## Show backfill group for manual runs
UX - copy is not final, there will be an additional ticket for that,
which we address later
After user execute manual rule API we will present backfill group.
Backfill group contains 1 to N scheduled entries. Each of the entry - is
associated with rule run (potential, in progress, completed)
Backfill group is removed after all task completed, so this why they
disappear from UI in the video
- Show amount of tasks
- Ability to cancel run
- There auto refresh - which is disabled by default, as backfills group
remove after completion
35823ac5-de20-4082-819f-030ccc524e82
### How to test
1 . Enable feature flag - `manualRuleRunEnabled`
2. For you rule call schedule api
`/internal/alerting/rules/backfill/_schedule` `POST`
With this body (put your values for rule id and date range):
```
[{"rule_id":"58b4b926-6348-4c23-be1f-870a461fa342","start":"2024-05-21T13:00:00.000Z","end":"2024-05-21T14:05:00.000Z"}]
```
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Currently components outside of alert table do not refresh after
changing status with bulk action. This PR adds global query refresh in
bulk actions
- https://github.com/elastic/kibana/issues/183025
No grouping
0490187d-9f3e-49d0-80b3-4cd75e8fdbf8
Grouping
80e55fda-2f89-4c8d-a882-2df413cb3560
## Summary
Fixes needed for getting CI to pass when EUI throws an error if
attempting to render a component without the EuiProvider in the render
tree.
## Detailed description
In https://github.com/elastic/kibana/pull/180819, I will deliver a
change that will cause EUI components to throw an error if the
EuiProvider context is missing. This PR comes in as part of the final
work to get all functional tests passing in an environment where EUI
will throw the error. The tied to the ["Fix 'dark mode' inconsistencies
in Kibana" Epic](https://github.com/elastic/kibana-team/issues/805) has
so far been in preparation for this.
**Reviewers: Please interact with critical paths through the UI
components touched in this PR, ESPECIALLY in terms of testing dark mode
and i18n.**
<img width="1107" alt="image"
src="c0d2ce08-ac35-45a7-8192-0b2256fceb0e">
### Checklist
Delete any items that are not applicable to this PR.
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] This renders correctly on smaller devices using a responsive
layout. (You can test this [in your
browser](https://www.browserstack.com/guide/responsive-testing-on-local-server))
- [ ] This was checked for [cross-browser
compatibility](https://www.elastic.co/support/matrix#matrix_browsers)
## Summary
This PR fixes a regression from PR #180016 where the support to the
custom title on the `useGetGroupSelector` hook was dropped and the
Findings DataTables was displaying "Group alerts by" instead of "Group
findings by". Unit tests were added to prevent further regressions.
## Screenshots
## Summary
Closes https://github.com/elastic/kibana/issues/181402 (for now)
This test has only failed once so far, there is nothing obvious in the
logs as to why the transform is in a stopped state, I have added some
more logging so we can dig further if it fails again.
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Added CSP and Cloud Defend plugins into Exclude Package list for oblt
projects in Serverless
Co-authored-by: Maxim Kholod <maxim.kholod@elastic.co>
## Summary
Fixes https://github.com/elastic/kibana/issues/183916
Decouple synthetics settings from uptime , since uptime isn't available
in serverless !!
### Test cases
- [ ] Make sure synthetics settings continue to work as expected in
serverless/stateful
- [ ] Make sure uptime settings continues to work as expected in
serverless/stateful
- [ ] if User have uptime settings saved, those should be copied over to
synthetics first time
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
cypress reporter will occasionally get an empty result object - it draws
attention from other error messages in the stream, and allows misleading
conclusions
let's not fail reporting because of that, and hope that the real error
will also surface.
See:
https://buildkite.com/elastic/kibana-pull-request/builds/212655#018fc04b-e385-4760-87db-41b65f86fb40
---------
Co-authored-by: Patryk Kopycinski <contact@patrykkopycinski.com>
Relates to https://github.com/elastic/kibana/issues/183406.
