mirror of
https://github.com/elastic/kibana.git
synced 2025-04-23 01:13:23 -04:00
f0ec68a365
# Backport This will backport the following commits from `main` to `8.x`: - [Add support for GeoIP processor databases in Ingest Pipelines (#190830)](https://github.com/elastic/kibana/pull/190830) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Yulia Čech","email":"6585477+yuliacech@users.noreply.github.com"},"sourceCommit":{"committedDate":"2024-10-15T17:58:43Z","message":"Add support for GeoIP processor databases in Ingest Pipelines (#190830)\n\nFixes https://github.com/elastic/kibana/issues/190818\r\n\r\n## Summary\r\n\r\nElasticsearch has added support for GeoIP, enabling the use of paid\r\nGeoIP databases from MaxMind/IPInfo for more accurate and granular\r\ngeolocation data. As such we should add support to ingest pipelines UI\r\nfor making this available to the user.\r\n\r\n\r\n* If the user doesn't have enough privileges, the \"Manage Pipelines\"\r\nlink and UI won't show.\r\n* Users can add two types of databases through the UI: MaxMind and\r\nIPinfo. Database names are predefined by ES, and the user cannot enter\r\ntheir own.\r\n* Certain types of databases (local and web) can be configured through\r\nES, and these will appear in the UI, but they cannot be deleted as they\r\nare read-only.\r\n* When configuring a `IP location` processor, the database field will\r\ndisplay a list of available and configured databases that the user can\r\nselect. It also allows for free-text input if the user wants to\r\nconfigure a database that does not yet exist.\r\n* The new IP location processor is essentially a clone of the GeoIP\r\nprocessor, which we are moving away from due to copyright issues.\r\nHowever, it was decided that GeoIP will remain as is for backward\r\ncompatibility, and all new work will only be added to IP location going\r\nforward.\r\n* I left a few mocks in the `server/routes/api/geoip_database/list.ts `\r\nto try `local/web` types\r\n\r\n## Release note\r\nThe Ingest Pipelines app now supports adding and managing databases for\r\nthe GeoIP processor. Additionally, the pipeline creation flow now\r\nincludes support for the IP Location processor.\r\n\r\n<details>\r\n<summary>Screenshots</summary>\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n</details>\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\r\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>\r\nCo-authored-by: Ignacio Rivas <rivasign@gmail.com>\r\nCo-authored-by: Elena Stoeva <elenastoeva99@gmail.com>\r\nCo-authored-by: Elena Stoeva <59341489+ElenaStoeva@users.noreply.github.com>\r\nCo-authored-by: Matthew Kime <matt@mattki.me>","sha":"302ac0d336feb861522c9ca3f3c271e172b86ae9","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Kibana Management","v9.0.0","Feature:Ingest Node Pipelines","release_note:feature","backport:prev-minor","ci:cloud-deploy"],"title":"Add support for GeoIP processor databases in Ingest Pipelines","number":190830,"url":"https://github.com/elastic/kibana/pull/190830","mergeCommit":{"message":"Add support for GeoIP processor databases in Ingest Pipelines (#190830)\n\nFixes https://github.com/elastic/kibana/issues/190818\r\n\r\n## Summary\r\n\r\nElasticsearch has added support for GeoIP, enabling the use of paid\r\nGeoIP databases from MaxMind/IPInfo for more accurate and granular\r\ngeolocation data. As such we should add support to ingest pipelines UI\r\nfor making this available to the user.\r\n\r\n\r\n* If the user doesn't have enough privileges, the \"Manage Pipelines\"\r\nlink and UI won't show.\r\n* Users can add two types of databases through the UI: MaxMind and\r\nIPinfo. Database names are predefined by ES, and the user cannot enter\r\ntheir own.\r\n* Certain types of databases (local and web) can be configured through\r\nES, and these will appear in the UI, but they cannot be deleted as they\r\nare read-only.\r\n* When configuring a `IP location` processor, the database field will\r\ndisplay a list of available and configured databases that the user can\r\nselect. It also allows for free-text input if the user wants to\r\nconfigure a database that does not yet exist.\r\n* The new IP location processor is essentially a clone of the GeoIP\r\nprocessor, which we are moving away from due to copyright issues.\r\nHowever, it was decided that GeoIP will remain as is for backward\r\ncompatibility, and all new work will only be added to IP location going\r\nforward.