Fixes https://github.com/elastic/kibana/issues/181389
It turns out that a [data-shared-item is
needed](https://github.com/elastic/kibana/pull/169929/files#r1373148068),
otherwise reporting doesn't work properly. This PR is adding the
required `data-shared-item` to the presentation panel component, and
fixes the reporting screenshot issue.
**UPDATE**: Adding `data-shared-item` to the presentation panel caused
some test failures. The approach we followed for now, was to add this
attribute to each migrated embeddable, the `image` and `swim lane`
embeddables. As part of this
https://github.com/elastic/kibana/issues/179376, Kibana presentation
team will investigate further the proper use of data-* attributes
## Before the fix
<img width="600" alt="Screenshot 2024-04-23 at 10 41 59"
src="cee076a1-b989-4d5f-8462-4021ce9e5e4d">
<img width="600" alt="Screenshot 2024-04-23 at 10 41 27"
src="83677ad1-b1d2-4915-a747-9afe5a1d447a">
## ✔️ Acceptance criteria
- No timeout error should appear in the generated PDF reports
## After the fix
<img width="600" alt="Screenshot 2024-04-23 at 11 02 32"
src="e0452e32-8c1e-4075-b9c9-b1225f9bd852">
<img width="600" alt="Screenshot 2024-04-23 at 11 19 54"
src="08284774-a4ff-47b0-b496-3570416f0e57">
<img width="600" alt="Screenshot 2024-04-23 at 11 07 43"
src="95e9adae-cd07-42fe-9dea-cd22b9711155">
cc @Heenawter
@darnautov Can you check the swim lane embeddable with real data and see
if reporting works properly with the change I added?
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Hannah Mudge <hannah.wright@elastic.co>
## Summary
- Changes the names of the Activity and Agents indexes to `*` patterns
in order to account for when the SentinelOne integration is configured
with a namespace other than `default`
This PR sets up everything required for running Cypress tests for EDR
Workflows on the MKI QA environment.
MKI pipeline triggered with these changes -
https://buildkite.com/elastic/kibana-serverless-security-solution-quality-gate-defend-workflows/builds/20
---------
Co-authored-by: dkirchan <diamantis.kirchantzoglou@elastic.co>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Paul Tavares <paul.tavares@elastic.co>
Co-authored-by: dkirchan <55240027+dkirchan@users.noreply.github.com>
## Summary
This PR adds a missing file that's referenced in one of the recently
migrated pipelines.
I probably forgot to push the last commit to the fork, and only got
tested in the elastic/kibana branch.
Follow up on: https://github.com/elastic/kibana/pull/180784
## Summary
This fixes an issue where strings with a quote in it would not get
correctly escaped, leading to the ESLint rule autofix suggestion leading
to non-compiling javascript.
## Summary
For SentinelOne alerts, since. 8.13, on the overview tab, we show
`agent.status` field in the Highlighted Fields section. On the table
view we should show the `observer.serial_number` info for that field
instead of showing agent status.
**before**
**after**
**clip showing details on alert view and timeline views**
### Checklist
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
## Summary
Support for .NET was just recently added to Universal Profiling. This PR
adds a color to represent this interpreter in the flamegraph.
Signed-off-by: Florian Lehner <florian.lehner@elastic.co>
## Sourcerer page load improvements
This PR contains 2 fixes:
1. Don't fetch data view when we initialise redux store, which blocks
page loading.
2. Don't fetch the default data view, when we open the alerts page, and
just use `@timestamp`
I added a 3-second delay for this API request, so you can see that the
new version doesn't block page load
# Before
02313c02-af91-468c-bfc4-d0525c5aa30a
# After
3d4be9e2-a9f6-455b-8b6e-60641d1c2aff
## Testing needed
As we change how we initialise sourcerer, additional testing is needed,
as I maybe don't manually tests all corner cases
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
This PR addresses phase one of
https://github.com/elastic/kibana/issues/181035.
Doesn't introduce any user facing changes.
It starts supporting a new saved object property `legendStats` while
supporting a old `valuesInLegend` property. In this PR, `legendStats:
['values']` and `valuesInLegend:true` are treated as equal. When loading
the saved object, `valuesInLegend:true` is transformed to
`legendStats:['values']`. After loading the document, the Lens app logic
is built around the new `legendStats` property.
When user saves the saved object, we do a reverse operation- we save the
runtime state `legendStats:['values']` as `valuesInLegend: true` to
ensure backwards compatibility.