## 📝 Summary
This PR creates a new plugin `data_quality` in order to register dataset
quality as a Stack management page under data section. For now there is
no reference to this new page in the sideNav in stateful or serverless.
In order to navigate to this new page you can use the url
`/app/management/data/data_quality`
Changes included in this PR:
- New plugin created
- Plugin registered in stack management, data section
- Dataset quality plugin is instantiated and the state is in sync with
URL
- Removed references to dataset quality in Logs explorer
## 🎥 Demo
501c9c47-4a1b-4f91-9be6-d022a821e88e
## 🙅🏼 Missing
- Dataset quality locator
- There are still references to logs explorer (table and flyout) that
will be handled in a follow up PR.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
We aggregate on disabledFeatures in [Spaces Usage
Collector](5e95a76796/x-pack/plugins/spaces/server/usage_collection/spaces_usage_collector.ts (L38)),
but field was removed from mappings. Added `disabledFeatures` back to
mappings.
### How to Test
1. Create a couple of spaces with disabled features.
```
POST kbn:/api/spaces/space
{
"name": "my-space-1",
"id": "my-space-1",
"description": "a description",
"color": "#5c5959",
"disabledFeatures": ["canvas", "discover"]
}
POST kbn:/api/spaces/space
{
"name": "my-space-2",
"id": "my-space-2",
"description": "a description",
"color": "#5c5959",
"disabledFeatures": ["savedObjectsManagement", "canvas"]
}
```
2. Make a request to stats endpoint and check that `disabledFeatures`
counters.
```
POST kbn:/internal/telemetry/clusters/_stats
{
"unencrypted": true, "refreshCache": true
}
```
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
### For maintainers
- [x] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
__Fixes: https://github.com/elastic/kibana/issues/184194__
## Release note
Added `disabledFeatures` back to mappings, so it can be aggregated on.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Address #183698
This MR introduces a new internal DQD `GET` endpoint for fetching index
results by pattern without aggregation in descending order by
`@timestamp`:
`GET /internal/ecs_data_quality_dashboard/results/:pattern`
This new endpoint supports additional query params like:
- `from` - es search pagination offset
- `size`- es search query response size
- `outcome` - es search query response filter by presence/absence of
`incompatibleFieldCount` field
- `startDate` - es search query response filter by `@timestamp`
(inclusive)
- `endDate`- es search query response filter by `@timestamp` (inclusive)
This endpoint returns a list of historical index `results` sorted by
`@timestamp` and a `total` number of results for facilitating pagination
on client.
Additionally this MR updates latest results endpoint to have simplified
naming for improved consistency, lifts shared functionality into a
helper function and adds necessary unit tests.
In particular:
- `GET
/internal/ecs_data_quality_dashboard/results/indices_latest/:pattern`
has been simplified to just `GET
/internal/ecs_data_quality_dashboard/results_latest/:pattern`. All
respective server and client code has been updated.
## How to test
Example:
- `GET
/internal/ecs_data_quality_dashboard/results/logs-*?from=5&size=5&outcome=fail&startDate=now-1w/w&endDate=now`
- `GET /internal/ecs_data_quality_dashboard/results_latest/logs-*`
## Summary
Closes https://github.com/elastic/kibana/issues/172265
## Description
This PR adds the Degraded Fields Table to the Dataset Quality Flyout for
individual Data Stream. Following tasks were done as part of this PR
1. A new server side endpoint created which queries the `datastream`
directly and aggregates `_ignored` fields for that data stream during
the given time range and also adds a sub aggregation for last occurence.
2. On the UI Side, the table was added with 3 columns as mentioned in
the Original ticket - Field, Count and Last Occurrence
3. The UI currently supports clients side sorting and pagination. We can
move this to server side pagination sorting if required in the future.
