-inclusive/>
The second part of the statement above:
> doesn't have enough context in the tooltip about when it gets enabled
is addressed by this PR, though there is still a quirk described in detail below.
In this PR, when a conversation does NOT have replacements, a new (different) tooltip is displayed, as illustrated by the before / after screenshots below:
**Before:**
_Above: Before the fix, the tooltip for the disabled button reads:_ `Show anonymized`
**After:**
_Above: After the fix, the tooltip for the disabled button reads:_ `This conversation does not include anonymized fields`
Note that there is still a quirk with the button, which is not addressed by this fix:
The current implementation enables the `Show anonymized` button when the conversation has _any_ replacements, regardless of whether or not the replacements are applicable to the rendered conversation. As a result, when replacements are present, but not applicable to the rendered conversation, the user may toggle the enabled button, but will not observe any changes to the rendered conversation.
Alternatively, the replacements could be applied to the conversation before rendering to facilitate a comparison: If the original conversation and applied conversation are identical, the anonymization button should be disabled. If they are the different, the button should be enabled. This alternative was NOT implemented in this PR.
Desk testing: see [206875](https://github.com/elastic/kibana/issues/206875) for reproduction steps
## Summary
Fixes#206845
Removes a check to see if a rule has a valid consumer before allowing
alerts filters to be edited in the rule form. This was breaking editing
rules on serverless.
With all relevant rule types having added alerts-as-data functionality,
this check is no longer necessary.
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
## Summary
Fix https://github.com/elastic/kibana/issues/207719
For openAI providers not emitting token usage metadata for the stream
API, manually count tokens, so that a tokenCount event is always
emitted.
## Summary
Replace `estimated_heap_memory_usage_bytes` property with `expected
model_size_bytes` per deprecation warning. I unzipped the fixture
archives, replaced the property, and rezipped them.
## To test
Add the following to your `serverArgs` block in
`x-pack/test/fleet_api_integration/config.base.ts`
```
{
name: 'elasticsearch.debug',
level: 'debug',
appenders: ['default'],
},
```
Run the EPM FTR tests e.g.
```
FLEET_PACKAGE_REGISTRY_PORT=12345 yarn test:ftr:server --config x-pack/test/fleet_api_integration/config.epm.ts
# in another terminal session
FLEET_PACKAGE_REGISTRY_PORT=12345 yarn test:ftr:runner --config x-pack/test/fleet_api_integration/config.epm.ts --grep "Assets tagging"
```
Check that the deprecation notice does not appear in the
`elasticsearch.debug` logs in your console
```
x-pack/test/fleet_api_integration/apis/epm/bulk_get_assets.ts: Deprecated field estimated_heap_memory_usage_bytes used, expected model_size_bytes instead
```
PR cleans up presentation interface names for consistentency
* adds `$` suffix to all observables. For example, `dataLoading` =>
`dataLoading$`
* removes `Panel` naming convention from interface names since an api
may not be a panel, an api may be a dashboard. For example,
`PublisesPanelTitle` => `PublishesTitle`
#### Note to Reviewers
Pay special attention to any place where your application creates an
untyped API. In the example below, there is no typescript violation when
the parent returns `dataLoading` instead of `dataLoading$` since the
parent is not typed as `PublishesDataLoading`. Please check for
instances like these.
```
<ReactEmbeddableRenderer
getParentApi={() => {
dataLoading: new BehaviorSubject()
}}
/>
```
---------
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Fixes#206801
## Summary
When opening the case detail page we retrieve user profile info for the
different case user actions.
