## Summary
This PR adds better tooltip content to the KPI tiles and table columns.
It also adds links to hosts metrics documentation
The formulas displayed on the tooltips/popovers are the same ones used
in the Lens charts. Even though the table content executes a query in
elasticsearch, with pipeline aggregations, they can be translated into
the equivalent Lens formulas.
### How to test this PR
- Start a local kibana instance
- Navigate to `Inventory > Hosts`
- Click on `What are these metrics?` links, they should redirect to
https://www.elastic.co/guide/en/observability/current/host-metrics.html
- Hover over the KPI tiles and verify their content
- Click on `?` icons next to the table column label and verify their
content
- Clicking on `?` icon must not sort the table
Relates to https://github.com/elastic/kibana/issues/112285
Removes the black bar at the bottom of the app which housed the import
and cancel buttons.
Rather than having a button called "Change import settings" I've left
this as the "Back" button. "Change import settings" isn't really a
correct description of the page the button returns you to. Something
like "Rerun analysis of the already selected file" would be accurate,
but that is too long for a button.
@mdefazio Does this look ok? Any other suggestions? Note, I'd like to
keep this PR small, the main aim was just to remove the black bar at the
bottom of the page and change the name of the Cancel button after the
import has already run.
## Summary
Closes https://github.com/elastic/kibana/issues/159942
If the height of a partition chart exceeds 1000px paddings are added,
reducing the chart size.
This is caused due to this piece of code
https://github.com/elastic/kibana/pull/122420
This was added for the aggbased editor to reduce a bit the pie size
(otherwise it was taking the full container size and the pie was huge)
Although we want this, we don't want this to be applied in dashboards or
lens editor. This PR is fixing this by adding the paddings only on the
agg based editor level
In agg based editor
<img width="651" alt="image"
src="48ac6fdd-43e3-46f5-8818-d40334678fce">
Dashboard with very tall treemap, no paddings
<img width="933" alt="image"
src="8787d6ab-887c-4c8d-8419-2c2d5659f2c1">
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
## Summary
`created_at` field was added to the mapping for the uninstall token
Saved Object, but it's not used and causes trouble.
~There is a discussion whether to remove it from the mapping or not,
before the recently added mapping itself is released with v8.9.0, so I
prepared this PR to merge in case we want to remove it.~ The discussion
ended with the decision to remove the field, so the aim is to merge this
PR.
closes:
[#1053](https://github.com/elastic/obs-infraobs-team/issues/1053)
## Summary
This PR changes the Hosts View feedback button to pass also the current
Kibana version.
<img width="716" alt="image"
src="9089d2c3-590c-46c2-89ce-c6bd7bd42a6b">
The URL is no longer a shortened one, and that's because it wasn't
forwarding query parameters.
### How to test
- Start a local Kibana
- Navigate to `Infrastructure > Hosts`
- Click on "Tell us what you think" button
- On the forms, the question "What version of Elastic are you using?"
should be filled automatically with the Kibana version
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
closes#159560
## 📝 Summary
This PR adds an inline view for the logs tab in the Hosts view, where
the `host.name` column is statically added to the columns definition.
## ✅ Testing
1. Navigate to Stream page
2. Change the settings to have any Date Source and columns
3. Navigate to the logs tab in the Hosts view
4. Verify that the columns applied in step 2 aren't showing in the logs,
and that `host.name` is showing.
5. Click the open in logs link and make sure that the settings show the
host.name and notes an inline view is being used.
a19f7969-31b3-40af-9e07-784631d6292f
## 📝 Summary
This PR changes the index selection component behaviours. We are
fetching the Data Views (limit to 10 at a time). The user can select one
of them, or search for other Data Views and index pattern that matches
at least on index.
Therefore the user can choose any Data Views matching a search, or the
index pattern derived from the search, if it matches at least one index.
| Screenshot |
| -- |
|
|
|
|
|
|
## 🧪 Testing
1. **Create 11 data views or more**
Easiest method is to use curl with a POST on `/api/data_views/data_view`
with a random payload:
```
{
"data_view": {
"title": "{% uuid 'v4' %}-log*",
"name": "{% uuid 'v4' %} "
}
}
```
2. **Go to the SLO form and select custom KQL, then search for a data
view or another index pattern**
Resolves https://github.com/elastic/kibana/issues/159948
## 📝 Summary
This PR updates the SLO form to support the calendar aligned time
windows for both create and edit flow.
