## Summary
Fixes: https://github.com/elastic/kibana/issues/190761
I've added a `handleKeyDown` to capture the `ESC` key press behavior.
1. First `ESC` finds any .euiFlyout and close it with`closeFlyout()`
from `useExpandableFlyoutApi()`, then stops.
2. Next `ESC` (when no flyout) clicks `openToggleRef.current`, toggling
the timeline modal closed.
https://github.com/user-attachments/assets/0e42f9e9-2694-429d-8a5a-df86aa671809
### Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
## Summary
Follow-up of https://github.com/elastic/kibana/pull/223367
Fix https://github.com/elastic/search-team/issues/10259
This PR introduce the concept of agent **mode**, and expose the "deep
research" agent as a mode instead of a tool.
## Examples
### Calling the Q/A (default) mode
```curl
POST kbn:/internal/onechat/chat
{
"nextMessage": "Find all info related to our work from home policy"
}
```
### Calling the researcher mode
```curl
POST kbn:/internal/onechat/chat
{
"mode": "researcher",
"nextMessage": "Find all info related to our work from home policy"
}
```
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
There's an issue where the `esArchiverLoad` migrates SO if any index
starting with `.kibana` is affected.
```
CypressError: `cy.task('esArchiverLoad')` failed with the following error:
> security_exception
Root causes:
security_exception: action [indices:admin/settings/update] is unauthorized for user [testing-internal] with effective roles [superuser] on restricted indices [.kibana_security_solution_1,.kibana_alerting_cases_1,.kibana_task_manager_1,.kibana_usage_counters_1,.kibana_1,.kibana_ingest_1,.kibana_analytics_1], this action is granted by the index privileges [manage,all]
```
This PR disables the test for MKI so it doesn't interfere with the
release, we'll work on a fix in a separate PR
Example MKI execution
https://buildkite.com/elastic/kibana-serverless-security-solution-quality-gate-investigations/builds/2889
---------
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Implements a huggingface dataset loader for RAG evals - see
[x-pack/platform/packages/shared/kbn-ai-tools-cli/src/hf_dataset_loader/README.md](https://github.com/dgieselaar/kibana/blob/hf-dataset-loader/x-pack/platform/packages/shared/kbn-ai-tools-cli/src/hf_dataset_loader/README.md).
Additionally, a `@kbn/cache-cli` tool was added that allows tooling
authors to cache to disk (possibly remote storage later).
Used o3 for finding datasets on HuggingFace and doing an initial pass on
a line-by-line dataset processor ([see
conversation](https://chatgpt.com/share/6853e49a-e870-8000-9c65-f7a5a3a72af0))
Libraries added:
- `cache-manager`, `cache-manager-fs-hash`, `keyv`,
`@types/cache-manager-fs-hash`: caching libraries and plugins. could not
find any existing caching libraries in the repo.
- `@huggingface/hub`: api client for HF.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
## Summary
Simplifies the function to extract the categorize function field. The
unit tests we had pass for the new implementation so I am sure we don't
introduce new bugs
## Summary
This PR fixes [[ML] Change point detection: p-value tooltip is not
announced because lack of
focus](https://github.com/elastic/kibana/issues/216545) issue.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
While testing the ES|QL charts I realized that in case of an error in
the query, the hook goes into a loop and causes performance issues.
As the error is being reported we do not need to re-run the query to get
the results
For example if you create a control wrongly.
e.g.
1. Create a chart and add a control which will create an error:
<img width="508" alt="image"
src="https://github.com/user-attachments/assets/f2013d2c-e161-47bf-a3cb-d5033be9de59"
/>
2. Add to the control no-date fields. e.g. clientip
3. Check the editor is not going into a rendering loop
<img width="482" alt="image"
src="https://github.com/user-attachments/assets/cc541b68-b317-41ae-b4a6-87569466edd6"
/>
### Release notes
Fixes a performance issue in the Lens ES|QL charts in case of errors in
the query.
### Checklist
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
## Summary
The Obs-ux-infra_services team identified a useful addition to the PR
checklist we'd like to add to help remind contributors to apply
backports to the appropriate branches per the guideline document.