If the uid stored in ES is an empty string for any of these user
actions, we get an error that looks like this:
### Steps to reproduce/test (thanks @jcger )
1. Create a user with the `system_indices_superuser` role
2. Create a case and assign a user to it
3. Get the ID of the assignment user action from the case above
```
GET .kibana_alerting_cases/_search
{
"query": {
"bool": {
"filter": [
{
"term": {
"type": "cases-user-actions"
}
},
{
"term": {
"cases-user-actions.type": "assignees"
}
},
{
"nested": {
"path": "references",
"query": {
"bool": {
"filter": [
{
"term": {
"references.type": "cases"
}
},
{
"term": {
"references.id": "<case_id>"
}
}
]
}
}
}
}
]
}
}
}
```
4. Manually set the `uid` of the assignee to `""`
```
POST .kibana_alerting_cases/_update/<cases-user-actions-id>
{
"script": {
"source": """
ctx._source["cases-user-actions"].payload.assignees[0].uid = "";
"""
}
}
```
After this PR the popup should **not** appear anymore.
## 📓 Summary
Adds a new section to the overview tab in the log details flyout in
Discover to display stacktrace information for logs and exceptions.
In a follow-up, the stacktrace could be moved to a new tab in the log
details flyout and actions can be added to the stacktrace (and quality)
icons in the document table to open the relevant sections in the flyout.
Closes https://github.com/elastic/kibana/issues/190460
### APM - Log stacktrace (library frames)
<img width="1470" alt="image"
src="https://github.com/user-attachments/assets/8991f882-d329-4bc5-aa37-424576bcee72"
/>
### APM - Exception (with cause)
<img width="1476" alt="image"
src="https://github.com/user-attachments/assets/cfbf24a7-6f82-48f1-b275-5aac977411ac"
/>
### APM - Exception (simple stacktrace)
<img width="1474" alt="image"
src="https://github.com/user-attachments/assets/fc0306c4-5fcd-4b74-bb0d-c1784a48d677"
/>
### Apache Tomcat Integration (Catalina) - Stacktrace
<img width="1472" alt="image"
src="https://github.com/user-attachments/assets/281f1822-faea-4e2d-9515-c11a9ee12f50"
/>
## 📝 Notes for reviewers
- The `@kbn/apm-types` package was marked as platform / shared as it's
being used by the
[unified_doc_viewer](https://github.com/elastic/kibana/blob/main/src/plugins/unified_doc_viewer/kibana.jsonc)
- The code used to render stacktraces in APM was moved into a new
`@kbn/event-stacktrace` package as it is reused in the
`unified_doc_viewer`
- The code used to render metadata table in APM was moved into a new
`@kbn/key-value-metadata-table` package
## 🧪 Testing instructions
The deployed environments have sample logs that can be used (time range:
Jan 1, 2025 - now). For a local setup, please follow the instructions
below:
1. Ingest sample logs with stacktraces
([gist](https://gist.github.com/gbamparop/0da21ca7f65b24c4a9c071ce9e9b97b0)).
Please note that these are test data and some fields that are not used
by stacktraces might not be consistent
2. View relevant logs in Discover (Query: `service.name: "synth-node-0"
OR apache_tomcat :*`, Time range: Jan 1, 2025 - now)
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Closes https://github.com/elastic/kibana/issues/207310
The deployment agnostic tests were not running properly against MKI
because they directly mess with system indices.
This PR fixes this by removing these parts of the streams tests as they
are anyway tested already by the separate storage adapter tests.
It also extends the behavior of the "disable" streams API endpoint to
also wipe the asset links and stream definitions for classic streams to
leave a clean state. To do this, I extended the storage adapter by a
"clean" function, which deletes the index templates and all backing
indices.
Refactors models to make it more clear what our data model is internally
and what our API responses are. Also some small changes to make it more
elasticsearch-y:
- isSchema variants now are based on specific type narrowing instead of
from any > type, as the latter only gives runtime safety, but does not
add much in terms of type safety
- validation is now entirely encapsulated in the type, removed
additional checks such as `isCompleteCondition`
- the stored document puts all stream properties top level (currently
only `ingest`, instead of `stream.ingest`)
- `condition` is renamed to `if`, and required everywhere
- `always` and `never` conditions were added
- `grok` and `dissect` processors are now similar to ES, where the
condition is a part of the processor config
- `GET /api/streams/{id}` returns `{ stream: ..., dashboards: ..., ...
