This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| docker.elastic.co/wolfi/chainguard-base | digest | `6387bd4` ->
`15a4191` |
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xMDcuMCIsInVwZGF0ZWRJblZlciI6IjM5LjEwNy4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJUZWFtOk9wZXJhdGlvbnMiLCJiYWNrcG9ydDpza2lwIiwicmVsZWFzZV9ub3RlOnNraXAiXX0=-->
Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com>
PR removes `dashboard_container` and adds `dashboard_renderer` folder. I
tried to find a best fit for files but have no strong opinions about
where I put things. Please comment if you would like files in different
locations.
---------
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
# Release note
Legacy OpenSSL algorithms have been disabled by default. Further
information on which algorithms can be found at
https://docs.openssl.org/3.0/man7/OSSL_PROVIDER-legacy. These can be
re-enabled by adding `--openssl-legacy-provider` to
`$KBN_PATH_CONF/node.options`
I noticed that a couple integration tests were not actually validating
whether the documents got routed the right way (the number and string
tests).
This PR fixes this by introducing a helper that can easily do the same
check we had a couple of times in there.
## Summary
Resolves https://github.com/elastic/kibana/issues/212972
This PR replaces the info and error log levels with debug since most of
these errors are for developers or users. Not operations.
## Summary
This is intended to be a "minimal" migration for Defend Insights to
langgraph + output chunking. Other than the increased events due to the
context increase from output chunking, the functionality is unchanged.
* migrates defend insights to langgraph
* adds output chunking / refinement
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
This PR makes the AI suggestions button more stable in case of
misconfigured fields:
* Only make the button clickable if there are sample values
* Filter out sample documents that don't have the required field on the
server (would have broken the request before)
<img width="344" alt="Screenshot 2025-03-04 at 15 43 23"
src="https://github.com/user-attachments/assets/12045985-cfac-4a13-a23c-595ac6503c1a"
/>
Embeddable ViewMode is part of legacy embeddable architecture. This PR
removes Embeddable ViewMode and replaces its usage with
presentation-publishing ViewMode. presentation-publishing ViewMode is a
string literal type so an enum is no longer needed.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Fixes [#212745](https://github.com/elastic/kibana/issues/212745)
## Summary
Fix for the hosts total count query, which was not correctly filtering
hosts from system integration and APM
<img width="584" alt="image"
src="https://github.com/user-attachments/assets/05c3b244-3a0f-425a-82db-3498c1a6dbb7"
/>
### How to test
- Connect Kibana to an edge cluster
- Navigate to Infrastructure > Hosts
- The total number of items on the table should be equal to the number
in the hosts count KPI
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
This PR introduces a new script for loading parameterized workflow
insights into a data stream. It enables UI/UX testing without requiring
an agent installation or generating insights manually.
Arguments
```
--endpointId Required. The endpoint ID to use for generating workflow insights.
--elasticsearch Optional. The URL to Elasticsearch. Default: http://localhost:9200
--username Optional. The username to use for authentication. Default: elastic
--password Optional. The password to use for authentication. Default: changeme
--count Optional. The number of workflow insights to generate. Default: 5
--os Optional. The OS to use for generating workflow insights. Default: linux
--antivirus Optional. The antivirus to use for generating workflow insights. Default: ClamAV
--path Optional. The executable path of the AV to use for generating workflow insights. Default: /usr/bin/clamscan
```
Example usage:
* Load 5 workflow insights, using the default values - Linux, ClamAV,
/usr/bin/clamscan on the endpoint with ID
8ee2a3a4-ca2b-4884-ae20-8b17d31837b6
`node ./load_workflow_insights.js --endpointId
8ee2a3a4-ca2b-4884-ae20-8b17d31837b6`
* Load 10 workflow insights for Malwarebytes with path of C:\\Program
Files\\Malwarebytes\\Anti-Malware\\mbam.exe on Windows endpoint with ID
8ee2a3a4-ca2b-4884-ae20-8b17d31837b6
`node ./load_workflow_insights.js --endpointId
8ee2a3a4-ca2b-4884-ae20-8b17d31837b6 --count 10 --os windows --antivirus
Malwarebytes --path 'C:\\Program
Files\\Malwarebytes\\Anti-Malware\\mbam.exe'`
## Summary
This PR fixes the Unstructured syslog flow. It picks up 5 samples send
them to LLM to create a pattern and tests all the samples against the
pattern , collects the unparsed samples [ if any ] , send them in for
next round of pattern check and so on.