## Summary
Main ticket ([Internal
link](https://github.com/elastic/security-team/issues/10142))
With these changes we make sure that we return attack discovery fields
reformatted to a nice markdown text. We already format discovery details
when we create a new Case and add markdown comment to it.
### To Test
1. Create attack discovery schedule
2. Add an action to the schedule (email, slack etc.)
3. Select `For each alert > Per rule run` action frequency
4. Update subject, body or other fields of the connector to include
discovery details through the context variables
5. Wait until the action is triggered and check the received message
### Example of the email connector fields
**Subject**:
```
{{context.attack.title}}
```
**Message**:
```
{{{context.attack.detailsMarkdown}}}
{{{context.attack.detailsUrl}}}
```
<img width="665" alt="Screenshot 2025-06-25 at 18 05 30"
src="https://github.com/user-attachments/assets/71b2e02b-0437-4486-a584-108bec4d477f"
/>
which will result in an email similar to this one
<img width="1125" alt="Screenshot 2025-06-25 at 17 54 32"
src="https://github.com/user-attachments/assets/fefe60f0-e560-4288-9ec8-d1d444feb950"
/>
## NOTES
The feature is hidden behind the feature flag (in `kibana.dev.yml`):
```
feature_flags.overrides:
securitySolution.attackDiscoveryAlertsEnabled: true
securitySolution.assistantAttackDiscoverySchedulingEnabled: true
```
## Summary
Part of https://github.com/elastic/kibana-team/issues/1503
This PR is mostly about moving tests from x-pack/test/
Before:
```
x-pack/test/
| - reporting_api_integration/
| - reporting_functional/
```
After:
```
x-pack/platform/test/
| - reporting_api_integration/
| - reporting_functional/
```
Few page objects, required by functional tests, were relocated as well
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Closes https://github.com/elastic/kibana/issues/218433
This change adds more descriptive error messages inside telemetry events
in the auto detect onboarding flow. The extended error message be shown
to the user as well.
* New telemetry event for the case when user is not running the script
as `root`
* If Agent fails to download, bot the original error from `curl` and the
download URL will be logged
* If Agent fails to extract, error message from `tar` command will be
logged
* If Agent fails to install, error message from `elastic-agent install`
command will be logged
* Error response from the integrations install endpoint will be logged
Example telemetry event:
Example terminal output:
## How to test
In order to simulate errors for all scenarios, you going to need to
modify the `auto_detect.sh` script to make it intentionally fail, like
adding extra character to the EA download URL. You can modify it
directly in the source if you're running Kibana locally, or you can
modify it after it was downloaded and before running it.
To test just one use-case without the script manipulations, you can
modify the EA download URL inside the code snippet provided by Kibana.
**Whatever way you choose, still go though the flow and make sure the
successful path works as expected.**
You can check the telemetry events emitted from the flow on [the staging
telemetry
cluster](https://telemetry-v2-staging.elastic.dev/s/observability-ux/app/discover#/?_g=(filters:!(),refreshInterval:(pause:!t,value:60000),time:(from:now-24h%2Fh,to:now))&_a=(columns:!(),dataSource:(dataViewId:b4befdd3-9a15-40c2-be4d-3ac1084d6182,type:dataView),filters:!(),interval:auto,query:(language:kuery,query:'event_type%20:%20%22observability_onboarding%22'),sort:!(!('@timestamp',desc)))),
but keep in mind that events delivered there with a delay of a couple of
hours 😢
---------
Co-authored-by: Joe Reuter <johannes.reuter@elastic.co>
## Summary
Bug description (also the bug video below):
The bug occurred in the Customize Panel Editor, where the
PanelTitle—even when matching the defaultTitle from the central Saved
Object—was not always properly synchronized with that object. This led
to situations where the title was incorrectly stored as a custom
override, breaking the link to the saved object. There were two specific
cases where this happened:
Adding a panel from the library, then opening Customize Panel and
clicking Apply without making changes
After adding a panel from the library, the user opens the Customize
Panel Editor via the settings icon. Without making any changes to the
title, they exit the editor by clicking the Apply button instead of the
close icon. This causes the defaultTitle to be unnecessarily written
into the title field of the API object, which then treats it as a custom
title—breaking future synchronization with the saved object.