I've also moved the budgeting method selector down, so when selecting
"timeslices", the timeslices related inputs are shown next to it on the
same line.
| Screenshot | Screenshot |
|--------|--------|
|
|
|
## Summary
Part of https://github.com/elastic/kibana/issues/149249
Add a new EBT context providing the page_title field to events.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
closes https://github.com/elastic/kibana/issues/159655.
- [x] Make sure inputs in configure logs step occupy the whole width
- [x] Fix copy button in apiKey callout, currently is cropped
- [x] Add space bellow action buttons (back and continue)
Apart from the tasks above, we are hiding `Give feedback` button from
plugin root page, since the form is dedicated to logs onboarding.
80872e8a-f239-4584-9b15-7ec8cdd32d5d
## Summary
Part of https://github.com/elastic/kibana/issues/149249
Add a new EBT context providing the `page_url` field to events.
`page_url` is based on the current url's `pathname` and `hash`
exclusively (no domain, port, query param...)
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
This PR adds the category field in the UI. Specifically:
- Adds the ability to select or create a new category when creating a
case
- Adds the ability to select or create a new category when editing a
case
- Adds the ability to filter by multiple categories on the cases table
- Adds validation on the category field on the backend
Closes: https://github.com/elastic/kibana/issues/153835
### Checklist
Delete any items that are not applicable to this PR.
- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
### For maintainers
- [x] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
## Release notes
Add a new field, called `category`, to categorize cases. Users can
create a new category, set or select an existing one on a case, and
filter by multiple categories on the cases table.
---------
Co-authored-by: Janki Salvi <117571355+js-jankisalvi@users.noreply.github.com>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Christos Nasikas <christos.nasikas@elastic.co>
## Summary
Fixes https://github.com/elastic/kibana/issues/159711
When dragging a numeric field to a pie with a metric and a group already
defined, we add another metric even if `allowMultipleMetric` setting is
not set.
I fixed it by making it work the same way as a heatmap when the setting
is off - replacing metric instead. Not sure if that's a correct approach
though (should we block the suggestion whatsover?) but definitely an
improvement.
---------
Co-authored-by: Stratoula Kalafateli <efstratia.kalafateli@elastic.co>
## Summary
Fix https://github.com/elastic/kibana/issues/158910
Changes the behavior of the `/api/status` endpoint to always returns a
consistent http status code, and in particular:
- during the preboot stage
- when accessed by unauthenticated users and `status.allowAnonymous` is
`false`.
That way, `/api/status` can properly be used for readiness checks.
Please refer to https://github.com/elastic/kibana/issues/158910 for more
details.
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Fixes: https://github.com/elastic/kibana/issues/158577
Introduces batching in the bulk create artifacts to prevent big bulk
requests. It takes artifact `encoded_size` as the artifact size to
determine the batch length.
The input and output of the existing function is the same, only the way
the bulk create operation is done has changed.
Introduces new fleet config value to change the create bulk batch size:
`createArtifactsBulkBatchSize`
It adds new unit test cases for the changes.
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
When opening the field picker, the error in the console appears:
<img width="837" alt="Screenshot 2023-06-19 at 15 45 39"
src="10fbc0e6-ae59-4c3b-ab94-80dd86805ca6">
That's because we pass `exists` props to the `styledOptions` which are
passed to the dom.
The thing is we don't need to pass this prop. We assign the classname
based on `exists` value at the same level and then do the styling but
then don't use it in any level deeper, so no need to pass it. So I
removed it to fix this error.
fixes errors that show in tests too:
<img width="605" alt="Screenshot 2023-06-19 at 20 54 58"
src="1583070f-8e18-4494-9892-585bef584588">
<img width="761" alt="Screenshot 2023-06-19 at 20 55 39"
src="23aab03b-0204-478b-aa01-fab801d02e78">
<img width="730" alt="Screenshot 2023-06-19 at 20 56 49"
src="cae606f5-54a8-4da9-99cf-e5151302acae">
## Description
Related to https://github.com/elastic/kibana/issues/158361
Closes https://github.com/elastic/kibana/issues/158361
Closes https://github.com/elastic/kibana/issues/159762
When we introduced audit logging it seems we introduced a memory leak.