Changes for runtime state:
- For xyCharts, the `valuesInLegend?: boolean ` property is replaced
with a more extensible `legend.legendStats?: LegendStats[]` interface
- For partition charts, the `showValuesInLegend?: boolean` property is
replaced with `legendStats?: LegendStats[]`.
after loading - in initialize function:
```ts
export function convertToRuntime(
state: XYPersistedState,
annotationGroups?: AnnotationGroups,
references?: SavedObjectReference[]
) {
const outputState = needsInjectReferences(state)
? injectReferences(state, annotationGroups, references)
: state;
if ('valuesInLegend' in outputState) {
return convertToLegendStats(outputState);
}
return outputState;
}
```
before saving :
```ts
export function convertToPersistable(state: XYState) {
const persistableState: XYPersistedState = convertToValuesInLegend(state);
/.../
}
```
In the future the `legendStats` prop would contain also other types of
stats -see the [issue](https://github.com/elastic/kibana/issues/176583).
## Summary
Addresses https://github.com/elastic/kibana/issues/173360
This is an attempt to fix a failing test:
`Failing test: Jest
Tests.x-pack/plugins/security_solution/public/detection_engine/rule_exceptions/components/add_exception_flyout
- When the add exception modal is opened exception list type of
"endpoint" bulk closeable alert data is passed in should have the bulk
close checkbox enabled`
According to the ticket it failed only once. Also, I was not able to
reproduce the failure locally. After analysing the code and UI behaviour
the `Close all alerts that match this exception and were generated by
selected rule/s` checkbox can be disabled in three cases:
1. One of the condition items is of a list type (`is in list`, `is not
in list` etc.)
2. One of the condition items contains value not in the specified ECS
mapping
3. There are no condition items
First two points are covered in the test:
1. We use `type: 'match'`
2. Field `file.hash.sha256` is specified in the mocked index mapping as
```
'file.hash.sha256': {
name: 'file.hash.sha256',
type: 'string',
aggregatable: true,
searchable: true,
}
```
The only possibility for the checkbox to be disabled is if we did not
specify any condition item. After playing with the UI, I noticed that if
we did not set value for the `match` operator that would not count that
item as existing one.
Thus the fix is to make sure we pass a value to the condition item.
Instead of using:
```
entries: [{field: 'file.hash.sha256', operator: 'included', type: 'match'}]
```
we pass value as well:
```
entries: [{field: 'file.hash.sha256', operator: 'included', type: 'match', value: 'some value'}]
```
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Part of https://github.com/elastic/kibana/issues/72880
- Generate translation files for all locales (including all internal
plugins) during the CDN asset generation task
- Adapt the `rendering` service to use the translation files from the
CDN if configured/enabled
### How to test
Connect to the serverless project that was created for the PR, and
confirm the translation file is being loaded from the CDN
<img width="907" alt="Screenshot 2024-04-25 at 15 55 23"
src="5a6d9110-2e92-41e5-b066-e792e0015134">
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Closes https://github.com/elastic/kibana/issues/180959
Retrieves the indices from ast parsing. This ensures that the index
patterns we get from the `from` command is always the correct one. I
have replaced it everywhere expect from specific places where I still
use the deprecated function. I am not sure how to test the app and I
don't want to cause regressions so I prefer the responsible teams to do
the migration.
Before
Could not retrieve the index correctly
<img width="1677" alt="image"
src="77cdac00-ffff-4b91-88ba-0fc523c5f54d">
After
Correct retrieval of the index and the @timestamp info
<img width="1067" alt="image"
src="bc14718a-30f5-4f3c-8a56-cf57f69cff14">
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: dej611 <dej611@gmail.com>
## Summary
The preview pane has two different groups - values relevant to the
currently edited field and other values in the same document.
For other values in the same doc, we were showing source values which
are often but not always the same as indexed values. This has been fixed
- its showing indexed values now.
As for the current field values, those were picking from _source or
indexed values but the code provided one as the fallback for another.
While this worked, the code didn't read as though it was doing the right
thing due to context not present in the code. Now, a runtime field
without a script obviously only returns a source value and the preview
of a mapped field only returns a mapped value.
