Skip to content

Commit

Permalink
Merge branch 'master' into kertal-pr-2020-04-20-migrate_sample-data-t…
Browse files Browse the repository at this point in the history
…elemetry
  • Loading branch information
elasticmachine authored Apr 22, 2020
2 parents e318057 + 5e2dbda commit 032959e
Show file tree
Hide file tree
Showing 973 changed files with 14,102 additions and 7,284 deletions.
1 change: 1 addition & 0 deletions .github/CODEOWNERS
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
/src/legacy/core_plugins/kibana/public/dev_tools/ @elastic/kibana-app
/src/legacy/core_plugins/vis_type_vislib/ @elastic/kibana-app
/src/plugins/vis_type_xy/ @elastic/kibana-app
/src/plugins/vis_type_table/ @elastic/kibana-app
/src/plugins/kibana_legacy/ @elastic/kibana-app
/src/plugins/vis_type_timelion/ @elastic/kibana-app
/src/plugins/dashboard/ @elastic/kibana-app
Expand Down
2 changes: 1 addition & 1 deletion .i18nrc.json
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@
"visDefaultEditor": "src/plugins/vis_default_editor",
"visTypeMarkdown": "src/plugins/vis_type_markdown",
"visTypeMetric": "src/plugins/vis_type_metric",
"visTypeTable": "src/legacy/core_plugins/vis_type_table",
"visTypeTable": "src/plugins/vis_type_table",
"visTypeTagCloud": "src/legacy/core_plugins/vis_type_tagcloud",
"visTypeTimeseries": ["src/legacy/core_plugins/vis_type_timeseries", "src/plugins/vis_type_timeseries"],
"visTypeVega": "src/legacy/core_plugins/vis_type_vega",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@

```typescript
actions: {
createFiltersFromEvent: typeof createFiltersFromEvent;
createFiltersFromValueClickAction: typeof createFiltersFromValueClickAction;
createFiltersFromRangeSelectAction: typeof createFiltersFromRangeSelectAction;
};
```
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ export interface DataPublicPluginStart

| Property | Type | Description |
| --- | --- | --- |
| [actions](./kibana-plugin-plugins-data-public.datapublicpluginstart.actions.md) | <code>{</code><br/><code> createFiltersFromEvent: typeof createFiltersFromEvent;</code><br/><code> }</code> | |
| [actions](./kibana-plugin-plugins-data-public.datapublicpluginstart.actions.md) | <code>{</code><br/><code> createFiltersFromValueClickAction: typeof createFiltersFromValueClickAction;</code><br/><code> createFiltersFromRangeSelectAction: typeof createFiltersFromRangeSelectAction;</code><br/><code> }</code> | |
| [autocomplete](./kibana-plugin-plugins-data-public.datapublicpluginstart.autocomplete.md) | <code>AutocompleteStart</code> | |
| [fieldFormats](./kibana-plugin-plugins-data-public.datapublicpluginstart.fieldformats.md) | <code>FieldFormatsStart</code> | |
| [indexPatterns](./kibana-plugin-plugins-data-public.datapublicpluginstart.indexpatterns.md) | <code>IndexPatternsContract</code> | |
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
fieldFormats: {
FieldFormat: typeof FieldFormat;
FieldFormatsRegistry: typeof FieldFormatsRegistry;
serialize: (agg: import("./search").AggConfig) => import("../../expressions/common").SerializedFieldFormat<object>;
serialize: (agg: import("./search").AggConfig) => import("../../expressions").SerializedFieldFormat<object>;
DEFAULT_CONVERTER_COLOR: {
range: string;
regex: string;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
fieldFormats: {
FieldFormatsRegistry: typeof FieldFormatsRegistry;
FieldFormat: typeof FieldFormat;
serializeFieldFormat: (agg: import("../public/search").AggConfig) => import("../../expressions/common").SerializedFieldFormat<object>;
serializeFieldFormat: (agg: import("../public/search").AggConfig) => import("../../expressions").SerializedFieldFormat<object>;
BoolFormat: typeof BoolFormat;
BytesFormat: typeof BytesFormat;
ColorFormat: typeof ColorFormat;
Expand Down
Binary file added docs/images/clone_panel.gif
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added docs/images/vega_lite_default.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
2 changes: 2 additions & 0 deletions docs/management/advanced-options.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -217,6 +217,8 @@ might increase the search time. This setting is off by default. Users must opt-i
[horizontal]
`siem:defaultAnomalyScore`:: The threshold above which Machine Learning job anomalies are displayed in the SIEM app.
`siem:defaultIndex`:: A comma-delimited list of Elasticsearch indices from which the SIEM app collects events.
`siem:ipReputationLinks`:: A JSON array containing links for verifying the reputation of an IP address. The links are displayed on
{siem-guide}/siem-ui-overview.html#network-ui[IP detail] pages.
`siem:enableNewsFeed`:: Enables the security news feed on the SIEM *Overview*
page.
`siem:newsFeedUrl`:: The URL from which the security news feed content is
Expand Down
9 changes: 8 additions & 1 deletion docs/settings/ml-settings.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@
You do not need to configure any settings to use {kib} {ml-features}. They are
enabled by default.

