## Summary
This PR https://github.com/elastic/elasticsearch/pull/125251 adds
highlighting for the code blocks so it is not needed to be added on the
kibana side. This PR removes it.
I didnt run the script because it will remove the highlighting. It will
run next Monday with @craigtaverner 's PR being merged
## Summary
A [recent PR](https://github.com/elastic/kibana/pull/212558/files) (3
weeks ago) migrated docs under `/docs` folder, from `.asciidoc` to
`.md`.
Unfortunately, some of these docs (well, at least one) were generated
automatically using a script:
`node scripts/build_plugin_list_docs.js` was updating the
`docs/developer/plugin-list.asciidoc`
As a result of the migration:
The CI pipeline step fails, and the list of plugins is no longer
updated.
Besides:
* The https://www.elastic.co/guide/en/kibana/current/plugin-list.html is
currently broken.
* This page is (or should be) built from
https://github.com/elastic/kibana/blob/main/docs/extend/plugin-list.md,
which is also broken.
They are broken cause some plugins' descriptions use the pipe `|`
character, which breaks the Markdown layout.
This PR updates the logic that generates the plugin-list, switching from
`.asciidoc` to `.md`, and escaping `\n` and `|` characters to allow for
better descriptions.
## Summary
This PR changes the privilege's actions merging logic for the composable
and deprecated Kibana features. The change makes it possible to have any
number of composable and deprecated features chained by `replaceBy`,
`composedOf`, or a combination of the two.
Under the hood, the privileges factory sorts all deprecated and
composable privileges using Kahn's algorithm for topological sorting,
similar to what is used to sort Kibana plugin dependencies. This allows
us to not only detect cyclical dependencies but also sort privileges in
the proper order depending on their dependency chain.
The use cases addressed by this change are best illustrated by the
`actions should respect composedOf when specified with replaceBy at the
privilege` test in `privileges.test.ts`.
## Summary
Fixes#210258
This PR adds an `aria-label` with the same content as the title to solve
the "Button must have a discernible text" A11y critical issue.
## How to test
1. Download the [axe
devtools](https://chromewebstore.google.com/detail/axe-devtools-web-accessib/lhdoppojpmngadmnindnejefpokejbdd)
2. Go into a service overview and run the scanner from axe devtools
3. You should see a critical error
4. Checkout this branch
5. Error should be solved
This PR updates the ES|QL grammars (lexer and parser) to match the
latest version in Elasticsearch.
---------
Co-authored-by: Stratoula Kalafateli <efstratia.kalafateli@elastic.co>
Closes#215134
Using `helm upgrade --install` lets the user run the helm command
multiple times to, for example, upgrade to the new version after a stack
release.
## How to test
1. Run Kibana and navigate to the K8S OTel onboarding flow
2. Execute snippets provided by the flow
3. Copy only the `helm upgrade --install ...` part of the second snippet
and execute it again
4. Make sure the command succeeds
Co-authored-by: Joe Reuter <johannes.reuter@elastic.co>
Adds a type and color for `Executable` flamegraph nodes.
The new type will be used by [this
change](https://github.com/elastic/elasticsearch/pull/119115) in the ES
profiling plugin (the required code change from grouping by process name
to grouping by executable name needs tbd).
## Summary
Extracts `collectEnvFromLabels` to a separate module, so it can be used
in the flaky test runner. With this, the label `ci:use-chrome-beta` will
be passed along to the flaky test runner, allowing for flaky testing on
chrome beta.
Other labels we treat as modifiers for PR behavior through setting env
variables should also be added to this set of mapping.
This PR updates the function definitions and inline docs based on the
latest metadata from Elasticsearch.
---------
Co-authored-by: Stratoula Kalafateli <efstratia.kalafateli@elastic.co>
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[elastic-apm-node](https://redirect.github.com/elastic/apm-agent-nodejs)
| dependencies | patch | [`^4.11.1` ->
`^4.11.2`](https://renovatebot.com/diffs/npm/elastic-apm-node/4.11.1/4.11.2)
|
---
### Release Notes
<details>
<summary>elastic/apm-agent-nodejs (elastic-apm-node)</summary>
###
[`v4.11.2`](https://redirect.github.com/elastic/apm-agent-nodejs/releases/tag/v4.11.2)
[Compare
Source](https://redirect.github.com/elastic/apm-agent-nodejs/compare/v4.11.1...v4.11.2)
For more information, please see the
[changelog](https://www.elastic.co/guide/en/apm/agent/nodejs/current/release-notes-4.x.html#release-notes-4.11.2).
