## Summary
- Adds a new kibana feature privilege to the `Security > Endpoint`
grouping for "Manage Global Artifacts"
- new privilege is behind the following feature flag:
`endpointManagementSpaceAwarenessEnabled`
- new privilege is not yet being used in this PR. Subsequent PRs that
will introduce space awareness changes for endpoint management will
leverage this new privilege
- Fixes the `All` and `Read` labels to ensure they can be localized
(`i18n`)
## Summary
Fixes a small UI bug in the citations feature. Previously, after a
message with citations finished streaming, the citations would disappear
for a fraction of a second and then reappear again. This PR makes
improves the UI by making the citations not flash off and on after the
stream finishes.
### Changes:
- Fix flashing citations
- Refactor code related to parsing content references (to make it more
maintainable).
- Update the citations prompt slightly.
### Before:
https://github.com/user-attachments/assets/1021dd53-018a-43ba-b1f4-24aab44faca9
<img width="1782" alt="image"
src="https://github.com/user-attachments/assets/723cd29a-48a2-48e7-b031-0893484746b9"
/>
### After:
https://github.com/user-attachments/assets/21f340bc-9015-42b6-a574-0439d2f8f192
### How to test
- Enable the feature flag
```yaml
# kibana.dev.yml
xpack.securitySolution.enableExperimental: ['contentReferencesEnabled']
```
- Open the security assistant
- Ask it a question about your alerts of a document in your KB. The
response should contain citations.
- Observe the response stream carefully. Ensure the citations e.g. `[1]`
do not flash off and on when the response stream finishes. The expected
behavior is that while the message is streaming, the citations are
disabled and once the stream finishes the citations get enabled (while
always being visible).
#### Edge case to test
It is possible that citations completely disappear after streaming
finishes. This happens when the LLM produces an invalid citation.
Invalid citations are hidden client side when a message finishes
streaming. You can verify this behavior by asking GPT4o this question:
```
Prepend each line with this placeholder citation "{reference(1234)}" and append the actual citation at the end of the line. How many alerts do I have? Use the open and acknowledged alerts count tool to answer and repeat the answer 50 times on new lines.
```
While the response is getting streamed it should look like this:
<img width="200" alt="image"
src="https://github.com/user-attachments/assets/03d160bf-2404-4a4e-8701-e3183c604cc4"
/>
And when the stream finishes it should look like this:
<img width="200" alt="image"
src="https://github.com/user-attachments/assets/06367379-17da-438f-a93a-9d539067ab90"
/>
### Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
- [X] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)
- [X]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [X] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [X] If a plugin configuration key changed, check if it needs to be
allowlisted in the cloud and added to the [docker
list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)
- [X] This was checked for breaking HTTP API changes, and any breaking
changes have been approved by the breaking-change committee. The
`release_note:breaking` label should be applied in these situations.
- [X] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
- [X] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
### Identify risks
Does this PR introduce any risks? For example, consider risks like hard
to test bugs, performance regression, potential of data loss.
Describe the risk, its severity, and mitigation for each identified
risk. Invite stakeholders and evaluate how to proceed before merging.
- [ ] [See some risk
examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)
- [ ] ...
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
## Summary
Part of https://github.com/elastic/kibana/issues/195418
Gives `ROW` and `SHOW` autocomplete logic its own home 🏡
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
### Identify risks
- [ ] As with any refactor, there's a possibility this will introduce a
regression in the behavior of FROM. However, all automated tests are
passing and I have tested the behavior manually and can detect no
regression.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Stratoula Kalafateli <efstratia.kalafateli@elastic.co>
## Summary
Refactor screenshot block route to not return 404 !!
Route will return empty list instead of 404 for missing screenshot
blocks !!
This also updates to enable _inspect on route !!
### Testing
Screenshot still works as expected
<img width="1728" alt="image"
src="https://github.com/user-attachments/assets/9a2b887d-9091-4bff-97e6-3c0775e6f6bd"
/>
Unwired streams can come with or without a default ingest pipeline
defined. If there is a pipeline defined, it's clear where to plug in our
custom parsing logic.