\r\n* I left a few mocks in the `server/routes/api/geoip_database/list.ts `\r\nto try `local/web` types\r\n\r\n## Release note\r\nThe Ingest Pipelines app now supports adding and managing databases for\r\nthe GeoIP processor. Additionally, the pipeline creation flow now\r\nincludes support for the IP Location processor.\r\n\r\n<details>\r\n<summary>Screenshots</summary>\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n</details>\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\r\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>\r\nCo-authored-by: Ignacio Rivas <rivasign@gmail.com>\r\nCo-authored-by: Elena Stoeva <elenastoeva99@gmail.com>\r\nCo-authored-by: Elena Stoeva <59341489+ElenaStoeva@users.noreply.github.com>\r\nCo-authored-by: Matthew Kime <matt@mattki.me>","sha":"302ac0d336feb861522c9ca3f3c271e172b86ae9"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/190830","number":190830,"mergeCommit":{"message":"Add support for GeoIP processor databases in Ingest Pipelines (#190830)\n\nFixes https://github.com/elastic/kibana/issues/190818\r\n\r\n## Summary\r\n\r\nElasticsearch has added support for GeoIP, enabling the use of paid\r\nGeoIP databases from MaxMind/IPInfo for more accurate and granular\r\ngeolocation data. As such we should add support to ingest pipelines UI\r\nfor making this available to the user.\r\n\r\n\r\n* If the user doesn't have enough privileges, the \"Manage Pipelines\"\r\nlink and UI won't show.\r\n* Users can add two types of databases through the UI: MaxMind and\r\nIPinfo. Database names are predefined by ES, and the user cannot enter\r\ntheir own.\r\n* Certain types of databases (local and web) can be configured through\r\nES, and these will appear in the UI, but they cannot be deleted as they\r\nare read-only.\r\n* When configuring a `IP location` processor, the database field will\r\ndisplay a list of available and configured databases that the user can\r\nselect. It also allows for free-text input if the user wants to\r\nconfigure a database that does not yet exist.\r\n* The new IP location processor is essentially a clone of the GeoIP\r\nprocessor, which we are moving away from due to copyright issues.\r\nHowever, it was decided that GeoIP will remain as is for backward\r\ncompatibility, and all new work will only be added to IP location going\r\nforward.\r\n* I left a few mocks in the `server/routes/api/geoip_database/list.ts `\r\nto try `local/web` types\r\n\r\n## Release note\r\nThe Ingest Pipelines app now supports adding and managing databases for\r\nthe GeoIP processor. Additionally, the pipeline creation flow now\r\nincludes support for the IP Location processor.\r\n\r\n<details>\r\n<summary>Screenshots</summary>\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n</details>\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\r\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>\r\nCo-authored-by: Ignacio Rivas <rivasign@gmail.com>\r\nCo-authored-by: Elena Stoeva <elenastoeva99@gmail.com>\r\nCo-authored-by: Elena Stoeva <59341489+ElenaStoeva@users.noreply.github.com>\r\nCo-authored-by: Matthew Kime <matt@mattki.me>","sha":"302ac0d336feb861522c9ca3f3c271e172b86ae9"}}]}] BACKPORT--> Co-authored-by: Elena Stoeva <elenastoeva99@gmail.com>
229 lines
8.5 KiB
YAML
229 lines
8.5 KiB
YAML
interactiveSetup.enabled: false
|
|
newsfeed.enabled: false
|
|
xpack.serverless.plugin.enabled: true
|
|
# Fleet settings
|
|
xpack.fleet.internal.fleetServerStandalone: true
|
|
xpack.fleet.internal.disableILMPolicies: true
|
|
xpack.fleet.internal.activeAgentsSoftLimit: 25000
|
|
xpack.fleet.internal.onlyAllowAgentUpgradeToKnownVersions: true
|
|
xpack.fleet.internal.retrySetupOnBoot: true
|
|
|
|
## Fine-tune the feature privileges.
|
|
xpack.features.overrides:
|
|
dashboard:
|
|
privileges:
|
|
### Dashboard's `All` feature privilege should implicitly grant `All` access to Maps and Visualize features.
|
|
all.composedOf:
|
|
- feature: "maps"
|
|
privileges: [ "all" ]
|
|
- feature: "visualize"
|
|
privileges: [ "all" ]
|
|
### Dashboard's `Read` feature privilege should implicitly grant `Read` access to Maps and Visualize features.
|
|
### Additionally, it should implicitly grant privilege to create short URLs in Visualize app.
|
|
read.composedOf:
|
|
- feature: "maps"
|
|
privileges: [ "read" ]
|
|
- feature: "visualize"
|
|
privileges: [ "read" ]