##### Elastic APM Node.js agent layer ARNs
|Region|ARN|
|------|---|
|af-south-1|arn:aws:lambda:af-south-1:267093732750:layer:elastic-apm-node-ver-4-11-2:1|
|ap-east-1|arn:aws:lambda:ap-east-1:267093732750:layer:elastic-apm-node-ver-4-11-2:1|
|ap-northeast-1|arn:aws:lambda:ap-northeast-1:267093732750:layer:elastic-apm-node-ver-4-11-2:1|
|ap-northeast-2|arn:aws:lambda:ap-northeast-2:267093732750:layer:elastic-apm-node-ver-4-11-2:1|
|ap-northeast-3|arn:aws:lambda:ap-northeast-3:267093732750:layer:elastic-apm-node-ver-4-11-2:1|
|ap-south-1|arn:aws:lambda:ap-south-1:267093732750:layer:elastic-apm-node-ver-4-11-2:1|
|ap-southeast-1|arn:aws:lambda:ap-southeast-1:267093732750:layer:elastic-apm-node-ver-4-11-2:1|
|ap-southeast-2|arn:aws:lambda:ap-southeast-2:267093732750:layer:elastic-apm-node-ver-4-11-2:1|
|ap-southeast-3|arn:aws:lambda:ap-southeast-3:267093732750:layer:elastic-apm-node-ver-4-11-2:1|
|ca-central-1|arn:aws:lambda:ca-central-1:267093732750:layer:elastic-apm-node-ver-4-11-2:1|
|eu-central-1|arn:aws:lambda:eu-central-1:267093732750:layer:elastic-apm-node-ver-4-11-2:1|
|eu-north-1|arn:aws:lambda:eu-north-1:267093732750:layer:elastic-apm-node-ver-4-11-2:1|
|eu-south-1|arn:aws:lambda:eu-south-1:267093732750:layer:elastic-apm-node-ver-4-11-2:1|
|eu-west-1|arn:aws:lambda:eu-west-1:267093732750:layer:elastic-apm-node-ver-4-11-2:1|
|eu-west-2|arn:aws:lambda:eu-west-2:267093732750:layer:elastic-apm-node-ver-4-11-2:1|
|eu-west-3|arn:aws:lambda:eu-west-3:267093732750:layer:elastic-apm-node-ver-4-11-2:1|
|me-south-1|arn:aws:lambda:me-south-1:267093732750:layer:elastic-apm-node-ver-4-11-2:1|
|sa-east-1|arn:aws:lambda:sa-east-1:267093732750:layer:elastic-apm-node-ver-4-11-2:1|
|us-east-1|arn:aws:lambda:us-east-1:267093732750:layer:elastic-apm-node-ver-4-11-2:1|
|us-east-2|arn:aws:lambda:us-east-2:267093732750:layer:elastic-apm-node-ver-4-11-2:1|
|us-west-1|arn:aws:lambda:us-west-1:267093732750:layer:elastic-apm-node-ver-4-11-2:1|
|us-west-2|arn:aws:lambda:us-west-2:267093732750:layer:elastic-apm-node-ver-4-11-2:1|
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xMDcuMCIsInVwZGF0ZWRJblZlciI6IjM5LjEwNy4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJUZWFtOkNvcmUiLCJiYWNrcG9ydDpwcmV2LW1pbm9yIiwicmVsZWFzZV9ub3RlOnNraXAiXX0=-->
Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com>
## Summary
Closes#213294
This PR replaces the custom theme switcher in favor of the native
toolbar customization SB has integrated.
Also removed `@storybook/icons` which was only used in the theme
switcher component.
## How to test
1. Run `yarn storybook <plugin>`
2. You should be able to change between themes on the toolbar.
## Summary
With #212397 we added 2 tests for Discover app (loading `/app/discover`)
to track:
- js bundles loaded on page
- perf metrics like CPU time, Layout time and Script time fetched with
CDP Performance Domain API
While the first test for bundles _didn't report any failures_, second
test to validate Perf metrics fails periodically:
https://buildkite.com/elastic/kibana-on-merge-unsupported-ftrs/builds/34729#0195a4de-6cd5-4d1e-be11-5d02be6de2b0
```
Error: CPU time (seconds) usage during page navigation should not exceed 1.5 seconds
expect(received).toBeLessThan(expected)
Expected: < 1.5
Received: 1.591343
```
https://buildkite.com/elastic/kibana-on-merge-unsupported-ftrs/builds/34877
```
Error: Additional time spent executing JS scripts should not exceed 0.5 second
expect(received).toBeLessThan(expected)
Expected: < 0.5
Received: 0.601434
```
https://buildkite.com/elastic/kibana-on-merge-unsupported-ftrs/builds/34899
```
Error: Total layout computation time should not exceed 0.06 second
expect(received).toBeLessThan(expected)
Expected: < 0.06
Received: 0.061723
```
https://buildkite.com/elastic/kibana-on-merge-unsupported-ftrs/builds/34912#0195adb8-4536-42b7-ab4d-524535fdad9a
```
Error: Additional time spent executing JS scripts should not exceed 0.5 second
expect(received).toBeLessThan(expected)
Expected: < 0.5
Received: 0.561259
```
It was worth an experiment, but due to flakiness we decided to keep only
bundles limits validation for now and see if it is stable in the long
run.
