[PoC] Discover tabs#11
Closed
davismcphee wants to merge 169 commits into
Closed
Conversation
davismcphee
force-pushed
the
poc-discover-tabs
branch
3 times, most recently
from
8c62074 to
058b0e4
Compare
…15672) ## Summary Fix Unable to switch between Risk Contributions and Insights on host details flyout. **Pre Conditions** 1. Alerts should be available on Kibana. 2. Entity Risk Score must be enabled. **Steps** 1. Navigate to a page where the flyout is available. 3. For any Entity, open details flyout 4. Expand Details flyout (left panel). 5. Observe that the user cannot switch between `Risk Contributions` and `Insights` tabs. **Expected Result** The user should be able to switch between `Risk Contributions` and `Insights` tabs. **Screen Recording** https://github.com/user-attachments/assets/3aae6291-5b5b-49a4-83c2-ac657e4e9524 ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
…lkCreateFactory, enrichEvents factory (elastic#214856) ## Summary Another follow up to elastic#212694 - Removes `alertWithSuppression` from `sharedParams` since it's already available on `services` - Updates the type of `services` throughout DE executor logic to properly represent that it has `alertWithSuppression` - Removes `experimentalFeatures` as a param from functions that no longer need it - Converts `bulkCreate` from a factory to a const function - Converts `enrichAlerts` from a factory to a const function - but enrichment logic is still passed to the persistence functions as a function. Now it's just one layer of factories instead of two. - Renames types related to `enrichAlerts` to match the function names/responsibilities better --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
When setting the `canViewMlNodes`, we were assuming a serverless environment based on whether all ML features (ad, dfa, nlp) were enabled. When this was originally implemented no serverless project had all three features enabled. Since then the security project has [changed](elastic#175358) to include all three features. This PR add an explicit check for serverless and disables `canViewMlNodes` if it is true. Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
## Summary Text in various places updated. Added some telemetry that was decided. Small visual changes on empty prompt page. Added a new example in a collapsible accordion. Also enables the synonyms plugin by default. <img width="1637" alt="Screenshot 2025-03-24 at 10 36 26" src="https://github.com/user-attachments/assets/b02ef4a7-a18f-44b5-a845-d2566102e8ea" /> <img width="1627" alt="Screenshot 2025-03-24 at 10 36 40" src="https://github.com/user-attachments/assets/f7ea1c5e-d82e-497a-b215-5eab7190f041" /> <img width="1634" alt="Screenshot 2025-03-24 at 10 36 52" src="https://github.com/user-attachments/assets/d410bcc1-c075-4b5a-bcb7-11f97c64ffb9" /> <img width="825" alt="Screenshot 2025-03-24 at 10 37 00" src="https://github.com/user-attachments/assets/8a9e7567-5dbd-4238-8f8b-297b78a4dcac" /> ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Closes elastic#215743 ## Summary Allow for undefined serverArgs when FIPS test configs are overridden.
## Summary After elastic#214843, `axios` client usages need to set a flag to prevent the vulnerable behavior. To reviewers: if you think it's a mistake, and you created a client to request for absolute URLs, consider unsetting the `baseURL` to communicate intent.
…nternal endpoint (elastic#214364) ## Summary The healthcheck endpoint is used internally to gather debugging information for a rule. We would like to enrich this information with a summary of rule gaps. More information on issue [elastic#11949](elastic/security-team#11949) Co-authored with: @nkhristinin
## Summary Unskipping and fixing skipped test The reported issue was referring to an issue with a TSVB chart that was trying to load a missing data view. If not explicitly configured in the configuration, TSVB can load the default data view configured in the Advanced Settings. There is no mention of the missing dataview ID in the the dashboard nor in the TSVB panel configuration. The TSVB configuration uses at this point the default index coming from the Advanced Settings, so that ID seems to be configured as the default ID but there is no loaded dataview with that name. The data view ID appearing in the error was referencing the ecommerce dashboard, that was not used and not loaded in this test (all charts refers to the logs* data view).  I believe this issues was caused by other tests in the same suite/config that configured the `defaultIndex` setting without unsetting it.