4. The Flyout also supports sync with the URL which means user can
navigate to the Dataset Quality page where the flyout would be open and
Sorting and Pagination would be pre-applied
5. API Tests
6. Stateful and Serverless FTR tests
## Screenshot
<img width="1278" alt="image"
src="36a9b5cd-de05-4d17-99a2-cc08ec4583dd">
## Scenario
1. Spin up a 8.14-snapshot instance
2. Ingest degraded docs
3. Upgrade to 8.15-snapshot
4. Open Data Set Quality Flyout and see how the page looks like
<img width="1286" alt="image"
src="100f3c8c-b697-4f81-ac7e-427d0f468407">
## Summary
This PR
1. Show KQL error messages to the UI
2. Respect the `query:allowLeadingWildcards` advance setting in the MW
## Testing
Verify that the bug except the one about DSL filtering described in
https://github.com/elastic/kibana/issues/168600 is fixed. Also, test the
following scenarios.
### Actions
**Error**:
1. Go to Stack -> Advanced setting and disable
`query:allowLeadingWildcards`
2. Create a rule with an action and make the action conditional by
toggling the "If alert matches query"
3. Add a KQL like `kibana.alert.instance.id : *development`. The leading
`*` is important
4. Save the rule. You should see a toaster error with a message about
`query:allowLeadingWildcards`
**Happy path**:
1. Go to Stack -> Advanced setting and make sure
`query:allowLeadingWildcards` is enabled
2. Create a rule with an action and make the action conditional by
toggling the "If alert matches query"
3. Add a KQL like `kibana.alert.instance.id : *development`. The leading
`*` is important
4. Save the rule. You should not see any errors.
### Maintenance Windows
**Error**:
1. Go to Stack -> Advanced setting and disable
`query:allowLeadingWildcards`
2. Go to Stack -> Maintenance Windows -> Create window
3. Toggle "Filter alerts" and add a KQL like `kibana.alert.instance.id :
*development`. The leading `*` is important
4. Create the MW. You should see a toaster error with a message about
`query:allowLeadingWildcards`
**Happy path**:
1. Go to Stack -> Advanced setting and make sure
`query:allowLeadingWildcards` is enabled
2. Go to Stack -> Maintenance Windows -> Create window
3. Toggle "Filter alerts" and add a KQL like `kibana.alert.instance.id :
*development`. The leading `*` is important
4. Create the MW. You should not see any errors.
Fixes: https://github.com/elastic/kibana/issues/168600
### Checklist
Delete any items that are not applicable to this PR.
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
### For maintainers
- [x] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
## Release notes
Show errors about invalid KQL in conditional actions and respect the
`query:allowLeadingWildcards` advanced setting in maintenance windows
## Summary
Closes https://github.com/elastic/kibana/issues/161047
- Removes the `save as` top nav menu button
- Also renames nav menu item `clone` to `duplicate` and make it
available in edit mode.
- The save dashboard modal no longer displays and open to save the
dashboard in context as new, given that we've chosen to explicitly
create a copy of the dashboard in context when either of the the
`duplicate` or `saveas` menu option is selected.
- includes bug fix for an issue where clicking the dashboard modal
scrolled the user to the content bottom, see
https://github.com/elastic/kibana/pull/180938#issuecomment-2117586572
## Before
### View mode
<img width="1728" alt="Screenshot 2024-04-16 at 15 59 10"
src="48dc4565-1f75-4f46-839c-8d76f4fedefe">
### Edit mode
<img width="1725" alt="Screenshot 2024-04-16 at 15 59 00"
src="1ac743ac-33b4-4f68-ab59-ad19ab58fa1c">
## After
#### Managed Dashboard
5072a501-8d16-4f25-9575-6f11fed6e580
#### View mode
610d0952-97f0-46b8-a0ea-1546a799d387
#### Edit mode
4f596c07-7bd1-4c5a-9131-0c78731cb113
<!-- ### Checklist
Delete any items that are not applicable to this PR.