Comparing two heapdump after triggering ~6k request against Fleet we can
see that these AsyncLocalStorage object are never deleted
<img width="1307" alt="Screenshot 2023-06-15 at 9 04 13 AM"
src="7f4b0a7b-75a9-4c87-8fb9-cd539a2029e0">
That PR try fix that by using a single for `AsyncLocalStorage`
The call that create those `AsyncLocalStorage` is not conditional of
audit logging being enabled or not
## Tests
Testing that **PR** on cloud on a 1gb instance with the agent page open
(doing long polling) we can see it seems to improve the memory usage
(compared to the current 8.8.1 with an agent page open too **baseline**)
<img width="810" alt="Screenshot 2023-06-15 at 3 04 35 PM"
src="a392f734-2b91-48ac-a906-3a8e88e2b209">
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
**Addresses:** https://github.com/elastic/security-team/issues/6032
## Summary
This PR adds a new `[Elastic Security] Detection rule monitoring` Kibana
dashboard and a new `POST /internal/detection_engine/health/_setup` API
endpoint.
## Dashboard
The dashboard can be helpful for monitoring the health and performance
of Security detection rules. Users of the dashboard must have read
access to the `.kibana-event-log-*` index. The dashboard is
automatically installed into the current Kibana space when a user visits
a page in Security Solution - similar to how we install the Fleet
package with prebuilt detection rules.
<img width="1791" alt="Kibana dashboards page"
src="92cb3c75-39ea-4069-b70f-8f531869edf7">
<img width="1775" alt="Security dashboards page"
src="3b27aeb6-2222-40fd-a453-c204fcee4f31">
## API endpoint
The PR also adds a new endpoint for setting up anything related to
monitoring rules and the health of the Detection Engine. If you call the
endpoint, it will install the new dashboard to the Default Kibana space:
```
POST /internal/detection_engine/health/_setup
```
In order to install the dashboard to a different Kibana space, you will
need to call it like that:
```
POST /s/<space-id>/internal/detection_engine/health/_setup
```
The user calling the endpoint must have access to Security Solution. No
additional privileges are required, because the endpoint installs the
dashboard on behalf of the internal user (`kibana_system`).
### Checklist
- [ ] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [ ]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [ ] https://github.com/elastic/security-docs/issues/3478
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
## Summary
it fixes#159945
## Release note:
Introducing the Log threshold alert detail page, which provides more
information and context about the Logs threshold alert
Adds a guided card for synthetics. Guided onboarding is only available
in cloud, so in order to test it locally you can add `xpack.cloud.id:
test` setting to your `kibana.dev.yml` file. You can find more
information in the [guided onboarding
docs](https://github.com/elastic/kibana/tree/main/src/plugins/guided_onboarding#development).
f146bc08-a1a4-4d4f-891b-574b71584eba
Part of https://github.com/elastic/kibana/issues/159562
---------
Co-authored-by: Casper Hübertz <casper@formgeist.com>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Resolves the following for APM Latency threshold rule:
- https://github.com/elastic/kibana/issues/152218
- https://github.com/elastic/kibana/issues/155489
Improvements in the preview chart:
- Showing data grouped by selected group by fields
- Showing 5 groups from each bucket
- Showing last x units (minutes, hours, etc.) data
- Added loading indicator
- Showing tooltip
- Always showing legend
- Max Y is slightly higher than maximum of highest y value or threshold
- Adjusting chart to always show the threshold line
- Fixed
- When removing some fields like transaction type, transaction name,
chart showed no data
- Hiding a particular group (by clicking on legend item), readjusted max
Y value, but same was not reset to original when enabling the group back
### Before
03b77133-a131-4758-805b-2a9287fb7ff9
### After
5900b74e-ee26-4d1d-a3f4-a03333808075
## Summary
All routes
- Use versioned router
- Moved to internal path
- Validate responses
- All responses are typed with response types, separate from internal
api types. This is to help prevent unacknowledged changes to the api.