…#215771) - Follow up for elastic#213739 ## Summary This PR fixes an edge case in calculating whether to show the scroll buttons for the tabs or not. It was because of not handling float values correctly. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
## Summary Addresses elastic#53575
…s privileges (elastic#215329) ## Summary * Add privileges check to the entity store init API * Refactor privileges check code to be reusable * Move privilege check code to the entity store API client ### How to test it? * Create a new instance with security solution data * Create a new user with all cluster and kibana credentials but no index privileges. * Login with the unprivileged and call the init API * It should return a long error msg with all required index patterns. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
## Summary Closes elastic#204082 Whilst the aforementioned issue has seen quite a number of failed tests instances, it's worth pointing out that for most of those instances on second attempt the test usually passes. Running this particular test suite locally succeeds, for sanity sake, I also ran the same test suite unskipped through the flaky test run for a 100 passes with success in all instances. FYI; The test in the referenced issue checks that the on boarding tour doesn't show after it's been acknowleged. <!-- ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) ### Identify risks Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ... --> --------- Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
## Summary This PR fixes the incomplete cleanup of the dataset quality field limit test suite which caused the suite to fail on retry. ### Details When this test suite ran a second time against the same project, it failed with ``` Error: expected '50' to equal '1000' ``` It turned out that the component template that was created as part of this test suite was not cleaned up. So it already existed when running the suite a second time which changed the behavior and caused the test failure.
Update minimum package spec version to 2.3. This effectively removes availability of some problematic packages with lower format versions in 9.x, when using the default configuration. Serverless already uses a minimum spec version of 3.0. This affects a small set of packages from the integrations repository, for which there are resolution plans.
## Summary Closes elastic#206244 Install custom assets on the remote cluster To test locally: - enable feature flag `enableSyncIntegrationsOnRemote` - Create ccr index with some custom ingest pipelines and component templates ``` PUT fleet-synced-integrations-ccr-remote1/_doc/fleet-synced-integrations { "id": "fleet-synced-integrations", "remote_es_hosts": [ { "name": "Preconfiged remote output", "hosts": [ "http://192.168.64.1:9200" ], "sync_integrations": true } ], "integrations": [ { "package_name": "elastic_agent", "package_version": "2.2.0", "updated_at": "2025-03-24T09:36:12.127Z" }, { "package_name": "endpoint", "package_version": "9.0.0", "updated_at": "2025-03-24T09:35:58.257Z" }, { "package_name": "fleet_server", "package_version": "1.6.0", "updated_at": "2025-03-24T09:29:04.081Z" }, { "package_name": "system", "package_version": "1.67.3", "updated_at": "2025-03-24T09:36:11.981Z" } ], "custom_assets": { "component_template:logs-system.auth@custom": { "type": "component_template", "name": "logs-system.auth@custom", "package_name": "system", "package_version": "1.67.3", "is_deleted": false, "template": { "mappings": { "properties": { "field1": { "type": "text" } } } } }, "ingest_pipeline:logs-system.auth@custom": { "type": "ingest_pipeline", "name": "logs-system.auth@custom", "package_name": "system", "package_version": "1.67.3", "is_deleted": false, "pipeline": { "processors": [ { "set": { "field": "test_field", "value": "value" } } ] } } } } ``` - Wait 5m for the sync task to run - Verify that the custom assets are created <img width="1772" alt="image" src="https://github.com/user-attachments/assets/8d51e725-5646-4c21-b96d-bc0cbf9c2910" /> <img width="1772" alt="image" src="https://github.com/user-attachments/assets/9346c819-a926-4e0a-a1fe-3172a59b7b59" /> ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
Miscellaneous docs clean up including: * [x] Removing unused substitutions * [x] Moving images per elastic/docs-builder#774 * [x] ~~Clean up redirecting links~~ * [x] ~~Clean up asciidoc-style links~~
… use APM indexes to request transaction information (elastic#215454) ## Summary Closes elastic#213112 The matching rules for span and transaction document profiles are being updated. - A check has been added to ensure the root profile is Observability (linked to the Observability solution view) instead of relying on whether APM is enabled. This change aligns with the [traces data source profile](https://github.com/elastic/kibana/blob/main/src/platform/plugins/shared/discover/public/context_awareness/profile_providers/observability/traces_data_source_profile/profile.ts) for consistency. Another update is the use of the same APM indexes to request the transaction name, enriching the span overview tab.   ## How to test - Make sure the document profiles are enabled in the `kibana.yml` file ``` discover.experimental.enabledProfiles: - observability-traces-transaction-document-profile - observability-traces-span-document-profile ``` - Use a space with Observability as solution view - Go to Discover and create a data view containing any of the APM index patterns related to traces. (I could be `traces-*`) - Open the flyout for a span or a transaction document