This creates a list of patterns that matches all the samples and creates
a grok processor with those patterns and it breaks the syslogs down into
a JSON for ECS mapping , categorization and related graphs.
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
Migrate docs from AsciiDoc to Markdown. The preview can be built after
#212557 is merged.
@florent-leborgne please tag reviewers, add the appropriate label(s),
and take this out of draft when you're ready.
Note: More files are deleted than added here because the content from
some files was moved to
[elastic/docs-content](https://github.com/elastic/docs-content).
**What has moved to
[elastic/docs-content](https://github.com/elastic/docs-content)?**
Public-facing narrative and conceptual docs have moved. Most can now be
found under the following directories in the new docs:
- explore-analyze: Discover, Dashboards, Visualizations, Reporting,
Alerting, dev tools...
- deploy-manage: Stack management (Spaces, user management, remote
clusters...)
- troubleshooting: .... troubleshooting pages
**What is staying in the Kibana repo?**
- Reference content (= anything that is or could be auto-generated):
Settings, syntax references
- Release notes
- Developer guide
---------
Co-authored-by: Florent Le Borgne <florent.leborgne@elastic.co>
## Summary
Fix https://github.com/elastic/kibana/issues/211514
It seems the failure is because of the order difference in
`agent_logs_top_errors`.
The other differences shouldn't matter because we are using `
expect.objectContaining` on the result object.
Enabling `consistent-type-imports` rule and running `node scripts/eslint
--no-cache --fix` to fix every type import.
Every other ML owned plugin has this rule enabled. Originally added in
https://github.com/elastic/kibana/pull/176921
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
This PR updates `DEFAULT_THEME_TAGS` used to determine what theme tags
are bundled in Kibana by default to only include the Borealis theme,
specifically `borealislight` and `borealisdark` theme tags. This change
is expected to decrease bundle sizes significantly and get back to
bundling a single theme, not two (4 → 2 theme tags).
Now that Serverless, `9.0`, and `main` all run with Borealis, there's no
risk in removing Amsterdam from the bundle and decreasing Kibana bundle
sizes.
We need to keep the feature flag in code for the time being to easily
test future Borealis iterations.
Amsterdam will still be available as an opt-in theme and is meant to be
used locally when testing changes to be backported to 8.x versions that
use Amsterdam. To do so, Kibana needs to be started/built with
`KBN_OPTIMIZER_THEMES` environment variable set and the feature flag
overridden in `kibana.dev.yml`.
```yml
# config/kibana.dev.yml
feature_flags.overrides.coreRendering.defaultThemeName: amsterdam
```
```shell
# Run dev server with both borealis and Amsterdam theme tags
KBN_OPTIMIZER_THEMES="borealislight,borealisdark,v8light,v8dark" yarn start
```
### Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
## Summary
The `redux-thunk` dependency was assigned to the `kibana-visualization`
team but we are not even using it in our code.
The current PR proposes a change, moving the ownership/dependency review
to @elastic/kibana-presentation, @elastic/kibana-management, and
@elastic/security-solution because they are the main and only consumers
of that library.
## Summary
This PR fixes the text color of the vega tooltip.
The Vega tooltip is always dark because uses the euiTooltip style for
it. There was the `lightShade` color used within this tooltip before
that result in an invisible text color when running in dark mode.