- Version is included in all requests
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Fixes#159079
## Summary
In the case of providing a wildcard in the search query, an error might
be generated depending on whether the related setting is enabled or not.
This PR tries to handle this error on the Alerts page for a better user
experience.
|Before|After|
|---|---|
||
Resolves the following for APM Failed transaction rate and APM Error
count rules:
- https://github.com/elastic/kibana/issues/152218
- https://github.com/elastic/kibana/issues/155489
Improvements in the preview chart:
- Showing data grouped by selected group by fields
- Showing 5 groups from each bucket
- Showing last x units (minutes, hours, etc.) data
- Added loading indicator
- Showing tooltip
- Always showing legend
- Max Y is slightly higher than maximum of highest y value or threshold
- Adjusting chart to always show the threshold line
- Fixed
- When removing some fields like transaction type, transaction name,
chart showed no data
- Hiding a particular group (by clicking on legend item), readjusted max
Y value, but same was not reset to original when enabling the group back
## Summary
Partially revert https://github.com/elastic/kibana/pull/159121
Reverts adding Drift chat to management. Part of
https://github.com/elastic/kibana/issues/158835
We decided to revert to adding to management for now because we realized
that there are a lot of cases in the Management app when Drift Chat can
overlap buttons on the page 😢
Here are some examples:
<img width="600" alt="Screenshot 2023-06-15 at 16 20 43"
src="980916dc-b463-45f4-b5c1-bdce9f3f8336">
<img width="600" alt="Screenshot 2023-06-15 at 16 20 43"
src="ec74332b-5c91-4175-bde6-8e736d8bb4fa">
<img width="600" alt="Screenshot 2023-06-15 at 16 20 50"
src="5753b05d-7abc-409f-9a06-9f19a910461a">
This PR does:
- checks Kibana.spec file
- Checks server feature.ts
- Adds correct route access to APIs
- Removes unnecessary logs
- Removes collector and symbolized `secret_token` from config schema as
it won't be used
- Add README file
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Summarize your PR. If it involves visual changes include a screenshot or
gif.
Add `installations_stats` collector which includes the following fields.
The installation stats collector telemetry we used for cloud security
product adoption funnel.
The `installation stats` collector will identify the following:
- which cloud security integration is being installed ('cnvm', 'cspm,
'kspm')
- what deployment environment for cloud security integration( eks, aws,
gcp, ake, self_managed)
- how many agents deployed per integration installation
1340eef2-7df3-46ee-8c6d-4e61af33289b
Here is the Telemetry Schema for Installation Stats
| Column | Data Type | Description |
|--------------------|--------------|-----------------------------------------------------------|
| package_policy_id | string | The ID of the package policy of
integration installed |
| feature | string | The feature integration(cnvm, cspm, kspm)
associated with the package policy |
| package_name | string | The name of the package associated with the
policy |
| package_version | string | The version of the package associated with
the policy which is cloud_security_posture |
| agent_policy_id |string | The ID of the agent policy linked to the
package policy |
| deployment_mode | string | The deployment mode for the kspm, cspm or
cvnm(eks, gcp, aws, self-managed) |
| created_at | string | The timestamp when the package policy was
created |
| created_by | string | The username of the creator of the package
policy |
| agent_count |number | count of agents |
## Summary
Adds the following new fields to allowed Exceptions for Endpoint after
customer and internal requests.
We can backport this to `8.8.2` in addition to shipping in `8.9.0`
```
"process.args",
"process.parent.args",
"dns.question.type",
"file.pe.Ext.dotnet",
"file.pe.Ext.streams.hash.md5",
"file.pe.Ext.streams.hash.sha256",
"file.pe.Ext.sections.hash.sha256",
"file.pe.Ext.sections.hash.md5",
"file.pe.Ext.streams.name",
"Effective_process.entity_id",
"Effective_process.executable",
"Effective_process.name",
"Effective_process.pid"
```
See the Endpoint Exception builder below with the new fields available
for use.
