* docs(NA): update wording around embracing the monorepo
* docs(NA): best practises around breaking up packages
* Update best_practices.mdx
Co-authored-by: Spencer <email@spalger.com>
* Add spread prop to tag
* Use spread prop in Rule Details page
* Add unit test for spread prop
* Update tag props type
* Fix type guard
* use generic type to make code cleaner
* Updating var name
* Update data test obj
* [Code Review] Fix lazy import
Co-authored-by: Xavier Mouligneau <xavier.mouligneau@elastic.co>
* Fixed the problem with picking the absent page on filter change.
* Fixed weird behavior after the empty table.
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## [Security Solution] Fixes: Queries with `nested` field types fail open with `failed to create query: [nested] failed to find nested object under path [threat.enrichments]` errors for indexes where the nested fields are unmapped
This PR implements a fix for <https://github.com/elastic/kibana/issues/130340>, where queries with [nested](https://www.elastic.co/guide/en/elasticsearch/reference/current/nested.html) field types failed open with `failed to create query: [nested] failed to find nested object under path [threat.enrichments]` errors for indexes where the nested fields are unmapped.
The fix uses the new `nestedIgnoreUnmapped` option to the `buildEsQuery` API introduced in <https://github.com/elastic/kibana/pull/134580> as a fix for issue <https://github.com/elastic/kibana/issues/130348>.
Please see <https://github.com/elastic/kibana/issues/130340> for a deep dive on the issue being fixed.
### Before
❌ Before this fix, Timeline queries that used the `nested` query syntax in requests did NOT contain the `ignore_unmapped` option, per the example request below:
```json
"nested": {
"path": "threat.enrichments",
"query": {
"bool": {
"should": [
{
"match": {
"threat.enrichments.matched.atomic": "a4f87cbcd2a4241da77b6bf0c5d9e8553fec991f"
}
}
],
"minimum_should_match": 1
}
},
"score_mode": "none"
}
```
_Above: Timeline requests for fields with the `nested` query syntax did NOT contain the `ignore_unmapped` option (when inspected)_
When indexes where the nested fields were unmapped were searched:
- Elasticsearch returned a `200` status code
- The response from Elasticsearch included shard failures, per the example response below:
```json
"_shards": {
"total": 5,
"successful": 3,
"skipped": 0,
"failed": 2,
"failures": [
{
"shard": 0,
"index": ".ds-logs-endpoint.events.process-default-2022.06.13-000001",
"node": "3nAChOVOQKy92bhuDztcgA",
"reason": {
"type": "query_shard_exception",
"reason": "failed to create query: [nested] failed to find nested object under path [threat.enrichments]",
```
_Above: Timeline responses contained shard failures (when inspected)_
### After
✅ After this fix, Timeline queries that use the `nested` syntax in requests contain the `"ignore_unmapped": true` option, per the example request below:
```json
"nested": {
"path": "threat.enrichments",
"query": {
"bool": {
"should": [
{
"match": {
"threat.enrichments.matched.atomic": "a4f87cbcd2a4241da77b6bf0c5d9e8553fec991f"
}
}
],
"minimum_should_match": 1
}
},
"score_mode": "none",
"ignore_unmapped": true
}
```
_Above: Timeline requests with the `nested` query syntax `"ignore_unmapped": true` option (when inspected)_
When indexes where the nested fields were unmapped are searched:
- Elasticsearch (still) returs a `200` status code
- The response from Elasticsearch does NOT include shard failures, per the example response below:
```json
"_shards": {
"total": 5,
"successful": 5,
"skipped": 0,
"failed": 0
},
```
### A tail of two `convertToBuildEsQuery` functions
While fixing this PR, it was noted that there are two different implementations of the `convertToBuildEsQuery` function in:
- `x-pack/plugins/security_solution/public/common/lib/keury/index.ts`
- `x-pack/plugins/timelines/public/components/utils/keury/index.ts`
The implementations of these functions are not the same. Specifically, the return type of the former implementation is:
```ts
[string, undefined] | [undefined, Error]
```
and the latter is just:
```ts
string
```
- This PR reduces the implementations of `convertToBuildEsQuery` down to a single function exported by the `timelines` plugin in `x-pack/plugins/timelines/public/components/utils/keury/index.ts`
- To minimize the scope of the changes in this PR, the previous Security Solution implementation in `x-pack/plugins/security_solution/public/common/lib/keury/index.ts` re-exports the new `timelines` implementation.
### Desk testing
See the _Reproduction steps_ section of <https://github.com/elastic/kibana/issues/130340> for details
* test: migrate some tests to testing-library
* test: re-add some data-test-sub attributes
* test: re-add some more data-test-subj attributes
* test: test: migrate some more tests to testing-library
* test: update snapshots
* [QA][Code Coverage] Add a link to discover pinned to the current build.
When personnel other than myself wish to visually verify code coverage,
this link will be available in the ci output.
* Drop single quotes.
* Add annotation per J Budz.
* Fixup text.
* Drop debug.
* fix onDataLoadEnd and onDataLoadError event handler callbacks only called for source data requests
* dataLoadEnd
Co-authored-by: Liza Katz <liza.katz@elastic.co>
* [Enterprise Search]Add util function to create Kea logic files for API calls
* Fixed unit tests for add custom source logic
* Make Status an enum, add tests, move flash messages
* Fix some more tests
* [Discover] extract doc table tests into a new folder
* [Discover] switch to data grid
* [Discover] apply suggestions
* [Discover] adapt scripted fields tests for data grid
* [Discover] apply suggestions
* [Discover] apply for another part
Moves some ML utility code to packages.
- @kbn/ml-agg-utils contains multiple utilities used in combination related to building aggregations.
- @kbn/ml-is-populated-object contains the isPopulatedObject() utility function used across several plugins.
- @kbn/ml-string-hash contains the stringHash() utility function used across several plugins.