This PR closes issue elastic#209188. If the frequency is set to seconds, when setting it back to minutes the time unit is correctly changed. https://github.com/user-attachments/assets/1a65b130-9740-41f1-94dc-f97cf887ff1a --------- Co-authored-by: Shahzad <shahzad31comp@gmail.com>
…c#213822) ## Summary - Collect information about index_failed stats: Adds two new fields, `index_failed_due_to_version_conflict` and `index_failed` to the existent [TELEMETRY_INDEX_STATS_EVENT](https://github.com/elastic/kibana/blob/933564d713c3f6c090702cdca97a76073d437419/x-pack/solutions/security/plugins/security_solution/server/lib/telemetry/event_based/events.ts#L325) EBT event. - Since the `docs_count`, `docs_deleted` and `docs_total_size_in_bytes` represent the totals (i.e., primaries and replicas), add the counterpart `_primaries` fields to collect values from primaries to the existent [TELEMETRY_INDEX_STATS_EVENT](https://github.com/elastic/kibana/blob/933564d713c3f6c090702cdca97a76073d437419/x-pack/solutions/security/plugins/security_solution/server/lib/telemetry/event_based/events.ts#L325) EBT event - Add a new `IndexSettings` ebt event with the following information ```js export interface IndicesSettings { items: IndexSettings[]; } export interface IndexSettings { index_name: string; default_pipeline?: string; final_pipeline?: string; } ``` ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed --------- Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
…gine folder (elastic#215085) ## Summary This PR is - at its core - only moving a handful of files around. A lot of of these files lived under the `detections` folder, but were almost exclusively used in files under the `detection_engine` folder. This is why the PR seems so huge. Almost everything modified here is only files imports... Here are the few files that were actually moved around: 1. The files `detection_engine.tsx`, `detection_engine_no_index.tsx`, `detection_engine_user_unauthenticated.tsx` (and their respective test files) have been moved from `security_solution/public/detections/pages/detection_engine` to `security_solution/public/detections/pages/alerts`. I thought about renaming them as well, but felt like there was already enough changes. Renaming will be done in a follow up PR. 2. The content of the `security_solution/public/detections/pages/detection_engine/rules` folder was moved to `security_solution/public/detection_engine/common` as almost the entire folder content is only used within the `security_solution/public/detection_engine` folder. #### Notes _If there is a better folder for the files moved to the `detection_engine/common` folder, feel free to suggest. I'll be happy to make the change!_ The CODEOWNERS file has been updated and simplified accordingly. Only imports should have been modified. No code, logic or UI changes! --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
closes elastic/observability-dev#4411 ## Summary According to https://docs.elastic.dev/kibana-dev-docs/services/logging#log-level - audit log level and update it wherever possible - merge error logs into one for better analysis - log only server errors for HTTP requests ### Checklist
## Summary According to: https://buildkite.com/elastic/kibana-on-merge/builds/65027#0195ca29-b10a-4e20-b00f-c4fbe43689fa ``` Annotate test failures error Request failed with status code 404 AxiosError: Request failed with status code 404 -- | at settle (/opt/buildkite-agent/builds/bk-agent-prod-gcp-1742853500882456889/elastic/kibana-on-merge/kibana/.buildkite/node_modules/axios/lib/core/settle.js:19:12) ... | at async /opt/buildkite-agent/builds/bk-agent-prod-gcp-1742853500882456889/elastic/kibana-on-merge/kibana/.buildkite/scripts/lifecycle/annotate_test_failures.ts:14:5 | HTTP Error 404/Not Found (https://api.buildkite.com/v2/organizations/elastic/pipelines/kibana-on-merge/builds/65027/artifacts?page=2&per_page=100) { message: 'Not Found' } ``` This points to the client collecting all artifacts through traversing the `next` links from Buildkite's API responses. It appears, Axios is not happy about these absolute paths, even if the origin is the same. This PR adjusts the next link parsing to relativize compared to a base url.
…lastic#215544) ## Summary This PR adds the "manage_ingest_pipeline" cluster privilege to RISK_ENGINE_REQUIRED_ES_CLUSTER_PRIVILEGES. The Entity Analytics Enablement modal now displays a warning when the user lacks this privilege and prevents Risk Engine installation, as required. ### Screenshots #### Enablement Modal (installing/enabling)  #### Risk Management Page 
## Summary Cleanups the metrics functionality as now it follows the same syntax with FROM ### Checklist - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
## Summary
This PR adds the SiemSearchBar to the alert summary page. The search bar
is pretty basic: it hides the query menu and the filter buttons to the
left of the query input. Instead, the PR builds a new filter button.