If Data-Discovery team has interest in collecting Perf metrics without
strict validation in PRs, we can discuss the options. Alternatively we
can wait for Scout GA and you can deep dive into your own performance
testing with Playwright/CDP.
## Summary
I refactored the flapping code on ON week in PR
https://github.com/elastic/kibana/pull/213825 , and I removed an
optimization for removing recovered alerts from the task state that we
don't need to track for flapping. This PR adds it back.
### Checklist
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
### To verify
1. Create an rule let it be active for a little and then let it recover.
2. Verify that once the flapping array doesn't have any `true` values
changes
## Summary
Fixes https://github.com/elastic/kibana/issues/213324
For some reason this PR https://github.com/elastic/kibana/pull/213928
didn't catch that the changes make the test fail. This PR fixes it.
After this, we'll be able to backport the original PR.
(The pattern of using `data-attr-field` is already used in Discover so I
think it's a good opportunity to align)
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Nick Partridge <nicholas.partridge@elastic.co>
## [Security Solution] [Attack discovery] Prompt updates
This PR contains updates to the following Attack discovery prompts:
- `attackDiscoveryPrompt`
- `continuePrompt`
- `refinePrompt`
Thank you @mgarzon for these improvements!
## Summary
This PR continues and finalizes the pre-work done in
https://github.com/elastic/kibana/pull/214889. Once this PR is merged,
the actual alert summary page content implementation will begin. We need
a dataView to be created before being able to fetch any data. The
`wrapper.tsx` component creates a dataView.
- While the dataView is being created, a loading skeleton mimicking the
future layout of the alert summary page is rendered.
- If the dataView fails to be correctly created (meaning if it comes
back undefined or without an id) we show an error message.
- If the dataView is correctly created, we continue to the alert summary
page (currently just a div)
https://github.com/user-attachments/assets/f1c8f63e-30a0-4186-94b6-f18a18a89218
## How to test
This needs to be ran in Serverless:
- `yarn es serverless --projectType security`
- `yarn serverless-security --no-base-path`
You also need to enable the AI for SOC tier, by adding the following to
your `serverless.security.dev.yaml` file:
```
xpack.securitySolutionServerless.productTypes:
[
{ product_line: 'ai_soc', product_tier: 'search_ai_lake' },
]
```
Use one of these Serverless users:
- `platform_engineer`
- `endpoint_operations_analyst`
- `endpoint_policy_manager`
- `admin`
- `system_indices_superuser`
### Notes
You'll need to either have some AI for SOC integrations installed, or
more easily you can change the `alert_summary.tsx` line 38 from `if
(installedPackages.length === 0) {` to `if (installedPackages.length >
0) {` to force the wrapper component to render.
### Checklist
- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
Closes#215229
## Summary
This PR adds the `USER_AGENT_VERSION` missing field to the
`optionalFields` query fields
## Testing
- Find a trace with user agent version (on the edge oblt we have it for
`elastic-co-frontend` for example)
- Go to the transaction tab (in case of `elastic-co-frontend` click on
`/blog/:id`)
If the user agent version is available it should be visible in the trace
summary:
<img width="1155" alt="image"
src="https://github.com/user-attachments/assets/75b7e331-44d0-4d1c-8060-815c269e23c9"
/>
Resolves https://github.com/elastic/kibana/issues/202564
## Summary
The test is testing for the number of alerts generated assuming the AAD
rule runs 3 times (2 alerts per run). It looks like sometimes, the rule
only runs twice before the telemetry is collected so this updates the
test to verify the number of alerts based on the number of times the
rule ran.
---------
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
## Summary
We've done a lot of UA changes against 8.18 and 8.x but we did not port
them to `main`. The reason we did not do the active development against
`main` is because UA is disabled on main and we need those features in
8.last not on `9.0` initially. This port is to keep the codebase
consistent and to be able to use these new UA features in the future
post `9.0`.
Any issues that that are caused from this port we should wrap them in a
config and disabled them on main and enable this new flag on `8.x`.
What is being ported?
- [x] Upgrade assistant plugin
(`x-pack/platform/plugins/private/upgrade_assistant`)
- [x] Integration test changes
(`x-pack/test/upgrade_assistant_integration`)
- [x] new UA doc links
(`src/platform/packages/shared/kbn-doc-links/src/get_doc_links.ts`)
- [x] localization files sync
(`x-pack/platform/plugins/private/translations/translations/*.json`)
- [x] Unfreeze is no longer supported after `8.x`. So removed it from
data streams readonly migration step and throw an error for regular
indices migration.