```
PUT test
{
"mappings": {
"dynamic": false,
"properties": {
"percentage1": {
"type": "long"
},
"percentage2": {
"type": "long"
},
"percentage3": {
"type": "long"
}
}
}
}
PUT test/_doc/doc1
{
"key": "value",
"percentage1": 0.28,
"percentage2": 0,
"percentage3": 0.04,
"percentage4": 0.21
}
```
Useful starting point for testing runtime field results -
```
GET test/_search
{
"runtime_mappings": {
"key.keyword": {
"type": "keyword"
}
},
"fields" : ["*"]
}
```
Closes https://github.com/elastic/kibana/issues/180742
## Release notes
The runtime field creation modal now shows indexed values instead of
source values in the preview pane.
---------
Co-authored-by: Julia Rechkunova <julia.rechkunova@gmail.com>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
The PR improves/changes the behavior of external links on Dataset
Quality flyout:
1. The "Show all" link to Degraded Docs now considers flyout's time
range rather than table's time range.
2. The "Open in Lens" link will now use an Ad-Hoc Data View representing
the current Data Stream rather than an in memory Data View. Thus
removing the need to specifying an explicit `_index: ...` based query.
Previously a generic Data View (e.g. `logs-*-*`) along with __index_
query was used.
3. The "Show all" link for Hosts metric has been hidden for now awaiting
https://github.com/elastic/kibana/issues/181705.
310c7609-b5c3-49e4-9312-2e9083f9757d
## Summary
Address: https://github.com/elastic/kibana/issues/181238
To display session viewer, a valid index is required. `useSessionView`
fetches `kibana.alert.ancestors.index` for alerts, and uses `_index` as
a fall back. This PR updates how the hook fetches `_id` and `_index`.
Previously, they always return null, because they are not included in
`getFieldsData`
([code](https://github.com/elastic/kibana/blob/main/x-pack/plugins/security_solution/public/flyout/document_details/shared/hooks/use_event_details.ts#L93)).
<img width="192" alt="image"
src="0a435d49-e314-4176-986a-66e13e4db4fe">
**How to test**
- Enable feature flag `expandableEventFlyoutEnabled`
- Have enterprise license active
- Generate some events and go to Host/User, event table
- Expand on a row with session view
- Session preview should be present under Overview -> Visulization
<img width="1259" alt="image"
src="ca806fc4-9ff0-4265-a6d7-e85b71f85142">
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
## Summary
Resolves https://github.com/elastic/kibana/issues/179075
Filters out no data values (-1) for slo preview chart, in order to
ensure that the bounds do not end up spanning all the way to -100%.
Before
<img width="822" alt="Screenshot 2024-04-24 at 1 46 20 PM"
src="30b7cd9e-d4a1-4e9a-b5a0-e5fb8d1fe857">
After
<img width="833" alt="Screenshot 2024-04-24 at 1 42 54 PM"
src="ea63be37-46f8-4212-b0b4-f01038f5b353">
## Summary
Resolves https://github.com/elastic/kibana/issues/180764. Resolves
https://github.com/elastic/kibana/issues/180761. Resolves
https://github.com/elastic/kibana/issues/180762.
Per
https://github.com/elastic/kibana/issues/180764#issuecomment-2058049841,
it should be possible for users without access to Fleet settings to
enroll agents, i.e. users with `agents: all` and `settings: none`
privileges.
This is really tricky because the enrollment flyout UI relies on a
number of APIs in order to display the correct state (enroll fleet
server or enroll agent?) and instructions (which fleet server host?
which proxy, if any? agent download location? etc). Prior to this PR,
the simplest path forward was to enforce `settings: read` privilege as a
requirement for adding agents.
This PR introduces a new "enrollment settings" API that consolidates all
these API calls into the bare minimum information needed for enrollment
instructions. This solves the privilege issues as this API can be called
without having full read access to Fleet settings.
Abbreviated version of the spec of this API:
```
## Request
GET /api/fleet/settings/enrollment?agentPolicyId=OPTIONAL_POLICY_ID
## RESPONSE
{
fleet_server: {
policies: Array<{
id: string;
name: string;
is_default_fleet_server?: boolean;
has_fleet_server?: boolean;
is_managed: boolean;
download_source_id?: string;
fleet_server_host_id?: string;
}>;
has_active: boolean;
host?: FleetServerHost;
host_proxy?: FleetProxy;
};
download_source?: DownloadSource;
```
The full spec can be viewed here at Swagger:
https://petstore.swagger.io/?url=https://raw.githubusercontent.com/jen-huang/kibana/fix/privilege/add-agent-no-settings/x-pack/plugins/fleet/common/openapi/bundled.json#/Fleet%20internals/get-enrollment-settings
If there is an fleet server (agent) policy ID provided in the query
params, it will return information scoped to that policy, such as if
there are active fleet servers enrolled into that policy, the host and
proxy used, download source configured, etc. If no ID is provided, it
will return info scoped to the default fleet server policy. If there is
no default fleet server policy, it will return an empty list of policy
IDs and `has_active: false`.