- [ ] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [ ]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
- [ ] Any UI touched in this PR is usable by keyboard only (learn more
about [keyboard accessibility](https://webaim.org/techniques/keyboard/))
- [ ] Any UI touched in this PR does not create any new axe failures
(run axe in browser:
[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),
[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))
- [ ] If a plugin configuration key changed, check if it needs to be
allowlisted in the cloud and added to the [docker
list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)
- [ ] This renders correctly on smaller devices using a responsive
layout. (You can test this [in your
browser](https://www.browserstack.com/guide/responsive-testing-on-local-server))
- [ ] This was checked for [cross-browser
compatibility](https://www.elastic.co/support/matrix#matrix_browsers)
### Risk Matrix
Delete this section if it is not applicable to this PR.
Before closing this PR, invite QA, stakeholders, and other developers to
identify risks that should be tested prior to the change/feature
release.
When forming the risk matrix, consider some of the following examples
and how they may potentially impact the change:
| Risk | Probability | Severity | Mitigation/Notes |
|---------------------------|-------------|----------|-------------------------|
| Multiple Spaces—unexpected behavior in non-default Kibana Space.
| Low | High | Integration tests will verify that all features are still
supported in non-default Kibana Space and when user switches between
spaces. |
| Multiple nodes—Elasticsearch polling might have race conditions
when multiple Kibana nodes are polling for the same tasks. | High | Low
| Tasks are idempotent, so executing them multiple times will not result
in logical error, but will degrade performance. To test for this case we
add plenty of unit tests around this logic and document manual testing
procedure. |
| Code should gracefully handle cases when feature X or plugin Y are
disabled. | Medium | High | Unit tests will verify that any feature flag
or plugin combination still results in our service operational. |
| [See more potential risk
examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) |
### For maintainers
- [ ] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
-->
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Closes: https://github.com/elastic/observability-dev/issues/3397
## Description
The Obs Anomaly Detection Single Metric Viewer has an Anomalies table
with at least three tooltips that cannot be reached by keyboard focus.
Screenshot attached below.
### Steps to recreate
1. Open the [Obs Anomaly
Detection](https://issue-serverless-alpbx-pr180406-c06b1b.kb.eu-west-1.aws.qa.elastic.cloud/app/ml/jobs)
view
2. Create a new anomaly detection job
3. From the Anomaly Detection Jobs table, click the Single Metric Viewer
icon
4. Tab through the page, to the Anomalies table underneath the chart
5. Keep tabbing through the table
6. Verify the tooltips in the Severity, Actual, and Typical columns do
not become visible
**Resolves: https://github.com/elastic/kibana/issues/180141**
## Summary
As part of our migration strategy to the new schema, we need to start
writing the `rule_source` field together with the `immutable` field to
prepare for data migration. We need to ensure that all our endpoints
write the `rule_source` field before we start migrating detection rules
so we do not end up in a situation when our data is migrated but rule
CRUD endpoints continue writing the old format.
With this PR, we start writing `rule_source` on every rule modification
or creation. The `immutable` field is treated as the main field, and
`rule_source` is always derived from it.
### Summary
Removes the versioning from the _query api requests.
This ES PR removes the version from the _query requests
https://github.com/elastic/elasticsearch/pull/108919 and got backported
at 8.14 too. We need to also remove it from our side too to be in sync
with ES changes.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
If the connector's table shows a deprecated connector it crashes. This
PR fixes this issue by removing any usage of the deprecated access to
the EUI theme variables.
