mirror of https://github.com/elastic/kibana.git synced 2025-04-24 09:48:58 -04:00

Your window into the Elastic Stack

dashboards elasticsearch hacktoberfest kibana metrics observability visualizations

Find a file

Karl Godard 7b31ca96dd D4C + SessionView usage telemetry (#161385 ) ## Summary Ticket: https://github.com/elastic/kibana/issues/161201 An initial pass at adding usageCollection telemetry for cloud_defend (D4C), as well as some click tracking around the SessionView plugin. The cloud_defend telemetry schema mirrors that of CSP (see: https://docs.elastic.dev/security-solution/cloud-security-posture/telemetry/technical-index) but with metrics relevant to the cloud-defend service instead of kspm cspm etc... (e.g findings) The cloud_defend daily telemetry schema can be seen here: x-pack/plugins/cloud_defend/server/lib/telemetry/collectors/schema.ts The biggest difference is that instead of counts around findings/vuln, it is showing file/process/alert document counts, as well as sending up yaml and json versions of the cloud-defend policy schema. The json policy fields are all typed and can be used to run any aggregate query needed to dig into a a customer's policy usage. e.g which selector conditions they use, and if they are blocking any operations like 'fork', 'exec', 'createFile', 'deleteFile', etc... Documentation on how cloud-defend policies work can be found here: https://github.com/elastic/integrations/tree/main/packages/cloud_defend#policy-example TODO: - cloud-defend binary needs to start populating kubernetes_version. I imagine we could make use of https://www.elastic.co/guide/en/ecs/8.5/ecs-orchestrator.html#field-orchestrator-cluster-version for this? cc @norrietaylor The following click tracking events have been added to session_view: ``` export type SessionViewTelemetryKey = \| 'loaded_from_cloud_defend_log' \| 'loaded_from_cloud_defend_alert' \| 'loaded_from_endpoint_log' \| 'loaded_from_endpoint_alert' \| 'loaded_from_unknown_log' \| 'loaded_from_unknown_alert' \| 'refresh_clicked' \| 'process_selected' \| 'collapse_tree' \| 'children_opened' \| 'children_closed' \| 'alerts_opened' \| 'alerts_closed' \| 'details_opened' \| 'details_closed' \| 'output_clicked' \| 'alert_details_loaded' \| 'disabled_tty_clicked' // tty button clicked when disabled (no data or not enabled) \| 'tty_loaded' // tty player succesfully loaded \| 'tty_playback_started' \| 'tty_playback_stopped' \| 'verbose_mode_enabled' \| 'verbose_mode_disabled' \| 'timestamp_enabled' \| 'timestamp_disabled' \| 'search_performed' \| 'search_next' \| 'search_previous'; ``` Sample output for cloud_defend daily telemetry: ``` "cloud_defend": { "indices": { "alerts": { "doc_count": 116, "deleted": 0, "size_in_bytes": 203482, "last_doc_timestamp": "2023-07-15T02:11:16.478Z" }, "file": { "doc_count": 44, "deleted": 0, "size_in_bytes": 168313, "last_doc_timestamp": "2023-07-15T02:11:16.478Z" }, "process": { "doc_count": 85353, "deleted": 0, "size_in_bytes": 54157433, "last_doc_timestamp": "2023-07-15T02:15:47.214Z" }, "latestPackageVersion": "1.0.7", "packageStatus": { "status": "indexed", "installedPackagePolicies": 1, "healthyAgents": 0 } }, "accounts_stats": [ { "account_id": "a9f309fb-d427-42c8-90de-48653f7ea6d7", "total_doc_count": 85513, "file_doc_count": 160, "process_doc_count": 85353, "alert_doc_count": 116, "kubernetes_version": null, "cloud_provider": "gcp", "agents_count": 3, "nodes_count": 3, "pods_count": 7 } ], "pods_stats": [ { "account_id": "a9f309fb-d427-42c8-90de-48653f7ea6d7", "pod_name": "pdcsi-node-shrsp", "container_image_name": "gke.gcr.io/csi-node-driver-registrar", "container_image_tag": "v2.8.0-gke.1", "total_doc_count": 19152, "file_doc_count": 0, "process_doc_count": 19152, "alert_doc_count": 0 }, { "account_id": "a9f309fb-d427-42c8-90de-48653f7ea6d7", "pod_name": "pdcsi-node-6w5nw", "container_image_name": "gke.gcr.io/csi-node-driver-registrar", "container_image_tag": "v2.8.0-gke.1", "total_doc_count": 19149, "file_doc_count": 0, "process_doc_count": 19149, "alert_doc_count": 0 }, { "account_id": "a9f309fb-d427-42c8-90de-48653f7ea6d7", "pod_name": "pdcsi-node-ltg8s", "container_image_name": "gke.gcr.io/csi-node-driver-registrar", "container_image_tag": "v2.8.0-gke.1", "total_doc_count": 