|
|
### All Dashboard sub-feature privileges should be hidden: reporting capabilities will be granted via dedicated
|
|
### Reporting feature and short URL sub-feature privilege should be granted for both `All` and `Read`.
|
|
subFeatures.privileges:
|
|
download_csv_report.disabled: true
|
|
generate_report.disabled: true
|
|
store_search_session.disabled: true
|
|
url_create:
|
|
disabled: true
|
|
includeIn: "read"
|
|
discover:
|
|
### All Discover sub-feature privileges should be hidden: reporting capabilities will be granted via dedicated
|
|
### Reporting feature and short URL sub-feature privilege should be granted for both `All` and `Read`.
|
|
subFeatures.privileges:
|
|
generate_report.disabled: true
|
|
store_search_session.disabled: true
|
|
url_create:
|
|
disabled: true
|
|
includeIn: "read"
|
|
### Shared images feature is hidden in Role management since it's not needed.
|
|
filesSharedImage.hidden: true
|
|
### Maps feature is hidden in Role management since it's automatically granted by Dashboard feature.
|
|
maps.hidden: true
|
|
### Reporting feature is supposed to give access to reporting capabilities across different features.
|
|
reporting:
|
|
privileges:
|
|
all.composedOf:
|
|
- feature: "dashboard"
|
|
privileges: [ "download_csv_report" ]
|
|
- feature: "discover"
|
|
privileges: [ "generate_report" ]
|
|
### Visualize feature is hidden in Role management since it's automatically granted by Dashboard feature.
|
|
visualize:
|
|
hidden: true
|
|
### The short URL sub-feature privilege should be always granted.
|
|
subFeatures.privileges.url_create.includeIn: "read"
|
|
|
|
# Cloud links
|
|
xpack.cloud.base_url: 'https://cloud.elastic.co'
|
|
|
|
# Disable preboot phase for serverless
|
|
core.lifecycle.disablePreboot: true
|
|
|
|
# Enable ZDT migration algorithm
|
|
migrations.algorithm: zdt
|
|
|
|
# Enable elasticsearch response size circuit breaker
|
|
elasticsearch.maxResponseSize: "100mb"
|
|
|
|
# Limit batch size to reduce possibility of failures.
|
|
# A longer migration time is acceptable due to the ZDT algorithm.
|
|
migrations.batchSize: 250
|
|
|
|
migrations.zdt:
|
|
metaPickupSyncDelaySec: 5
|
|
|
|
# Ess plugins
|
|
xpack.securitySolutionEss.enabled: false
|
|
|
|
# Management team plugins
|
|
xpack.upgrade_assistant.enabled: false
|
|
xpack.rollup.enabled: false
|
|
xpack.watcher.enabled: false
|
|
xpack.ccr.enabled: false
|
|
xpack.ilm.enabled: false
|
|
xpack.remote_clusters.enabled: false
|
|
xpack.snapshot_restore.enabled: false
|
|
xpack.license_management.enabled: false
|
|
|
|
# Management team UI configurations
|
|
# Disable index actions from the Index Management UI
|
|
xpack.index_management.enableIndexActions: false
|
|
# Disable legacy index templates from Index Management UI
|
|
xpack.index_management.enableLegacyTemplates: false
|
|
# Disable index stats information from Index Management UI
|
|
xpack.index_management.enableIndexStats: false
|
|
# Enable size and doc count information via metering API from Index Management UI
|
|
xpack.index_management.enableSizeAndDocCount: true
|
|
# Disable data stream stats information from Index Management UI
|
|
xpack.index_management.enableDataStreamStats: false
|
|
# Only limited index settings can be edited
|
|
xpack.index_management.editableIndexSettings: limited
|
|
# Disable _source field in the Mappings editor's advanced options form from Index Management UI
|
|
xpack.index_management.enableMappingsSourceFieldSection: false
|
|
# Disable toggle for enabling data retention in DSL form from Index Management UI
|
|
xpack.index_management.enableTogglingDataRetention: false
|
|
|
|
# Disable Manage Processors UI in Ingest Pipelines
|
|
xpack.ingest_pipelines.enableManageProcessors: false
|
|
|
|
# Keep deeplinks visible so that they are shown in the sidenav
|
|
dev_tools.deeplinks.navLinkStatus: visible
|
|
management.deeplinks.navLinkStatus: visible
|
|
|
|
# Onboarding team UI configurations
|
|
xpack.cloud_integrations.data_migration.enabled: false
|
|
guided_onboarding.enabled: false
|
|
|
|
# Other disabled plugins
|
|
xpack.canvas.enabled: false