That button lists all the sources available. Sources are basically
equivalent to integrations, or their corresponding rules. It is a
friendly UI name to abstract the concept or a rule.
In the AI for SOC effort, each integration is bundled with a single
rule. This means that deselecting a source from the Source filter button
is equivalent to adding a filter to the search bar to exclude all alerts
with the `kibana.alert.rule.name` property having the value of that
integration.
### Example:
There are following 2 integrations installed:
```typescript
[
{
id: 'splunk',
name: 'splunk',
status: installationStatuses.Installed,
title: 'Splunk',
version: '',
},
{
id: 'google_secops',
name: 'google_secops',
status: installationStatuses.Installed,
title: 'Google SecOps',
version: '',
},
]
```
This means that - in theory - there are the following 2 rules installed
and running:
```typescript
[
{
related_integrations: [{ package: 'splunk' }],
name: 'Splunk Rule',
},
{
related_integrations: [{ package: 'google_secops' }],
name: 'Google SecOps Rule',
},
]
```
In this case, the `Sources` button would show 2 entries, as follow:
```typescript
[
{
checked: 'on',
key: 'Splunk Rule',
label: 'Splunk',
},
{
checked: 'on',
key: 'Google SecOps Rule',
label: 'Splunk',
},
]
```
By default, the `checked` property should be set to `on`. It would be
`off` if a filter for the corresponding `label` existed.
https://github.com/user-attachments/assets/059815d2-9181-4bf1-bd78-e0e5bfa7439d
https://github.com/user-attachments/assets/126606c7-b4e0-4d0b-82c1-b531c6490de3
## How to test
This needs to be ran in Serverless:
- `yarn es serverless --projectType security`
- `yarn serverless-security --no-base-path`
You also need to enable the AI for SOC tier, by adding the following to
your `serverless.security.dev.yaml` file:
```
xpack.securitySolutionServerless.productTypes:
[
{ product_line: 'ai_soc', product_tier: 'search_ai_lake' },
]
```
And this to generate data: `yarn test:generate:serverless-dev`
Use one of these Serverless users:
- `platform_engineer`
- `endpoint_operations_analyst`
- `endpoint_policy_manager`
- `admin`
- `system_indices_superuser`
### Notes
You'll need to either have some AI for SOC integrations installed, or
more easily you can:
- change the `alert_summary.tsx` line `38` from `if
(installedPackages.length === 0) {` to `if (installedPackages.length >
0) {` to force the wrapper component to render
- update `42` of the same `alert_summary.tsx` file from `return <Wrapper
packages={installedPackages} />;` to `return <Wrapper
packages={availablePackages} />;` to be able to see some packages
- comment out line the if condition line `66` of `use_integrations.ts`
file to make sure that values are added even if there is no
`matchingRule`
- replace `const ruleName = changedOption.key;` with `const ruleName =
changedOption.label;` on line `78` of the
`integrations_filter_button.tsx` file
### Checklist
- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
### Links
Ticket elastic/security-team#11956
Mocks
https://www.figma.com/design/DYs7j4GQdAhg7aWTLI4R69/AI4DSOC?node-id=3284-70999&m=dev
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
…dynamically (elastic#216063) ## Summary The Risk Summary in the Entity Flyout was displaying an incorrect risk score due to the space name not being accounted for in the risk score index query. This update ensures that the namespace is properly considered while querying the risk score, providing accurate results across different spaces. Screen recording : https://github.com/user-attachments/assets/91df526c-1c22-4d53-aa0c-d74abb54920a Testing Steps : 1. Navigate to Entity Risk Score page. 2. Add data in the `default` space 3. Check for Risk score in the Risk Summary for any of the entities in the Entity Flyout. 4. The Risk score in the Entities table and the flyout should be same 5. Create a new space 6. Add data in the new space 7. Check for Risk score in the Risk Summary for any of the entities in the Entity Flyout. 8. The Risk score in the Entities table and the flyout should be same ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
## Summary This PR is a part of SCSS migration of SharedUX team code. Here is a [meta](elastic/kibana-team#1417) issue for it. Co-authored-by: Tim Sullivan <tsullivan@users.noreply.github.com>
Closes elastic#115314 ## Summary These tests are not relevant anymore ([comment](elastic#115314 (comment)))