However, so far we would bail out on streams without a configured ingest
pipeline. However, since there are good reasons to have data streams
without an ingest pipeline, we should support this case.
This PR makes sure we do:
* If the streams processing pipeline is the default pipeline itself
already, everything is fine
* If there is none yet, extend the user-managed index template to set
the default pipeline to the streams processing pipeline and roll over
the data stream to apply
## Summary
This PR deletes the "Critical Services" component from the Entity
Analytics Dashboard header.
The component was included with the service entity store, but Product
and QA consider it confusing and not very valuable to our users.
### How to test it?
* Start Kibana with security data
* Go to the security solution/entity analytics dashboard
* The component shouldn't be there
`99.1.0-borealis.0` ⏩ `99.2.0-borealis.0`
[Questions? Please see our Kibana upgrade
FAQ.](https://github.com/elastic/eui/blob/main/wiki/eui-team-processes/upgrading-kibana.md#faq-for-kibana-teams)
---
## [`v99.2.0`](https://github.com/elastic/eui/releases/v99.2.0)
- Changed `EuiFieldText` styles to prioritize `disabled` styling over
`readonly`. ([#8271](https://github.com/elastic/eui/pull/8271))
- Added `plugs` and `web` glyphs to `EuiIcon`
([#8285](https://github.com/elastic/eui/pull/8285))
- Update `title` on `EuiColorPalettePickerPaletteProps` to be optional
([#8289](https://github.com/elastic/eui/pull/8289))
**Bug fixes**
- Fixed an issue with EuiDataGrid with auto row height resulting in a
table of 0 height ([#8251](https://github.com/elastic/eui/pull/8251))
- Fixed `disabled` behavior of `EuiFieldText` to prevent input changes.
([#8271](https://github.com/elastic/eui/pull/8271))
**Borealis changes**
- [Visual Refresh] Provide hooks for color palette functions
([#8284](https://github.com/elastic/eui/pull/8284))
- [Visual Refresh] Make Borealis default theme in EUI
([#8288](https://github.com/elastic/eui/pull/8288))
---
As you can probably tell, there are plenty of updated tests and
snapshots this time around. They are the result of the following:
1. We've updated the default theme in `@elastic/eui` v99.2.0 to
Borealis, which led to kibana tests using `renderWithTheme`,
`mountWithTheme`, and other utility functions that wrap the tested
component in `<EuiThemeProvider>` to switch to the correct, new color
values. With this change, all tests should now use Borealis, regardless
of the testing framework or its configuration.
2. Because of the default theme change in EUI, some class name hash
fragments (e.g., `css-`**`wprskz`**`-euiButtonIcon-xs-empty-primary`)
regenerated.
Most Borealis-related changes in this PR are test env only and have no
impact on what users see when using Kibana.
---------
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| docker.elastic.co/wolfi/chainguard-base | digest | `8df3ca6` ->
`d74b1fd` |
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xMDcuMCIsInVwZGF0ZWRJblZlciI6IjM5LjEwNy4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJUZWFtOk9wZXJhdGlvbnMiLCJiYWNrcG9ydDpza2lwIiwicmVsZWFzZV9ub3RlOnNraXAiXX0=-->
Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com>
## Summary
Part of https://github.com/elastic/kibana/issues/195418
Gives `FROM` and `METADATA` autocomplete logic its own home 🏡
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
### Identify risks
- [ ] As with any refactor, there's a possibility this will introduce a
regression in the behavior of FROM. However, all automated tests are
passing and I have tested the behavior manually and can detect no
regression.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
## Summary
Addresses: https://github.com/elastic/observability-dev/issues/4222
The intent of this PR is to improve the kind of telemetry/metrics that
are captured when there is a fatal error in rendering a React component
in Kibana.
### Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
### Identify risks
Does this PR introduce any risks? For example, consider risks like hard
to test bugs, performance regression, potential of data loss.