Resetting the title to default after a change
The user changes the panel title in the Customize Panel Editor and
clicks Apply. Later, they reopen the editor and click Reset to default.
This correctly restores the title from the central saved object, but it
is again written into the title field of the API object. Although the
value matches the current defaultTitle, it is now treated as custom. If
the central title changes later, the panel title will no longer
update—breaking synchronization again.
Fix:
The logic was updated to correctly detect when the panel title matches
the defaultTitle. In such cases, it clears the title field in the API
(by setting it to undefined) to indicate that the panel should inherit
the title from the saved object. This ensures proper synchronization:
any future updates to the saved object's title will be reflected
automatically in the panel.
Closes#188858
Below the bug video:
https://github.com/user-attachments/assets/f784679c-8eaa-47b4-942d-e3802faee076
## Summary
The bug: A field with the expected name `user.name.keyword` but with the
wrong mapping was returned.
How to fix it? `fieldCaps` was returning unmapped mixed with mapped
fields. This change forces the API to return the `fields` property with
a list of all indices matching `user.name.keyword`.
More information on [this
slack](https://elastic.slack.com/archives/C0D8ST60Y/p1750661564933609) 🧵
### How to test it?
* Create an index with the correct mapping
```
PUT /test-index1
{
"mappings": {
"properties": {
"user.name.keyword": {
"type": "text"
}
}
}
}
```
* Create an index with the wrong mapping
```
PUT /test-index2
{
"mappings": {
"properties": {
"user.name.keyword": {
"type": "text"
}
}
}
}
```
* Go to the manage data sources page
* Only `test-index1` should be returned
## Summary
Fix the FORK removal logic to insert the branch in the correct position
when only one FORK branch is valid.
### How to reproduce it
* Start empty kibana
* Generate data with resolve_generator `node
x-pack/solutions/security/plugins/security_solution/scripts/endpoint/resolver_generator.js`
* Go to "Privileged user monitoring" page and add some privileged users
* On the Dashboard page, scroll down to "Privileged user activity" and
click the "Authentications" tab
* It should display "No results found" instead of an error
### Before fix
### After fix
### Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
## Summary
Coming from the conversation from here:
https://github.com/elastic/kibana/pull/225339#discussion_r2167248942 and
a proposal from @akowalska622, we noticed that the useMemoCss doesn't
catch the keys of the css object. This fixes it.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Skips the Dataset Quality API integration test suite which
depends on reading Failure Store index privileges. Because when this
test suite runs in Kibana 8.19 against ES 9.0 in a forward compatibility
test runs, it raises the error:
```bash
[00:04:43] │ proc [kibana] [2025-06-25T05:40:33.223+00:00][WARN ][http.server.kbn-internal-api-restricted] Access to uri [/internal/dataset_quality/data_streams/logs-synth.fs-default/details] with method [get] is deprecated {"service":{"node":{"roles":["background_tasks","ui"]}}}
[00:04:43] │ proc [kibana] [2025-06-25T05:40:33.252+00:00][ERROR][plugins.datasetQuality] illegal_argument_exception
[00:04:43] │ proc [kibana] Root causes:
[00:04:43] │ proc [kibana] illegal_argument_exception: unknown index privilege [read_failure_store]. a privilege must be either one of the predefined fixed indices privileges [all,auto_configure,create,create_doc,create_index,cross_cluster_replication,cross_cluster_replication_internal,delete,delete_index,index,maintenance,manage,manage_data_stream_lifecycle,manage_follow_index,manage_ilm,manage_leader_index,monitor,none,read,read_cross_cluster,view_index_metadata,write] or a pattern over one of the available index actions {"service":{"node":{"roles":["background_tasks","ui"]}}}
[00:04:43] │ proc [kibana] [2025-06-25T05:40:33.291+00:00][WARN ][http.server.kbn-internal-api-restricted] Access to uri [/internal/dataset_quality/data_streams/logs-synth.no-default/details] with method [get] is deprecated {"service":{"node":{"roles":["background_tasks","ui"]}}}
[00:04:43] │ proc [kibana] [2025-06-25T05:40:33.305+00:00][ERROR][plugins.datasetQuality] illegal_argument_exception
```
This happens because the test accesses endpoint
`data_stream/{index}/details` which inquire user's index privileges
including `read_failure_store`, which is not available in **ES 9.0** as
`ES 9.0` does not support Failure Store.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## 📓 Summary
Closes https://github.com/elastic/observability-dev/issues/4511
Apply the following restrictions based on the serverless project tier:
- Grok patterns suggestions (only available on complete tier)
- Restrict suggestions API
- Restrict UI control to generate suggestions
- Date formats suggestions (only available on complete tier)
- Restrict suggestions API
- Restrict UI control to generate suggestions
- Restrict autocomplete
- Significant events (only available on complete tier)
- Restrict read API
- Last restrictions to be applied when [[Streams] Significant events
view](https://github.com/elastic/kibana/pull/220197#top) is merged.