19148, "file_doc_count": 0, "process_doc_count": 19148, "alert_doc_count": 0 }, { "account_id": "a9f309fb-d427-42c8-90de-48653f7ea6d7", "pod_name": "kube-proxy-gke-kg-dev-default-pool-9347b91e-rqb0", "container_image_name": "gke.gcr.io/kube-proxy-amd64", "container_image_tag": "v1.26.5-gke.1200", "total_doc_count": 9141, "file_doc_count": 0, "process_doc_count": 9141, "alert_doc_count": 0 }, { "account_id": "a9f309fb-d427-42c8-90de-48653f7ea6d7", "pod_name": "kube-proxy-gke-kg-dev-default-pool-9347b91e-lflp", "container_image_name": "gke.gcr.io/kube-proxy-amd64", "container_image_tag": "v1.26.5-gke.1200", "total_doc_count": 9139, "file_doc_count": 0, "process_doc_count": 9139, "alert_doc_count": 0 }, { "account_id": "a9f309fb-d427-42c8-90de-48653f7ea6d7", "pod_name": "kube-proxy-gke-kg-dev-default-pool-9347b91e-t9jd", "container_image_name": "gke.gcr.io/kube-proxy-amd64", "container_image_tag": "v1.26.5-gke.1200", "total_doc_count": 9139, "file_doc_count": 0, "process_doc_count": 9139, "alert_doc_count": 0 }, { "account_id": "a9f309fb-d427-42c8-90de-48653f7ea6d7", "pod_name": "elastic-agent-667qf", "container_image_name": "docker.elastic.co/elastic-agent/elastic-agent", "container_image_tag": "8.8.0", "total_doc_count": 645, "file_doc_count": 160, "process_doc_count": 485, "alert_doc_count": 116 } ], "installation_stats": [ { "package_policy_id": "7814c387-58a4-4e5c-8475-38e86f584971", "package_version": "1.0.7", "created_at": "2023-07-12T19:23:19.432Z", "agent_policy_id": "6bece4a0-20e9-11ee-8d36-0d4244506490", "agent_count": 0, "policy_yaml": """process: selectors: - name: allProcesses operation: [fork, exec] responses: - match: [allProcesses] actions: [log] file: selectors: - name: executableChanges operation: [createExecutable, modifyExecutable] responses: - match: [executableChanges] actions: [alert] """, "selectors": [ { "name": "allProcesses", "operation": [ "fork", "exec" ], "type": "process" }, { "name": "executableChanges", "operation": [ "createExecutable", "modifyExecutable" ], "type": "file" } ], "responses": [ { "match": [ "allProcesses" ], "actions": [ "log" ], "type": "process" }, { "match": [ "executableChanges" ], "actions": [ "alert" ], "type": "file" } ] } ] }, ``` ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>		2023-07-17 13:45:40 -07:00
.buildkite	add quotes in yaml to ensure commit has integrity (#161934 )	2023-07-14 23:09:00 +02:00
.ci	Upgrade Node.js to 16.20.1 (#160177 )	2023-06-21 16:57:55 -05:00
.github	[Security Solution] Establish unified API schema folder (#160447 )	2023-07-17 09:45:06 -07:00
api_docs	[api-docs] 2023-07-17 Daily api_docs build (#162015 )	2023-07-17 00:53:35 -04:00
config	[Console] Filter autocomplete endpoints by availability (#161781 )	2023-07-14 10:29:27 +01:00
dev_docs	[Docs] [APM] Clarify which Kibana deployment (#160991 )	2023-06-30 15:54:53 +02:00
docs	[DOCS] Clarify API key authorization for alerting (#161717 )	2023-07-17 09:41:23 -07:00
examples	[Embeddable] Refactor embeddable panel (#159837 )	2023-07-17 12:14:31 -04:00
kbn_pm	chore(NA): exit early with link for docs when using kbn_pm on windows (#139745 )	2023-02-10 15:38:29 +00:00
legacy_rfcs	rename @elastic/* packages to @kbn/* (#138957 )	2022-08-18 08:54:42 -07:00
licenses	Elastic License 2.0 (#90099 )	2021-02-03 18:12:39 -08:00
packages	Bump jest@29.6.1 (#161630 )	2023-07-15 17:42:30 +02:00
plugins	[dev/cli] ensure plugins/ and all watch source dirs exist (#78973 )	2020-09-30 10:20:44 -07:00
scripts	[Console] Use ES specification for autocomplete definitions (#159241 )	2023-06-23 12:05:25 -07:00
src	D4C + SessionView usage telemetry (#161385 )	2023-07-17 13:45:40 -07:00
test	[Embeddable] Refactor embeddable panel (#159837 )	2023-07-17 12:14:31 -04:00
typings	Refactor react-tiny-virtual-list (#159023 )	2023-06-12 17:20:16 +02:00
vars	[RAM] Alert table all column fix 2 (#161054 )	2023-07-07 09:57:22 -06:00
x-pack	D4C + SessionView usage telemetry (#161385 )	2023-07-17 13:45:40 -07:00
.backportrc.json	chore(NA): adds 8.9 into backportrc (#160154 )	2023-06-22 15:38:51 +01:00
.bazelignore	Bazel config maintenance (#135442 )	2022-07-05 10:20:26 -05:00