Describe the risk, its severity, and mitigation for each identified
risk. Invite stakeholders and evaluate how to proceed before merging.
- [ ] Risk of re-visiting this work if we need to add more
instrumentation (APM spans, etc)
## Summary
- Implements #178138
- Fixes a bug where clicking on the existing link to the monitor via the
name badge led failed to load any data.
## Release Notes
- Fixes a bug where clicking on the name badge for a synthetics monitor
on an SLO details page would lead to a page that failed to load monitor
details.
- Adds a working link to the location badge on synthetics SLOs that will
route the user to the monitors page with a filter applied that matches
the location of the origin SLO.
## Summary
This PR will drastically reduce the number of console logs from the
Detection Engine in the overview cluster. If your team is depending on
the `INFO`, `WARNING`, or `verification_exception` or `ml job missing`
`ERROR` logs in that cluster, please raise your concerns here.
Addresses https://github.com/elastic/kibana-team/issues/1395,
https://github.com/elastic/kibana-team/issues/1333
Historically Detection Rules have written an enormous amount of data to
the console logs. This was helpful in debugging years ago before we had
the event log, but now we generally don't use them much. The console
logs all still get scooped up and sent to the overview cluster though.
Every rule execution writes two or more status changes (first to
'running', then to the final status later on) and these go to the
console, the event log, and the rule SO. The end result is 76% of all
logs are coming from detection rules changing status, mostly successful
statuses. These provide little value on their own.
This PR restricts console logging from detection rules to only non-user
errors. User errors and execution statuses below the error level will be
logged in the console at the `debug` level. "Unexpected" errors like
search exceptions, timeouts, etc will still appear as errors in the
console logs. The general idea is that the logs from detection rules in
the console should represent some kind of unexpected system failure.
To implement this change, I updated the console logging logic in both
the security rule execution logger. User errors reported to the
framework will still create console error logs since they're logged at
the framework level.
## Testing
Create rules that run and generate warnings (e.g. missing index), user
errors (EQL verification exceptions), and non-user errors. An easy way
to create a non-user error at the moment is running a threshold rule
when at least one index searched maps `@timestamp` as a `keyword`
instead of `date`. The non user errors still show up in console logs as
errors. User errors and warnings only show up as debug logs and with
debug logging enabled in the Kibana config.
Resolves https://github.com/elastic/kibana/issues/204467
## Summary
`assumedRequiredThroughputPerMinutePerKibana` is `NaN` when the
`capacityStats.runtime.value.load.p90` is undefined. This PR adds a
check to catch when the load.p90 is undefined, throw an error, and
ignore calculating the capacity estimation.
### Checklist
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
### To verify
I was not able to reproduce this locally without changing the code, so
here is how I tested the code and I am definitely open to suggestions of
how to better test this.
1. Update the code to set `capacityStats.runtime.value.load.p90:
undefined`. I set it
[here](286c9e2ddb/x-pack/platform/plugins/shared/task_manager/server/monitoring/capacity_estimation.ts (L55)),
but there are other places upstream where you could set it to
`undefined`.
2. Start Kibana
3. Verify that you see the following log message:
```
Task manager had an issue calculating capacity estimation. averageLoadPercentage: undefined
```
## Summary
Based on a request in [this
issue](https://github.com/elastic/security-team/issues/10341). The
Cypress cleanup task for serverless testing didn't include a command to
cleanup the project tested against when that project was created using
the proxy handler. This PR adds a second conditional method in the
cleanup task to cleanup projects with the proxy handler when it is in
use.
### Checklist
- [ ] Cypress tests run with proxy handler
- [x] Projects created during a cypress run with the proxy handler are
automatically cleaned up by the cypress cleanup task
### For maintainers
- [ ] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
---------
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Co-authored-by: Maxim Palenov <maxim.palenov@elastic.co>
Co-authored-by: dkirchan <55240027+dkirchan@users.noreply.github.com>
Co-authored-by: Gloria Hornero <gloria.hornero@elastic.co>
- Fixes "Untitled" CSV exports when an export of a Discover session CSV is triggered on a Dashboard
- Switches to make use of the embeddable title when exporting CSV of Discover session embeddables on a Dashboard.