}` instead of `{ ingest: ...., dashboards: ..., ... }`
- `PUT /api/streams/{id}` now requires `dashboards`, and `stream` is a
top-level property
- `PUT /api/streams/{id}/_ingest` was added to allow consumers to only
update the stream, and not its assets
- there are some legacy definitions (in `legacy.ts`) to minimize the
amount of changes in the UI, this still needs to happen at some point
but not in this PR
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
There was no `sessionManagement` privilege registered, so the route was
available only for superusers or users with equivalent privileges.
Explicitly added `superuser` privileges for
`/api/security/session/_invalidate` route.
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
__Related: https://github.com/elastic/kibana/issues/198716__
Closes https://github.com/elastic/kibana/issues/200603
## Summary
Reindexes the Kibana Security session system index to the 8.x format to
support 9.0 readiness.
### Release note
Creates Kibana Security session index to only if the
`kibana_security_session_1` index or the reindexed version do not exist.
### Notes
### How to test
For this test, you'll need at least 3 copies of Kibana cloned locally.
One each on 7.17, 8.x and main - ensuring you've run `yarn kbn
bootstrap` on each of them.
Step 0. Verify on the PR branch
-----
- Start ES as `yarn es snapshot --license=trial`
- Start kibana `yarn start --no-base-path`
- Login to kibana in a private browsing window
- Navigate to dev tools and run
```
GET .kibana_security_session/_alias
```
- You should see
```
{
".kibana_security_session_1": {
"aliases": {
".kibana_security_session": {
"is_write_index": true,
"is_hidden": true
}
}
}
}
```
This indicates that there were no aliases/index present and the new
index was created.
Step 1. On 7.17
-----
- Run ES with `yarn es snapshot --license=trial -E
path.data=/tmp/esdata`
- Run kibana
- Login with the `elastic` user
- Navigate to dev tools and run the following query
```
GET .kibana_security_session_1/_search
{
"query": {
"match_all": {}
}
}
```
- You should see your current session being returned as the result for
this query
- You can now shut down ES and kibana.
Step 2. On 8.x
-----
- Run ES with `yarn es snapshot --license=trial -E
path.data=/tmp/esdata` <--- point to the same folder as the previous run
- Run kibana, open a private browser window and login.
- Navigate to Kibana upgrade assistant and Migrate system indices and
wait for it to run.
- Now in Dev tools, run the same query. You should see two sessions.
- One with the idleSessionTimeout returned as null and the other one
containing a value - indicating one was created on 7.x and the other in
8.x
- Make a backup of the data folder `cp -r /tmp/esdata /tmp/esdatabkp`
Step 3(OPTIONAL). On main (without the changes in this PR)
-----
- Run ES with `yarn es snapshot --license=trial -E
path.data=/tmp/esdata`
- This should throw an error
Step 4. On 8.x
-----
- First use the backup for the path `cp -r /tmp/esdatabkp /tmp/esdata2`
- Start ES only (do not run Kibana yet) by pointing to the copy: `yarn
es snapshot --license=trial -E path.data=/tmp/esdata2`
- ES should start up and you need to delete 1 index and 2 datastreams
using the ES APIs and any method you prefer. For your convenience, you
can use the same script as mine:
```ts
import axios from 'axios';
const clearIndexAndDatastream = async () => {
{
const res = await axios.delete(
"http://localhost:9200/.kibana-event-log-7.17.28-000001",
{
headers: {
Authorization: "Basic ZWxhc3RpYzpjaGFuZ2VtZQ==",
accept: "*/*",
"Content-Type": "application/json",
"Kbn-Xsrf": "true",
},
}
);
console.log("deleted index:", JSON.stringify(res.data));
}
{
const res = await axios.delete(
"http://localhost:9200/_data_stream/ilm-history-5",
{
headers: {
Authorization: "Basic ZWxhc3RpYzpjaGFuZ2VtZQ==",
accept: "*/*",
"Content-Type": "application/json",
"Kbn-Xsrf": "true",
},
}
);
console.log("deleted ds1:", JSON.stringify(res.data));
}
{
const res = await axios.delete(
"http://localhost:9200/_data_stream/.logs-deprecation.elasticsearch-default",
{
headers: {
Authorization: "Basic ZWxhc3RpYzpjaGFuZ2VtZQ==",
accept: "*/*",
"Content-Type": "application/json",
"Kbn-Xsrf": "true",
},
}
);
console.log("deleted ds2:", JSON.stringify(res.data));
}
};
clearIndexAndDatastream();
```
You should see the result as:
```
deleted index: {"acknowledged":true}
deleted ds1: {"acknowledged":true}
deleted ds2: {"acknowledged":true}
```
- Now login to Kibana in a private browsing window and navigate to
Upgrade assistant and run the migration.