.bazeliskversion	chore(NA): upgrade bazelisk into v1.11.0 (#125070 )	2022-02-09 20:43:57 +00:00
.bazelrc	chore(NA): use new and more performant BuildBuddy servers (#130350 )	2022-04-18 02:01:38 +01:00
.bazelrc.common	Transpile packages on demand, validate all TS projects (#146212 )	2022-12-22 19:00:29 -06:00
.bazelversion	chore(NA): revert bazel upgrade for v5.2.0 (#135096 )	2022-06-24 03:57:21 +01:00
.browserslistrc	[browserslist] remove unnecessary browsers (#89186 )	2021-01-25 16:30:18 -07:00
.editorconfig	`.editorconfig` MDX files should follow the same rules as MD (#96942 )	2021-04-13 11:40:42 -04:00
.eslintignore	[`NOTICE.txt`] Fix notices for Gainsight and FullStory (#146004 )	2023-01-13 14:49:43 +01:00
.eslintrc.js	[SecuritySolution] Rename security solution plugins (#161153 )	2023-07-05 13:51:49 +02:00
.gitattributes
.gitignore	Update gitignore (#161975 )	2023-07-14 08:26:21 -07:00
.i18nrc.json	[Deployment Management] Add cards navigation in management landing page for serverless (#160096 )	2023-06-30 11:27:56 +02:00
.node-version	Upgrade Node.js to 16.20.1 (#160177 )	2023-06-21 16:57:55 -05:00
.npmrc	chore(NA): assure puppeteer_skip_chromium_download is applied across every yarn install situation (#88346 )	2021-01-14 18:00:23 +00:00
.nvmrc	Upgrade Node.js to 16.20.1 (#160177 )	2023-06-21 16:57:55 -05:00
.prettierignore	[dev] Replace sass-lint with stylelint (#86177 )	2021-01-15 11:52:29 -06:00
.prettierrc
.stylelintignore	chore(NA): stop grouping bazel out symlink folders (#96066 )	2021-04-01 14:16:14 -05:00
.stylelintrc	Bump stylelint to ^14 (#136693 )	2022-07-20 10:11:00 -05:00
.telemetryrc.json	[Telemetry] Fix telemetry-tools TS parser for packages (#149819 )	2023-01-31 04:09:09 +03:00
.yarnrc	chore(NA): manage npm dependencies within bazel (#92864 )	2021-03-03 12:37:20 -05:00
BUILD.bazel	Transpile packages on demand, validate all TS projects (#146212 )	2022-12-22 19:00:29 -06:00
CODE_OF_CONDUCT.md	Add CODE_OF_CONDUCT.md (#87439 )	2021-02-23 09:01:51 +01:00
CONTRIBUTING.md	Update doc slugs to improve analytic tracking, move to appropriate folders (#113630 )	2021-10-04 13:36:45 -04:00
FAQ.md	Fix small typos in the root md files (#134609 )	2022-06-23 09:36:11 -05:00
fleet_packages.json	[main] Sync bundled packages with Package Storage (#162005 )	2023-07-17 09:51:23 +02:00
github_checks_reporter.json
Jenkinsfile	[CI] Disable tracked branch jobs in Jenkins, enable reporting in Buildkite (#112604 )	2021-09-21 11:31:15 -04:00
kibana.d.ts	fix all violations	2022-04-16 01:37:30 -05:00
LICENSE.txt	Elastic License 2.0 (#90099 )	2021-02-03 18:12:39 -08:00
nav-kibana-dev.docnav.json	Adds link to May 2023 contributors newsletter. (#159140 )	2023-06-06 14:21:08 -06:00
NOTICE.txt	[FullStory] Update snippet (#153570 )	2023-04-18 04:06:05 -07:00
package.json	Update dependency elastic-apm-node to ^3.48.0 (main) (#161993 )	2023-07-17 04:25:34 -04:00
preinstall_check.js	Elastic License 2.0 (#90099 )	2021-02-03 18:12:39 -08:00
README.md	[README] Update version Compatibility with Elasticsearch (#116040 )	2022-01-10 10:31:21 -05:00
renovate.json	Upgrades protobufjs 6.11.3 -> 7.2.4 (#161407 )	2023-07-13 08:51:55 -04:00
RISK_MATRIX.mdx	Add "Risk Matrix" section to the PR template (#100649 )	2021-06-02 14:43:47 +02:00
SECURITY.md	Add security policy to the Kibana repository (#85407 )	2020-12-10 09:26:00 -05:00
STYLEGUIDE.mdx	[styleguide] update path to scss theme (#140742 )	2022-09-15 10:41:14 -04:00
tsconfig.base.json	[Response Ops][Actions] Allow streaming responses from Generative AI connector (#161676 )	2023-07-14 19:17:12 -04:00
tsconfig.browser.json
tsconfig.browser_bazel.json	[build_ts_refs] improve caches, allow building a subset of projects (#107981 )	2021-08-10 22:12:45 -07:00
tsconfig.json	Transpile packages on demand, validate all TS projects (#146212 )	2022-12-22 19:00:29 -06:00
TYPESCRIPT.md	Fix small typos in the root md files (#134609 )	2022-06-23 09:36:11 -05:00
versions.json	chore(NA): update versions after v7.17.12 bump (#160917 )	2023-06-29 21:59:23 +01:00
WORKSPACE.bazel	Upgrade Node.js to 16.20.1 (#160177 )	2023-06-21 16:57:55 -05:00
yarn.lock	Update dependency elastic-apm-node to ^3.48.0 (main) (#161993 )	2023-07-17 04:25:34 -04:00