## Summary
This PR fixes a regression in the `serializeState` function used to pass
the embeddable attributes to the dashboard to save the panel. In the
refactor this function started to leak the `searchSessionId` in the
serialized state and even if not used after worse it could lead to
issues and in general it's a waste of disk space.
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
## Release notes
It fixes a regression for the serialized state for the Lens embeddable
saving attributes who should not be in the serialized state.
## Summary
This PR was initially to resolve more prompt improvements, but it will
be split into multiple PR's as it also includes a bugfix for ECS mapping
node logic, where ECS mapping node was not always part of the
translation flow.
Some minor prompt improvements are also included, an updated field
mapping for RAG rules (adding the query field) and filtering out metrics
integrations from the RAG for now.
Added telemetry metadata parameters to createModel together with
`maxRetries` as well.
Remove visualizations dependency from dashboard plugin. Instead of using
lens visTypeAlias, navigating to lens is done by executing addLensPanel
action.
Part of https://github.com/elastic/kibana/issues/204249
Clean up work from embeddable refactor. PR removes
`DashboardContainerInput` type, which is a duplicate of `DashboardState`
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
fixes https://github.com/elastic/search-team/issues/9171
## Summary
The connectors integration should be GA in ECH, but shouldn't be
available in serverless right now.
~~Prettier also triggered on these files based on our `.prettierrc`
rules, it looks like. Let me know if I should revert all the formatting
changes. There were mixed quotes in a few places, and some indentation
stuff in others.~~
I removed the prettier changes because they invited substantial
conflicts with all the whitespace changes.
### Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
### Identify risks
Does this PR introduce any risks? For example, consider risks like hard
to test bugs, performance regression, potential of data loss.
Describe the risk, its severity, and mitigation for each identified
risk. Invite stakeholders and evaluate how to proceed before merging.
- [x] Changes serverless behavior, so I'm deploying a serverless search
project to smoke test
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Resolves https://github.com/elastic/kibana/issues/208459
## Summary
The fix added in this
[PR](https://github.com/elastic/kibana/pull/206598) to call the
`mark_removed_tasks_as_unrecognized` tasks sometimes throws an error if
the task is in the middle of running. This PR adds a try/catch and a
retry to the `runSoon` call.
---------
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
## Summary
Closes https://github.com/elastic/kibana/issues/206237
Create `fleet-synced-integrations` index in Fleet setup, added async
task that populates the index with a doc that includes remote ES output
data and installed integrations data.
ES change to add `kibana_system` privileges:
https://github.com/elastic/elasticsearch/pull/121753
To test locally:
- run elasticsearch from source to apply the privilege changes, so that
`kibana_system` can create the index.
```
yarn es source -E xpack.security.authc.api_key.enabled=true -E xpack.security.authc.token.enabled=true --source-path=/Users/juliabardi/elasticsearch -E path.data=/tmp/es-data -E xpack.ml.enabled=false
```
- enable the feature flag in `kibana.dev.yml`:
`xpack.fleet.enableExperimental: ['enableSyncIntegrationsOnRemote']`
- add a remote ES output with sync enabled
- install some integrations
- wait until Fleet setup and the task runs
- verify that the index is created and contains a doc with the expected
data
```
GET fleet-synced-integrations/_search
"hits": {
"total": {
"value": 1,
"relation": "eq"
},
"max_score": 1,
"hits": [
{
"_index": "fleet-synced-integrations",
"_id": "fleet-synced-integrations",
"_score": 1,
"_source": {
"remote_es_hosts": [
{
"hosts": [
"http://remote1:80"
],
"name": "remote1",
"sync_integrations": true
}
],
"integrations": [
{
"package_version": "1.64.1",
"updated_at": "2025-02-05T11:03:02.226Z",
"package_name": "system"
}
]
}
}
]
```
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