|
|
data.search.sessions.enabled: false
|
|
advanced_settings.globalSettingsEnabled: false
|
|
|
|
# Disable the browser-side functionality that depends on SecurityCheckupGetStateRoutes
|
|
xpack.security.showInsecureClusterWarning: false
|
|
|
|
# Disable UI of security management plugins
|
|
xpack.security.ui.userManagementEnabled: false
|
|
xpack.security.ui.roleMappingManagementEnabled: false
|
|
|
|
# Enforce restring access to internal APIs see https://github.com/elastic/kibana/issues/151940
|
|
server.restrictInternalApis: true
|
|
# Telemetry enabled by default and not disableable via UI
|
|
telemetry.optIn: true
|
|
telemetry.allowChangingOptInStatus: false
|
|
|
|
# Harden security response headers, see https://github.com/elastic/kibana/issues/150884
|
|
# The browser should remember that a site, including subdomains, is only to be accessed using HTTPS for 1 year
|
|
# Can override this setting in kibana.dev.yml, e.g. server.securityResponseHeaders.strictTransportSecurity: null
|
|
server.securityResponseHeaders.strictTransportSecurity: max-age=31536000; includeSubDomains
|
|
# Disable embedding for serverless MVP
|
|
server.securityResponseHeaders.disableEmbedding: true
|
|
|
|
# default to newest routes
|
|
server.versioned.versionResolution: newest
|
|
# do not enforce client version check
|
|
server.versioned.strictClientVersionCheck: false
|
|
|
|
# Enforce single "default" space and disable feature visibility controls
|
|
xpack.spaces.maxSpaces: 1
|
|
xpack.spaces.allowFeatureVisibility: false
|
|
xpack.spaces.allowSolutionVisibility: false
|
|
|
|
# Only display console autocomplete suggestions for ES endpoints that are available in serverless
|
|
console.autocompleteDefinitions.endpointsAvailability: serverless
|
|
|
|
# Do not check the ES version when running on Serverless
|
|
elasticsearch.ignoreVersionMismatch: true
|
|
|
|
# Limit maxSockets to 800 as we do in ESS, which improves reliability under high loads.
|
|
elasticsearch.maxSockets: 800
|
|
|
|
# Visualizations editors readonly settings
|
|
vis_type_gauge.readOnly: true
|
|
vis_type_heatmap.readOnly: true
|
|
vis_type_metric.readOnly: true
|
|
vis_type_pie.readOnly: true
|
|
vis_type_table.readOnly: true
|
|
vis_type_tagcloud.readOnly: true
|
|
vis_type_timelion.readOnly: true
|
|
vis_type_timeseries.readOnly: true
|
|
vis_type_vislib.readOnly: true
|
|
vis_type_xy.readOnly: true
|
|
input_control_vis.readOnly: true
|
|
xpack.graph.enabled: false
|
|
|
|
# Disable cases in stack management
|
|
xpack.cases.stack.enabled: false
|
|
|
|
# Alerting and action circuit breakers
|
|
xpack.alerting.rules.run.actions.max: 3000
|
|
xpack.alerting.rules.run.timeout: 1m
|
|
xpack.alerting.rules.run.ruleTypeOverrides:
|
|
- id: siem.indicatorRule
|
|
timeout: 10m
|
|
- id: siem.eqlRule
|
|
timeout: 5m
|
|
xpack.alerting.rules.minimumScheduleInterval.enforce: true
|
|
xpack.alerting.rules.maxScheduledPerMinute: 400
|
|
xpack.actions.run.maxAttempts: 10
|
|
xpack.actions.queued.max: 10000
|
|
|
|
uiSettings:
|
|
overrides:
|
|
# Disables ESQL in advanced settings (hides it from the UI)
|
|
enableESQL: true
|
|
bfetch:disable: true
|
|
# Disables `Defer loading panels below "the fold"`
|
|
labs:dashboard:deferBelowFold: false
|
|
|
|
# Task Manager
|
|
xpack.task_manager.claim_strategy: mget
|
|
xpack.task_manager.allow_reading_invalid_state: false
|
|
xpack.task_manager.request_timeouts.update_by_query: 60000
|
|
xpack.task_manager.metrics_reset_interval: 120000
|
|
|
|
# Reporting feature
|
|
xpack.screenshotting.enabled: false
|
|
xpack.reporting.queue.pollInterval: 3m
|
|
xpack.reporting.roles.enabled: false
|
|
xpack.reporting.statefulSettings.enabled: false
|
|
xpack.reporting.csv.maxConcurrentShardRequests: 0
|
|
|
|
# Disabled Observability plugins
|
|
xpack.ux.enabled: false
|
|
xpack.legacy_uptime.enabled: false
|
|
monitoring.enabled: false
|
|
monitoring.ui.enabled: false
|
|
|
|
## Enable uiSettings validations
|
|
xpack.securitySolution.enableUiSettingsValidations: true
|
|
data.enableUiSettingsValidations: true
|
|
discover.enableUiSettingsValidations: true
|