<details>
<summary>This PR also adds a new permission denied screen if there is no
fleet server and user does not have privileges to add one (similar to
the ES privileges check. Click for screenshot:</summary>
<img width="1137" alt="image"
src="afaeded3-fcfd-4549-a6da-742d705f2e5a">
</details>
### Checklist
Delete any items that are not applicable to this PR.
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
## Summary
Address https://github.com/elastic/kibana/issues/181552. Toggle column
was previously disabled for non-alerts, enabling in this PR.
**How to test**
- Enable feature flag `expandableEventFlyoutEnabled`
- Generate some events and go to Host/User, event table
- Expand on a row with session view
- Hover actions (in table or highlighted fields) should have toggle
column action
In this PR, we added the following items.
- Add a toast for letting the user know that the underlying model is
being deployed
- Start the deployment of trained model if the model deployment has not
been started
- Add a modal to display the current status of trained model deployment
- Show a link to the model management page.
- Create a inference endpoint for default inference_ids if they are
missing
- Display a badge for inference_endpoint
- Show warning if mappingsDefinition is null
Please be aware that currently, we won't be able to save the mapping
using the 'Save mappings' button because the 'semantic_text'
functionality doesn't support 'inference_id'. However, there is ongoing
parallel work in a GitHub
[branch](https://github.com/elastic/elasticsearch/tree/feature/semantic-text)
to enable 'inference_id' in 'semantic_text' for Elasticsearch.
### How to test the changes locally
- Download the elasticsearch changes from GitHub
[branch](https://github.com/elastic/elasticsearch/tree/feature/semantic-text)
- Run the elasticsearch: `./gradlew :run -Drun.license_type=trial`
- Download the changes of this PR in local kibana and do the following
steps
+ Set isSemanticTextEnabled = true in this
[location](https://github.com/elastic/kibana/pull/180246/files#diff-92f4739f8a4a6917951a1b6e1af21a96d54313eaa2b5ce4c0e0553dd2ee11fcaL80)
+ Run `yarn start`
- Create an index named 'books' using the following command:
<details>
<summary>Click to expand</summary>
```
PUT books
{
"mappings": {
"dynamic_templates": [],
"properties": {
"date_published": {
"type": "date"
},
"price": {
"type": "float"
},
"title": {
"type": "text"
},
"attributes": {
"type": "nested",
"properties": {
"authors": {
"type": "nested",
"properties": {
"author_name": {
"type": "text"
},
"author_birthdate": {
"type": "date"
}
// Add more author attributes as needed
}
},
"genres": {
"type": "nested",
"properties": {
"genre_name": {
"type": "keyword"
},
"genre_description": {
"type": "text"
}
// Add more genre attributes as needed
}
}
}
}
}
}
}
```
</details>
- Follow the steps mentioned in this video:
f1ef71e3-8adf-4bcd-837c-754929fe6f1c
### Screenshots
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Sander Philipse <sander.philipse@elastic.co>
## Summary
This PR updates the Index templates API integration tests for serverless
to not use the `_source` property in the mock template as this property
is not supported in serverless.
## Summary
This fixes two issues on the mappings tab in Search:
- A frequent refresh caused by input changes unrelated to the mappings
component
- Doclinks breaking because they hadn't been initialized yet
Removing jest-axe and supporting code from Kibana because this library
(not regularly updated anymore and used only in one test file) is
blocking me from updating axe-core.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
When running in serverless, the warning about frozen tiers when no data
is available for the datafeed preview is hidden.
Also updates the page template for all ML pages to ensure a background
colour is always used.
Fixes https://github.com/elastic/kibana/issues/180020
Fixes https://github.com/elastic/kibana/issues/179131
In serverless, there is a larger delay in when the newly ingested data
becomes searchable. Rather than displaying an empty chart, we now hide
the chart until we see some non-zero values.
Resolves https://github.com/elastic/kibana/issues/180982
## Summary
When deleting an SLO, we also start a delete_by_query on the rollup
documents. This request is done asynchronously in the background. The
serverless integration test asserts on the deletion of the rollup
documents but fails some time.
As the deletion of the rollup document causes no harms if not done, I'm
removing this assertion from the test.
