Your window into the Elastic Stack
Find a file
Marshall Main 10f4c199ee
[Security Solution][Detection Engine] Fix chunking logic so importing many rules with exception lists works (#190447)
## Summary

@Mikaayenson reported that rule import fails when importing many rules
with exceptions. We are only fetching the first 100 exception lists for
reference verification after importing exceptions from the rule import,
so if there are more than 100 exception lists then they will be imported
but the rules will appear to have a missing exception list reference.

Since we're already processing the rules in chunks, this PR changes the
logic so we fetch exception lists for each chunk of 50 rules
independently. There's still a possibility that 50 rules could have more
than 1000 exception lists referenced and we might run into the same
problem again. To fix the problem permanently we need to update the
exception lists client to support paging through exception lists so we
can reliably fetch all exception lists referenced by a chunk of rules.
However that's a more involved fix that'll have to wait for a follow up
PR.

### Testing
The rule export file below contains 210 rules, each with an exception
list. It triggers the failure when imported on `main` but works with
this PR. Rename the file to `.ndjson` from `.json` - github doesn't
allow uploading `.ndjson` files so I renamed it before uploading here.
[rules_export
(1).json](https://github.com/user-attachments/files/16603839/rules_export.1.json)
2024-08-15 13:15:05 -07:00
.buildkite [Logs] Provide help for migrating Logs UI settings (#189646) 2024-08-14 19:11:57 +01:00
.github [ci] Update backport labels (#190638) 2024-08-15 14:29:44 -05:00
api_docs [api-docs] 2024-08-15 Daily api_docs build (#190576) 2024-08-15 04:51:27 +00:00
config [Console] Enable the monaco migration on serverless projects (#189748) 2024-08-08 10:55:49 -05:00
dev_docs [Docs] Added callout to docs team to OAS tutorial (#187750) 2024-07-08 17:30:10 +02:00
docs [Synthetics] Delete monitor API via id param !! (#190210) 2024-08-12 21:13:33 +02:00
examples [control group] implement lastUsedDataViewId$ (#190269) 2024-08-15 09:59:10 -06:00
kbn_pm chore(NA): remove usage of re2 and replace it with a non native module (#188134) 2024-07-15 20:33:28 +01:00
legacy_rfcs rename @elastic/* packages to @kbn/* (#138957) 2022-08-18 08:54:42 -07:00
licenses build: remove requirement to clone open-source repo (#180715) 2024-04-15 15:10:46 -05:00
oas_docs [DOCS][OAS] Add Fleet APIs (#190571) 2024-08-15 12:49:58 -05:00
packages [Infra] Hosts view list only apm and system integration hosts (#190049) 2024-08-15 12:19:13 -05:00
plugins
scripts Minimize shared-common everywhere (#188606) 2024-07-29 12:47:46 -06:00
src [Visualize] unskip visualize flaky tests (#190249) 2024-08-15 21:19:49 +02:00
test [Visualize] unskip visualize flaky tests (#190249) 2024-08-15 21:19:49 +02:00
typings Remove legacy kibana react code editor (#171047) 2024-01-05 14:35:09 +01:00
x-pack [Security Solution][Detection Engine] Fix chunking logic so importing many rules with exception lists works (#190447) 2024-08-15 13:15:05 -07:00
.backportrc.json chore(NA): adds 8.16 into backportrc (#187530) 2024-07-04 19:09:25 +01:00
.bazelignore Remove references to deleted .ci folder (#177168) 2024-02-20 19:54:21 +01:00
.bazeliskversion chore(NA): upgrade bazelisk into v1.11.0 (#125070) 2022-02-09 20:43:57 +00:00
.bazelrc chore(NA): use new and more performant BuildBuddy servers (#130350) 2022-04-18 02:01:38 +01:00
.bazelrc.common Transpile packages on demand, validate all TS projects (#146212) 2022-12-22 19:00:29 -06:00
.bazelversion chore(NA): revert bazel upgrade for v5.2.0 (#135096) 2022-06-24 03:57:21 +01:00
.browserslistrc Add Firefox ESR to browserlistrc (#184462) 2024-05-29 17:53:18 -05:00
.editorconfig
.eslintignore [ES|QL] New @kbn/esql-services package (#179029) 2024-03-27 14:39:48 +01:00
.eslintrc.js [FTR] support "deployment agnostic" api-integration tests (#189853) 2024-08-07 10:34:52 -05:00
.gitattributes
.gitignore [Moving] Move APM and APM_Data_Access folders into /x-pack/observability_solution/ (#177433) 2024-02-23 09:56:21 -07:00
.i18nrc.json [Security Solution][Admin][AVC Banner] AVC banner logic moved into a kbn package (#188359) 2024-07-19 09:24:28 +10:00
.node-version Upgrade Node.js to 20.15.1 (#187791) 2024-07-15 12:34:07 -05:00
.npmrc [npmrc] Fix puppeteer_skip_download configuration (#177673) 2024-02-22 18:59:01 -07:00
.nvmrc Upgrade Node.js to 20.15.1 (#187791) 2024-07-15 12:34:07 -05:00
.prettierignore
.prettierrc
.puppeteerrc Add .puppeteerrc (#179847) 2024-04-03 09:14:39 -05:00
.stylelintignore
.stylelintrc Bump stylelint to ^14 (#136693) 2022-07-20 10:11:00 -05:00
.telemetryrc.json [Telemetry] Fix telemetry-tools TS parser for packages (#149819) 2023-01-31 04:09:09 +03:00
.yarnrc
BUILD.bazel Transpile packages on demand, validate all TS projects (#146212) 2022-12-22 19:00:29 -06:00
catalog-info.yaml [sonarqube] Disable cron (#190611) 2024-08-15 09:19:09 -05:00
CODE_OF_CONDUCT.md
CONTRIBUTING.md
FAQ.md Fix small typos in the root md files (#134609) 2022-06-23 09:36:11 -05:00
fleet_packages.json [main] Sync bundled packages with Package Storage (#190192) 2024-08-09 09:22:55 +02:00
github_checks_reporter.json
kibana.d.ts fix all violations 2022-04-16 01:37:30 -05:00
LICENSE.txt
nav-kibana-dev.docnav.json Adds link to ESO developer documentation in nav (#187867) 2024-07-10 11:50:26 +02:00
NOTICE.txt Copy assets from appropriate directory for kbn-monaco (#178669) 2024-03-21 16:29:20 +01:00
package.json [eem] update builtin definitions (#188351) 2024-08-15 17:00:31 +02:00
preinstall_check.js Always throw error objects - never strings (#171498) 2023-11-20 09:23:16 -05:00
README.md [README] Update version Compatibility with Elasticsearch (#116040) 2022-01-10 10:31:21 -05:00
renovate.json [renovate] Add launchdarkly github action (#190535) 2024-08-14 15:08:30 -05:00
RISK_MATRIX.mdx
run_fleet_setup_parallel.sh [Fleet] Prevent concurrent runs of Fleet setup (#183636) 2024-05-31 16:38:51 +02:00
SECURITY.md
sonar-project.properties [sonar scan] Scan public directories (#190350) 2024-08-12 17:14:48 -05:00
STYLEGUIDE.mdx [styleguide] update path to scss theme (#140742) 2022-09-15 10:41:14 -04:00
tsconfig.base.json [eem] update builtin definitions (#188351) 2024-08-15 17:00:31 +02:00
tsconfig.browser.json
tsconfig.browser_bazel.json
tsconfig.json Transpile packages on demand, validate all TS projects (#146212) 2022-12-22 19:00:29 -06:00
TYPESCRIPT.md Fix small typos in the root md files (#134609) 2022-06-23 09:36:11 -05:00
versions.json chore(NA): update versions after v8.15.1 bump (#190155) 2024-08-09 20:09:13 +01:00
WORKSPACE.bazel chore(NA): remove usage of re2 and replace it with a non native module (#188134) 2024-07-15 20:33:28 +01:00
yarn.lock [eem] update builtin definitions (#188351) 2024-08-15 17:00:31 +02:00