elastic#216145) ## Summary Closes elastic#202328 The test itself wasn't failing but the setup was. The test failing does so because it's the first one in the test suite. We are trying to click on the flyout save button twice one right after the other. What I think is happening is that the first one manages to close the flyout before the second click gets the chance to trigger. Also the image in CI is this where we can see the flyout is closed already but it's still trying to close it 
…rials project breadcrumbs (elastic#216176) ## Summary 1. Fixes elastic#214804 In classic nav when breadcrumb href points to another app there was a full page reload. One example from elastic#214804 is navigation from APM tutorial page (home app) to integrations page (fleet) was causing a page reload. This was only an issue for classic nav. 2. While testing, I noticed that APM tutorial page was missing breadcrumbs in project nav. This is now fixed by setting project breadcrumbs 
Fixes elastic#212851 ## Summary This PR fixes the autocomplete insert text, which was incorrectly always adding a template due to the changes made in elastic#210187. This PR reverts most of these changes and instead fixes elastic#208862 by fixing the value of `context.addTemplate`. It also adds unit tests for the `getInsertText` function. Requests to test: **Test 1:** ``` GET index/_search {"query": {te}} ``` should autocomplete to ```GET index/_search { "query": { "term": { "FIELD": { "value": "VALUE" } } } } ``` Same for the request below: ``` GET index/_search { "query": { te } ``` **Test 2:** In the following request, deleting `AGG_TYPE` and replacing it with `terms` is correctly autocompleted: ``` GET /_search { "aggs": { "NAME": { "AGG_TYPE": {} } } } ``` autocomplete to: ``` GET /_search { "aggs": { "NAME": { "terms": {} } } } ``` **Test 3:** Insert the following request ``` GET /_search { "query": { "match_all": {} } } ``` Put the cursor at the end of the `match_all` field (right before the closing quote) and then delete a few of the last characters. Retype one character in order to get the suggestions popup displayed. Then press Enter to add a suggestion. Verify that the suggestion is added with no extra quote in the beginning. --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
elastic#216270) ## Summary Attempts to fix the flakyness of elastic#203179 by waiting for the mocked request to complete instead of the text finder to timeout. Timing analysis shows a reduction from `~4000ms` down to just `~70ms` of wait time for the final assertion. ## References Closes elastic#203179
Normalizes padding to align with design: More padding above the title: <img width="390" alt="Screenshot 2025-03-28 at 12 03 35" src="https://github.com/user-attachments/assets/145d9f58-b65f-4774-b4a7-0af9bdc2ad8b" /> Unsure - should this apply to listing page as well? <img width="422" alt="Screenshot 2025-03-28 at 12 05 45" src="https://github.com/user-attachments/assets/c095f617-6e48-49c0-b8cf-18e6e0b954ff" /> Same paddings between all the panels: <img width="1161" alt="Screenshot 2025-03-28 at 12 06 13" src="https://github.com/user-attachments/assets/1447bb5f-cd34-4876-923a-fb796e41cca5" /> Same padding above and below sub tab group in management: <img width="522" alt="Screenshot 2025-03-28 at 12 06 34" src="https://github.com/user-attachments/assets/c0c94cad-82c6-4e59-b10b-d10c6cda6898" />
…#216275) Closes elastic#214088 This fixes the issue when Apple logo was not visible when Kibana uses dark color scheme. | Light | Dark | | --- | --- | |  |  |
…elastic#216233) ## Summary Adding a docs link to the transforms callout on the add integration screen. Link points to: https://www.elastic.co/guide/en/elasticsearch/reference/current/transform-overview.html ## Screenshots <img width="784" alt="Screenshot 2025-03-27 at 4 57 50 PM" src="https://github.com/user-attachments/assets/bf9fa32c-5ca5-4d89-9296-4d05d742152e" /> Singular text with link: <img width="715" alt="Screenshot 2025-03-27 at 4 57 56 PM" src="https://github.com/user-attachments/assets/c0247b66-2f3f-4a20-a8a4-8ca61ce9fa88" /> Plural text with link: <img width="723" alt="Screenshot 2025-03-27 at 4 58 44 PM" src="https://github.com/user-attachments/assets/e2a81b82-7df1-4929-a73e-0ee7bd7b6f35" /> Href: <img width="1178" alt="Screenshot 2025-03-27 at 4 58 11 PM" src="https://github.com/user-attachments/assets/cb5988af-59d9-4be7-ab61-f4cc15d08528" /> --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