README.md

Kibana

Kibana is your window into the Elastic Stack. Specifically, it's a browser-based analytics and search dashboard for Elasticsearch.

Getting Started
- Using a Kibana Release
- Building and Running Kibana, and/or Contributing Code
Documentation
Version Compatibility with Elasticsearch
Questions? Problems? Suggestions?

Getting Started

If you just want to try Kibana out, check out the Elastic Stack Getting Started Page to give it a whirl.

If you're interested in diving a bit deeper and getting a taste of Kibana's capabilities, head over to the Kibana Getting Started Page.

Using a Kibana Release

If you want to use a Kibana release in production, give it a test run, or just play around:

Download the latest version on the Kibana Download Page.
Learn more about Kibana's features and capabilities on the Kibana Product Page.
We also offer a hosted version of Kibana on our Cloud Service.

Building and Running Kibana, and/or Contributing Code

You might want to build Kibana locally to contribute some code, test out the latest features, or try out an open PR:

CONTRIBUTING.md will help you get Kibana up and running.
If you would like to contribute code, please follow our STYLEGUIDE.mdx.
For all other questions, check out the FAQ.md and wiki.

Documentation

Visit Elastic.co for the full Kibana documentation.

For information about building the documentation, see the README in elastic/docs.

Version Compatibility with Elasticsearch

Ideally, you should be running Elasticsearch and Kibana with matching version numbers. If your Elasticsearch has an older version number or a newer major number than Kibana, then Kibana will fail to run. If Elasticsearch has a newer minor or patch number than Kibana, then the Kibana Server will log a warning.

Note: The version numbers below are only examples, meant to illustrate the relationships between different types of version numbers.

Situation	Example Kibana version	Example ES version	Outcome
Versions are the same.	7.15.1	7.15.1	💚 OK
ES patch number is newer.	7.15.0	7.15.1	⚠️ Logged warning
ES minor number is newer.	7.14.2	7.15.0	⚠️ Logged warning
ES major number is newer.	7.15.1	8.0.0	🚫 Fatal error
ES patch number is older.	7.15.1	7.15.0	⚠️ Logged warning
ES minor number is older.	7.15.1	7.14.2	🚫 Fatal error
ES major number is older.	8.0.0	7.15.1	🚫 Fatal error

Questions? Problems? Suggestions?

If you've found a bug or want to request a feature, please create a GitHub Issue. Please check to make sure someone else hasn't already created an issue for the same topic.
Need help using Kibana? Ask away on our Kibana Discuss Forum and a fellow community member or Elastic engineer will be glad to help you out.