Closes https://github.com/elastic/kibana/issues/210490
---------
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
### Authz API migration for unauthorized routes
This PR migrates last unauthorized routes owned by your team to a new
security configuration.
Please refer to the documentation for more information: [Authorization
API](https://docs.elastic.dev/kibana-dev-docs/key-concepts/security-api-authorization)
### **Before migration:**
```ts
router.get({
path: '/api/path',
...
}, handler);
```
### **After migration:**
```ts
router.get({
path: '/api/path',
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization because ...',
},
},
...
}, handler);
```
This reverts commit d8f6bd694b.
## Summary
Since this upgrade, we're getting 404 on failed test annotation.
Reverting this while we figure out what's causing it.
## Summary
Skips the basic license cases list view test since it is expecting the
cases list to not to be present for a basic/essentials tier license, but
the FIPS pipeline always runs with a platinum license override.
## Summary
Relates https://github.com/elastic/kibana/issues/206244
Adding `custom_assets` to `fleet-synced-integrations` index, including
all component templates and ingest pipelines that has suffix `@custom`
and belong to a package.
In a follow up pr will add logic to read and install the custom assets
on the remote cluster.
To verify:
- enable feature flag `enableSyncIntegrationsOnRemote`
- add a remote es output with `sync_integrations` enabled
```
xpack.fleet.outputs:
- name: 'Preconfiged remote output'
type: 'remote_elasticsearch'
id: 'remote-output2'
hosts: ["http://192.168.64.1:9200"]
sync_integrations: true
kibana_url: "http://localhost:5601"
secrets:
service_token: token
kibana_api_key: key
```
- visit Fleet UI to let setup run that creates
`fleet-synced-integrations` index
- add system integration and create a custom component template and
ingest pipeline
- wait 5m for the async task to run
- verify that the `fleet-synced-integrations` index contains the custom
assets populated
- delete one of the assets or uninstall the package
- wait 5m for the task to run again
- verify that the assets are marked with `is_deleted:true` and has a
`deleted_at` field set
```
GET fleet-synced-integrations/_search
{
"_index": "fleet-synced-integrations",
"_id": "fleet-synced-integrations",
"_score": 1,
"_source": {
"remote_es_hosts": [
{
"hosts": [
"http://192.168.64.1:9200"
],
"name": "Preconfiged remote output",
"sync_integrations": true
}
],
"integrations": [
{
"package_version": "1.67.3",
"updated_at": "2025-03-20T07:17:55.143Z",
"package_name": "system"
}
],
"custom_assets": {
"component_template:logs-system.auth@custom": {
"type": "component_template",
"name": "logs-system.auth@custom",
"package_name": "system",
"package_version": "1.67.3",
"is_deleted": false,
"template": {
"mappings": {
"properties": {
"new_field": {
"type": "text"
}
}
}
}
},
"ingest_pipeline:logs-system.auth@custom": {
"pipeline": {
"processors": [
{
"user_agent": {
"field": "user_agent"
}
}
],
"version": 1
},
"package_version": "1.67.3",
"is_deleted": false,
"name": "logs-system.auth@custom",
"package_name": "system",
"type": "ingest_pipeline"
}
},
"custom_assets_error": {}
}
}
```
<img width="1296" alt="image"
src="https://github.com/user-attachments/assets/35503453-ab4a-4649-a889-27dd188e3d55"
/>
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
## Summary
Replace EuiTooltip with EuiCallout to fix an a11y issue:
Title and Description fields are missing accessible label on Dashboard details
page
## Summary
Add a new telemetry task to the security solution plugin to collect
ingest pipeline stats. The new task runs once a day, calls the
`_nodes/stats/ingest` API, and sends an EBT event with the following
information:
```js
export interface NodeIngestPipelinesStats {
name: string;
totals: Totals;
pipelines: Pipeline[];
}
export interface Pipeline {
name: string;
totals: Totals;
processors: Processor[];
}
export interface Processor {
name: string;
totals: Totals;
}
export interface Totals {
count: number;
time_in_millis: number;
current: number;
failed: number;
}
```
### Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
---------
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Co-authored-by: Ryland Herrick <ryalnd@gmail.com>
## Summary
Previously, editing the query would reset the index field to `_all`.
This was due to using `useState` instead of `useRef` to store the query
value.
Closes https://github.com/elastic/kibana/issues/214416
How to test
1. Go to search profiler
2. Enter an index name, anything but `_all` - which is already there
3. Edit the query
4. Did the index value remain unchanged? Good! Its fixed!
ALSO - need to test to make sure this works with content in the url.