- Navigating to devtools and running the same query as above will show
you three results. One with no idleTimeout and 2 with timeouts (One on
7.x and two on 8.x format respectively)
```
GET .kibana_security_session_1/_search
{
"query": {
"match_all": {}
}
}
```
- You can now shut ES and kibana at this point.
Step 5. On the branch of this PR
-----
- Run ES with `yarn es snapshot --license=trial -E
path.data=/tmp/esdata2`
- Run Kibana and login using a private window.
- Navigating to dev tools and run:
```
GET .kibana_security_session/_alias
```
To show a result as:
```
{
".kibana_security_session_1-reindexed-for-9": {
"aliases": {
".kibana_security_session": {
"is_hidden": true
},
".kibana_security_session_1": {
"is_hidden": true
}
}
}
}
```
This indicates that no new index was created and we are using the
reindexed version from 8.x.
- You should also run the query to check for sessions:
```
GET .kibana_security_session_1/_search
{
"query": {
"match_all": {}
}
}
```
- This should return 4 sessions in the results
This confirms that the session was re-indexed correctly using the right
aliases.
### Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
- [ ] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
### Identify risks
Does this PR introduce any risks? For example, consider risks like hard
to test bugs, performance regression, potential of data loss.
Describe the risk, its severity, and mitigation for each identified
risk. Invite stakeholders and evaluate how to proceed before merging.
- [ ] [See some risk
examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)
- [ ] ...
---------
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Closes https://github.com/elastic/kibana/issues/207733
Addresses build failures like
https://buildkite.com/elastic/appex-qa-serverless-kibana-ftr-tests/builds/4033
by increasing the timeout from 2 min to 5 min
This is the test that was failing
> 1) Serverless Observability - Deployment-agnostic API integration
tests
--
| │ observability AI Assistant
| │ /internal/observability_ai_assistant/kb/status
| │ "before each" hook for "returns correct status after knowledge
base is setup":
| │
| │ Error: retry.try reached timeout 120000 ms
| │ Error: expected false to equal true
| │ at Assertion.assert (expect.js💯11)
| │ at Assertion.apply (expect.js:227:8)
| │ at Assertion.be (expect.js:69:22)
| │ at helpers.ts:64:31
| │ at processTicksAndRejections
(node:internal/process/task_queues:95:5)
| │ at runAttempt (retry_for_success.ts:30:15)
| │ at retryForSuccess (retry_for_success.ts:103:21)
| │ at RetryService.try (retry.ts:52:12)
| │ at waitForKnowledgeBaseReady (helpers.ts:58:3)
| │ at Context.<anonymous> (knowledge_base_status.spec.ts:31:7)
| │ at Object.apply (wrap_function.js:74:16)
| │ at onFailure (retry_for_success.ts:18:9)
| │ at retryForSuccess (retry_for_success.ts:86:7)
| │ at RetryService.try (retry.ts:52:12)
| │ at waitForKnowledgeBaseReady (helpers.ts:58:3)
| │ at Context.<anonymous> (knowledge_base_status.spec.ts:31:7)
| │ at Object.apply (wrap_function.js:74:16)
## Summary
Closes https://github.com/elastic/kibana/issues/195363
Adds support for ` ... WHERE ... ` expressions inside `STATS` command.
Like
```
FROM index | STATS a WHERE b
```
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Stratoula Kalafateli <efstratia.kalafateli@elastic.co>