## Screenshots
<img width="541" alt="Screenshot 2024-05-28 at 1 34 48 PM"
src="a2aad5e3-c49c-476a-b7bf-37ec57ed03b9">
<img width="456" alt="Screenshot 2024-05-28 at 1 33 13 PM"
src="b2953215-1744-481b-8fbf-70a5df26fc30">
<img width="743" alt="Screenshot 2024-05-28 at 1 34 11 PM"
src="66b1e86f-f618-4a68-bdc0-7c6e1727a4b7">
## Testing
1. Create a deprecated SN connector.
2. Verify that the page that list all connectors (Stack Management ->
Connectors) does not crash
You can create a deprecated SN connector like:
```
curl --location 'https://localhost:5601/api/actions/connector' \
--header 'kbn-xsrf: true' \
--header 'Content-Type: application/json' \
--header 'Authorization: Basic <basic auth token>' \
--data-raw '{
"name": "SN",
"connector_type_id": ".servicenow",
"config": {
"apiUrl": "https://<whatever>.service-now.com/",
"usesTableApi": true <-- This makes the connector deprecated
},
"secrets": {
"username": "admin",
"password": "<whatever>"
}
}'
```
### For maintainers
- [x] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
## Summary
Address feedback in
https://github.com/elastic/kibana/pull/184119#issuecomment-2127689576
Relates https://github.com/elastic/ingest-dev/issues/3357
Moved root privileges callout with data streams from package policy
submit modal to the create/edit package policy page itself, so it is
more persistent than a modal window.
To verify:
- Go to System integration / Add integration
- Verify that the require root callout shows the data streams that
require root
<img width="974" alt="image"
src="bafdd556-c837-414d-8bbc-26a4463a8390">
- Go to System integration / Existing policies / Edit integration
- Verify that the require root callout is visible with data stream info
<img width="901" alt="image"
src="793ace68-7618-482e-a200-6b831d293c99">
- For package where all data streams require root, the callout is
unchanged.
<img width="876" alt="image"
src="902f7d3c-ddbc-4131-a19d-341aa1209430">
<img width="878" alt="image"
src="085e32df-033d-41ca-9805-5414854d9750">
- The require root callout is removed from the submit confirmation
modal.
<img width="1135" alt="image"
src="e360d74b-09d1-4a41-b2ff-f4a36656e3d4">
### Checklist
- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Resolves: #183867
This PR sets schema validation errors in subaction framework as user
error.
## To validate:
- Create a connector with subaction. (e.g. IBM Resilient)
- Modify schema validation code to get it throw an error
```
action.schema.validate({...subActionParams, foo:'bar'});
```
- Create a rule with that connector. And let it run, there should be a
user error on /`api/task_manager/metrics` API
Fixes: #180421
This PR allows ruleType executors to throw errors with source info
(FRAMEWORK or USER).
Please follow the instructions in the issue to validate the PR.
resolves https://github.com/elastic/response-ops-team/issues/198
## Summary
Ensures that connector execution doesn't occur for connectors that need a higher license than what is currently being used.
## To Verify
The basic idea is to create a > basic license connector in a trial license, and then downgrade the license to basic and see if that connector can still be run. Any connector besides server log and index can be used - those are the only connectors licensed for basic.
Start ES as follows to run with a trial license:
yarn es snapshot --license trial
Create a connector, and also create an alerting rule which uses the connector, and is arranged to always be active and alert on check intervals (not on status change). Ensure the connector runs when the alert is active, and that you can run it in "test" mode from the connector page.
Then go here, to change your license to basic:
http://localhost:5601/app/management/stack/license_management
You should now see the following sorts of messages logged by Kibana:
```
[ERROR][plugins.taskManager] Task actions:.email "a0df7b77-b6e5-461e-9699-178d6878f235" failed: Error: Action type .email is disabled because your basic license does not support it. Please upgrade your license.
[WARN ][plugins.alerting.index-threshold] Rule "c6780109-15b8-4816-ba96-266e4ddc482d" skipped scheduling action "gmail" because it is disabled
[ERROR][plugins.actions] Action 'gmail' failed: Action type .email is disabled because your basic license does not support it. Please upgrade your license.
```
When attenpting to "test" the connector, you should see the following result:
```
Test failed to run
The following error was found:
Forbidden
```
(we'll attempt to improve the message later as a follow-up)
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