**N.B.** All the above restrictions are only applied to Serverless
Observability projects on the Logs Essentials tier.
## 🧪 How To Test
* Modify `config/serverless.oblt.dev.yml` to include:
```yaml
pricing.tiers.products:
- name: observability
tier: logs_essentials
```
* Run Kibana locally
* In a stream detail view, go to management and try creating a grok
processor or a date one.
* It should NOT display the patterns generation button, nor it should
autocomplete the date processor formats and show its generate button.
Additionally, switch back to `tier: complete` in
`config/serverless.oblt.dev.yml` and make sure that ML/AI assisted flows
look as usual.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [diff](https://redirect.github.com/kpdecker/jsdiff) | dependencies |
patch | [`^8.0.1` ->
`^8.0.2`](https://renovatebot.com/diffs/npm/diff/8.0.1/8.0.2) |
---
### Release Notes
<details>
<summary>kpdecker/jsdiff (diff)</summary>
###
[`v8.0.2`](https://redirect.github.com/kpdecker/jsdiff/blob/HEAD/release-notes.md#802)
[Compare
Source](https://redirect.github.com/kpdecker/jsdiff/compare/v8.0.1...v8.0.2)
- [#​616](https://redirect.github.com/kpdecker/jsdiff/pull/616)
**Restored compatibility of `diffSentences` with old Safari versions.**
This was broken in 8.0.0 by the introduction of a regex with a
[lookbehind
assertion](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Regular_expressions/Lookbehind_assertion);
these weren't supported in Safari prior to version 16.4.
- [#​612](https://redirect.github.com/kpdecker/jsdiff/pull/612)
**Improved tree shakeability** by marking the built CJS and ESM packages
with `sideEffects: false`.
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xMDcuMCIsInVwZGF0ZWRJblZlciI6IjM5LjEwNy4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJUZWFtOkRhdGFEaXNjb3ZlcnkiLCJiYWNrcG9ydDphbGwtb3BlbiIsInJlbGVhc2Vfbm90ZTpza2lwIl19-->
Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com>
Co-authored-by: Davis McPhee <davis.mcphee@elastic.co>
## Summary
This PR splits out a separate class from `DiscoverEBTManager` called
`ScopedDiscoverEBTManager`, similar to #216488, in order to better
support EBT tracking across tabs.
The profiles tracking in EBT events is a bit convoluted, and ideally
we'd be able to fully isolate the scoped managers, but our use of the
global EBT context observable makes that infeasible since it's a
singleton. If we simply updated the profiles in the EBT context when
switching tabs, it could result in the wrong profiles being tracked for
events fired asynchronously, e.g.:
- Starting from tab A, create a new tab B.
- Switch to tab B (which updates the EBT context with tab B's profiles)
and trigger a long running search.
- While the search is still running, switch back to tab A (updating the
EBT context back to tab A's profiles).
- Tab B's search completes while tab A is active, and the EBT context
for tab B's `discoverFetchAll` event incorrectly contains tab A's
profiles, since they were set when switching back to tab A.
This is solved by keeping track of the active scoped manager in the root
EBT manager, and temporarily updating the EBT context profiles when
firing events from inactive tabs, which seems to be reliable to prevent
leaking across tabs from my testing.