…gins - PR3 (elastic#212498) - Enabled @typescript-eslint/consistent-type-imports eslint rule for ResponseOps packages and plugins: - this rule ensures that imports used only for type declarations are consistently written using import type syntax - fixed type imports in: - x-pack/platform/plugins/shared/event_log - x-pack/platform/plugins/shared/rule_registry - x-pack/platform/plugins/shared/task_manager - x-pack/solutions/observability/packages/kbn-alerts-grouping - src/platform/packages/shared/kbn-alerts-ui-shared - src/platform/packages/shared/kbn-alerting-types - src/platform/packages/shared/kbn-cases-components - src/platform/packages/shared/kbn-actions-types - src/platform/packages/shared/kbn-alerts-as-data-utils - src/platform/packages/shared/kbn-grouping - src/platform/packages/shared/kbn-rrule - src/platform/packages/shared/kbn-rule-data-utils - src/platform/packages/shared/kbn-triggers-actions-ui-types - x-pack/platform/packages/shared/kbn-alerting-comparators --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
closes elastic#179525 Before: <img width="1348" alt="Screenshot 2025-03-27 at 16 50 34" src="https://github.com/user-attachments/assets/4812c283-571b-48a6-be45-d352ff7e1e75" /> After: <img width="1313" alt="Screenshot 2025-03-27 at 16 49 57" src="https://github.com/user-attachments/assets/baa41183-6d97-4f46-98b4-012ef2b489f4" />
…options through security rule wrapper instead (elastic#216039) ## Summary Another small refactor follow up to elastic#212694. Overall, the goal here is to increase consistency in how security rule executors receive common parameters. `CreateRuleOptions` contained parameters that were passed in to every security rule type and sometimes used in the `executor` - bypassing the executor function's parameters. With this PR, params that are used across multiple security rule type executors like `licensing`, `experimentalFeatures`, `scheduleNotificationResponseActionsService`, etc are all passed through the executor options from the shared security rule type wrapper. --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary Part of elastic#207852 for inspector. --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary Upgrade `vega` from `5.31.0` to `5.33.0`: * https://github.com/vega/vega/releases/tag/v5.32.0 * https://github.com/vega/vega/releases/tag/v5.33.0
…job (elastic#216260) This PR fixes a bug where the test would run at midnight and due to the odd timing, the index which gets created is asserted for a different date than expected. With this fix, we don't check the complete index name now by replacing the date assertion part with startWith and endsWith assertions.
## Summary While documenting some Lens architecture I've noticed how chunks are organized in Lens, so I've taken a quick spin to reduce the amount of requests to load a dashboard panel and more in general the number of async chunks produced by webpack. This PR aims to do 2 things: * optimize the number of chunks generated by webpack * optimize the number of requests done to load a Lens embedable panel * optimize any `await` flow to do **other things ™️ ** while in idle to load ### Final results #### Reduce the number of chunks The final number of chunks got reduced from 24 to 15. The bundle size has remained almost the same. | Before | After | | ------------- | ------------- | | <img width="1443" alt="Screenshot 2025-03-10 at 12 53 21" src="https://github.com/user-attachments/assets/65030955-7b7c-493c-9559-fbb9ef9089d4" /> | <img width="1101" alt="Screenshot 2025-03-10 at 12 51 53" src="https://github.com/user-attachments/assets/99b9b78d-931a-40ed-bda6-820584c1337e" /> | There's still some improvement margin here, but the changes mainly includes he followings: * the embeddable is now bundled together with the `async_services` bundle * as both are required to render the panel in a dashboard, this change should speed up a bit the dashboard use case vs the Lens editor one * Expression implementations has been deferred into their separate bundles * this should reduce a bit the initial `plugin.js` bundle by few kb * most of the times the bundled expressions are used together, so it makes sense to bundle those 3/4 together rather than have 4 tiny bundles to async load and prevent waterfall `async import` calls which led to poor performance * Defer a component in the `@kbn/unified-field-list` component * this was making load some edit component within the `async_services` bundle even in dashboard. * because this is a component only required in Lens editor, this has been deferred * Async register actions as recommended by @nreese #### Reduce the number of requests The final number of chunks