Kibana

Kibana is your window into the Elastic Stack. Specifically, it's a browser-based analytics and search dashboard for Elasticsearch.

Getting Started

If you just want to try Kibana out, check out the Elastic Stack Getting Started Page to give it a whirl.

If you're interested in diving a bit deeper and getting a taste of Kibana's capabilities, head over to the Kibana Getting Started Page.

Using a Kibana Release

If you want to use a Kibana release in production, give it a test run, or just play around:

Building and Running Kibana, and/or Contributing Code

You might want to build Kibana locally to contribute some code, test out the latest features, or try out an open PR:

Documentation

Visit Elastic.co for the full Kibana documentation.

For information about building the documentation, see the README in elastic/docs.

Version Compatibility with Elasticsearch

Ideally, you should be running Elasticsearch and Kibana with matching version numbers. If your Elasticsearch has an older version number or a newer major number than Kibana, then Kibana will fail to run. If Elasticsearch has a newer minor or patch number than Kibana, then the Kibana Server will log a warning.

Note: The version numbers below are only examples, meant to illustrate the relationships between different types of version numbers.

Situation Example Kibana version Example ES version Outcome
Versions are the same. 7.15.1 7.15.1 💚 OK
ES patch number is newer. 7.15.0 7.15.1 ⚠️ Logged warning
ES minor number is newer. 7.14.2 7.15.0 ⚠️ Logged warning
ES major number is newer. 7.15.1 8.0.0 🚫 Fatal error
ES patch number is older. 7.15.1 7.15.0 ⚠️ Logged warning
ES minor number is older. 7.15.1 7.14.2 🚫 Fatal error
ES major number is older. 8.0.0 7.15.1 🚫 Fatal error

Questions? Problems? Suggestions?

  • If you've found a bug or want to request a feature, please create a GitHub Issue. Please check to make sure someone else hasn't already created an issue for the same topic.
  • Need help using Kibana? Ask away on our Kibana Discuss Forum and a fellow community member or Elastic engineer will be glad to help you out.