The PR removes the custom colors and makes the tooltip inherits the
colors from the euiTooltip style.
## Summary
BUG: https://github.com/elastic/security-team/issues/11783
This PR fixes the behaviour of the
`/api/security_ai_assistant/chat/complete` route where the
`conversationId` can be passed as an empty string. This may lead to
unexpected results described in
https://github.com/elastic/security-team/issues/11783#issuecomment-2696529040.
### Expected behaviour
We should throw a bad request (400) http error when empty
`conversationId` has been passed.
### Testing
* Use this `curl` command to test the endpoint.
```
curl --location 'http://localhost:5601/api/security_ai_assistant/chat/complete' \
--header 'kbn-xsrf: true' \
--header 'Content-Type: application/json' \
--data '{
"connectorId": "{{my-gpt4o-ai}}",
"conversationId": "",
"isStream": false,
"messages": [
{
"content": "Follow up",
"role": "user"
}
],
"persist": true
}'
```
You should see next error as a response:
```
{
"statusCode": 400,
"error": "Bad Request",
"message": "[request body]: conversationId: String must contain at least 1 character(s), conversationId: No empty strings allowed"
}
```
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Fix for
[https://github.com/elastic/kibana/security/code-scanning/546](https://github.com/elastic/kibana/security/code-scanning/546)
To fix the problem, we need to ensure that backslashes are also escaped
in the `trim_key` and `trim_value` properties of the `kvInput` object.
This can be done by adding an additional replace call to escape
backslashes before escaping single and double quotes. The best way to
fix this without changing existing functionality is to use a regular
expression with the `g` flag to replace all occurrences of backslashes
with double backslashes.
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
## Summary
Refactors code in Asset Inventory page for simplicity and consistency.
### Changes
- Centralized constants for consistency
- Simplified `<AllAssets>` page, removed unused props, renamed
variables, etc...
- Encapsulated technical preview stuff into `<TechnicalPreviewBadge>`
- Removed deprecations in EUI components and styling
Also, this PR **deletes the mocked data** that was used before
integrating the UI with the backend.
### Questions
- Do we see value in centralizing all strings in a new file such as
`localized_strings.ts`?
### Out of scope
Hooks in `hooks/use_asset_inventory_data_table` and field selector
components were all duplicated from the CSP plugin. I haven't put effort
in refactoring those since we'll need to remove the duplication and make
them reusable
### Checklist
- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)
- [ ]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] If a plugin configuration key changed, check if it needs to be
allowlisted in the cloud and added to the [docker
list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)
- [x] This was checked for breaking HTTP API changes, and any breaking
changes have been approved by the breaking-change committee. The
`release_note:breaking` label should be applied in these situations.
- [ ] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
### Risks
No risk since code is still hidden behind the *Enable Asset Inventory*
advanced setting and the beta *Cloud Asset* integration must be
installed.
## Summary
The else is being called atm only in Discover ES|QL mode, when the user
is typing stats or keep.
The `isTextBased` flag is missing which means that we don't call the
`mapToOriginalColumnsTextBased` but the one for the dsl mode which might
cause bugs.
I don't think that Peter had any reason to do so, it seems more as it
slipped.
## Summary
Small follow up of https://github.com/elastic/kibana/pull/208091
The editor autocompletion added an incorrect import and so I'm removing
it, plus a few comments that should have been removed.
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
## 📓 Summary
When the condition is not met, the processing simulation reports wrong
metrics and fails on a unhandler error.
This work fix the issue and also update the document simulation metrics,
reporting how many documents are skipped by a processor during the
simulation.
A follow-up work will update the filters on the date to better reflect
the available states of the documents (parsed, partially parsed,
skipped, failed).
<img width="701" alt="Screenshot 2025-02-28 at 12 47 10"
src="https://github.com/user-attachments/assets/1b6979e4-78a1-4db3-af72-faaf06c0e249"
/>