requested to load a lens panel on a dashboard went from 12 to 4. The overall bundle size has remained almost the same, but the distributions of weights have slightly changed. Surprisingly there's 1 MB which is gone somewhere, but that doesn't seem to have an actual impact on the overall loading experience yet. | Before | After | | ------------- | ------------- | | <img width="1445" alt="Screenshot 2025-03-10 at 12 58 08" src="https://github.com/user-attachments/assets/faab091b-305d-43ad-8be2-2f3bb83913a3" /> | <img width="1110" alt="Screenshot 2025-03-10 at 12 58 32" src="https://github.com/user-attachments/assets/f88ac9f5-80a6-42d3-8e3b-3013df05cb8b" /> | #### Optimize any `await` call Well, this is hard to test. So I have no direct proof at the moment. 🤷 cc @thomasneirynck --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary If fixes elastic#213003 by adding a stale alert insight to the alert details page ### The heuristics to show the stale alert callout are: 1. The alert has been active for more than 5 days <del> 2. The alert has no cases associated with it</d> <del> 3. The rule is snoozed with no notifications</d> ### Callout stale alert - First Iteration Preview <img width="1193" alt="Screenshot 2025-03-28 at 13 11 21" src="https://github.com/user-attachments/assets/638e4926-483b-4728-8580-50ea8872a075" /> https://github.com/user-attachments/assets/55717eff-27e9-43a3-95c7-7d41b74f1ff8 ---------
…reams (elastic#215126) <img width="486" alt="Screenshot 2025-03-19 at 11 39 47" src="https://github.com/user-attachments/assets/77f4fda2-89a5-4250-a944-699eb2bf8957" /> If streams is enabled and the data stream is not hidden, a promotional component is shown in the flyout that tells people to go there. --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
…evel (elastic#213916) ## Summary Closes elastic#209731 This PR is based on the change made here elastic/elasticsearch#122459 The main difference is that: - Functions and fields should now be added as ?? (instead of ?) - The payload to ES is the same regardless if you send a value or a field/function In order to accommodate this the following changes were made: - Now the variable name in the control form displays the ? or ?? (it didnt display them before) <img width="428" alt="image" src="https://github.com/user-attachments/assets/1381ba4a-591c-47f2-af93-30d54fe7a639" /> - The previous created charts with the old format are bwc (this means that they should load correctly when you checkout in this PR (a helper function has been created to ensure it)  ### Release notes Now the fields / functions variables are being described with ?? in the query. The values variables use ? as before. ### Checklist - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
## Summary resolves elastic#196851 resolves elastic#195830 resolves elastic#194510
## Summary Closes elastic#209173 Disable Unenroll agent action on agentless agents <img width="1124" alt="image" src="https://github.com/user-attachments/assets/6603bac5-b0b1-4a20-8b16-f121bd69e969" /> <img width="1126" alt="image" src="https://github.com/user-attachments/assets/e41bca5b-f73d-44bc-b095-9970a25f6322" />
Related to elastic/docs-content#914 Removes reliance on temporary redirects in the docs-content repo. @florent-leborgne can you help me with backport labels? I always get mixed up across repos.
davismcphee
pushed a commit
that referenced
this pull request
May 26, 2026
## Summary Set `connect.timeout = 60s` on the undici `Agent` used by `KbnClientRequester` (https path only). ## Why elastic#268531 migrated `KbnClient` from axios to native fetch but did not override undici's 10s `connect.timeout` default. Axios had no equivalent cutoff, so FTR callers talking to a busy local Kibana started failing once that PR landed. The `kibana-streams-performance` weekly pipeline went red in builds #9, #11, #12, and #13 with: ``` ConnectTimeoutError: Connect Timeout Error (attempted address: localhost:5620, timeout: 10000ms) ``` The `10000ms` is undici's default. Bisect: build #8 last green (2026-05-11) → #9 first red (2026-05-18), with elastic#268531 in the window. ## What changed `src/platform/packages/shared/kbn-kbn-client/src/kbn_client/kbn_client_requester.ts`: one constant, one option on the https `Agent`. http branch unchanged. ## Related Regression introduced in elastic#268531. Companion streams perf PR: elastic#270636. ## Validation https://buildkite.com/elastic/kibana-streams-performance/builds/14
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
WIP.