Since I'm using the same "scoped" service approach used for context
awareness across tabs, I've removed the dedicated
`ScopedProfilesManagerProvider` and replaced it with a general purpose
`ScopedServicesProvider` that can be used for all of these types of
services.
Unfortunately while Git recognized that certain files were just moved
and modified (e.g. `discover_ebt_manager.test.ts`), GitHub is displaying
them as entirely new files. To make it easier to review the actual file
changes, open the "Changes from X commits" dropdown and select from the
first commit to "Update unit tests", which will correctly display the
changes before the files were moved (they weren't modified after this
commit).
Resolves#223943.
### Checklist
- [ ] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)
- [ ]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] If a plugin configuration key changed, check if it needs to be
allowlisted in the cloud and added to the [docker
list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)
- [ ] This was checked for breaking HTTP API changes, and any breaking
changes have been approved by the breaking-change committee. The
`release_note:breaking` label should be applied in these situations.
- [x] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
- [ ] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
Closes https://github.com/elastic/kibana/issues/225344https://github.com/elastic/kibana/pull/223149 moved dynamic action
injection/extraction from dashboard to embeddables.
https://github.com/elastic/kibana/pull/223149 muffed the implementation
for the lens embeddable and failed to spread dynamicActionsState and
dynamicActionsReferences into serialized state for by-value panels.
This PR resolve the issue by spreading dynamicActionsState and
dynamicActionsReferences with lens state for by-value panels.
After applying fix, dashboard saved object should contain drilldown
reference and enhancements state should no longer contain hard coded
`dashboardId`.
```
{
"attributes": {
"panelsJSON": "[{\"type\":\"lens\",\"embeddableConfig\":{\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"63700c7c-13e2-4aa2-8a58-7d2c19c42b34\",\"triggers\":[\"FILTER_TRIGGER\"],\"action\":{\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"Go to Dashboard\",\"config\":{\"openInNewTab\":false,\"useCurrentDateRange\":true,\"useCurrentFilters\":true}}}]}},\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"filters\":[],\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"90943e30-9a47-11e8-b64d-95841ca0b247\",\"name\":\"indexpattern-datasource-layer-5374d213-dba0-47d7-b4f2-9226d08a35cc\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"Linear\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"5374d213-dba0-47d7-b4f2-9226d08a35cc\",\"accessors\":[\"d1180bfd-63e2-437e-a027-faa0face26ff\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"colorMapping\":{\"assignments\":[],\"specialAssignments\":[{\"rules\":[{\"type\":\"other\"}],\"color\":{\"type\":\"loop\"},\"touched\":false}],\"paletteId\":\"default\",\"colorMode\":{\"type\":\"categorical\"}},\"xAccessor\":\"dc975f9c-772f-4fc1-bc1e-70339f2c5906\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"5374d213-dba0-47d7-b4f2-9226d08a35cc\":{\"columns\":{\"dc975f9c-772f-4fc1-bc1e-70339f2c5906\":{\"label\":\"Top 5 values of machine.os.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"machine.os.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"d1180bfd-63e2-437e-a027-faa0face26ff\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"d1180bfd-63e2-437e-a027-faa0face26ff\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"dc975f9c-772f-4fc1-bc1e-70339f2c5906\",\"d1180bfd-63e2-437e-a027-faa0face26ff\"],\"incompleteColumns\":{},\"sampling\":1}}},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}}},\"panelIndex\":\"74c07c77-979f-4fd9-8b07-889f4a93f9e0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":15,\"i\":\"74c07c77-979f-4fd9-8b07-889f4a93f9e0\"}}]",
},
"references": [
{
"type": "index-pattern",
"id": "90943e30-9a47-11e8-b64d-95841ca0b247",
"name": "74c07c77-979f-4fd9-8b07-889f4a93f9e0:indexpattern-datasource-layer-5374d213-dba0-47d7-b4f2-9226d08a35cc"
},
{
"name": "74c07c77-979f-4fd9-8b07-889f4a93f9e0:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:63700c7c-13e2-4aa2-8a58-7d2c19c42b34:dashboardId",
"type": "dashboard",
"id": "edf84fe0-e1a0-11e7-b6d5-4dc382ef7f5b"
}
],
}
```