[float]
[[general-ml-settings-kb]]
==== General {ml} settings

Expand All @@ -19,3 +18,11 @@ If set to `false` in `kibana.yml`, the {ml} icon is hidden in this {kib}
instance. If `xpack.ml.enabled` is set to `true` in `elasticsearch.yml`, however,
you can still use the {ml} APIs. To disable {ml} entirely, see the
{ref}/ml-settings.html[{es} {ml} settings].

[[data-visualizer-settings]]
==== {data-viz} settings

`xpack.ml.file_data_visualizer.max_file_size`::
Sets the file size limit when importing data in the {data-viz}. The default
value is `100MB`. The highest supported value for this setting is `1GB`.

3 changes: 2 additions & 1 deletion docs/setup/production.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -133,7 +133,8 @@ server.port
Settings that must be the same:
--------
xpack.security.encryptionKey //decrypting session cookies
xpack.reporting.encryptionKey //decrypting reports stored in Elasticsearch
xpack.reporting.encryptionKey //decrypting reports
xpack.encryptedSavedObjects.encryptionKey // decrypting saved objects
--------

Separate configuration files can be used from the command line by using the `-c` flag:
Expand Down
Binary file added docs/siem/images/cases-ui.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
18 changes: 17 additions & 1 deletion docs/siem/siem-ui.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ image::siem/images/network-ui.png[]

[float]
[[detections-ui]]
=== Detections (Beta)
=== Detections (beta)

The Detections feature automatically searches for threats and creates
signals when they are detected. Signal detection rules define the conditions
Expand All @@ -50,6 +50,22 @@ or the Detections API.
[role="screenshot"]
image::siem/images/detections-ui.png[]

[float]
[[cases-ui]]
=== Cases (beta)

Cases are used to open and track security issues directly in SIEM.
Cases list the original reporter and all users who contribute to a case
(`participants`). Case comments support Markdown syntax, and allow linking to
saved Timelines. Additionally, you can send cases to external systems from
within SIEM (currently ServiceNow).

For information about opening, updating, and closing cases, see
{siem-guide}/cases-overview.html[Cases] in the SIEM Guide.

[role="screenshot"]
image::siem/images/cases-ui.png[]

[float]
[[timelines-ui]]
=== Timeline
Expand Down
133 changes: 128 additions & 5 deletions docs/user/alerting/action-types/pagerduty.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -4,19 +4,142 @@

The PagerDuty action type uses the https://v2.developer.pagerduty.com/docs/events-api-v2[v2 Events API] to trigger, acknowledge, and resolve PagerDuty alerts.

* <<pagerduty-benefits, PagerDuty and Elastic integration benefits>>
* <<pagerduty-connector-configuration, Connector configuration>>
* <<pagerduty-action-configuration, Action configuration>>

[float]
[[pagerduty-benefits]]
=== PagerDuty + Elastic integration benefits

By integrating PagerDuty with alerts, you can:

* Route your alerts to the right PagerDuty responder within your team, based on your structure, escalation policies, and workflows.
* Automatically generate incidents of different types and severity based on each alert’s context.
* Tailor the incident data to match your needs by easily passing the alerting context from Kibana to PagerDuty.

[float]
[[pagerduty-how-it-works]]
==== How it works

{kib} allows you to create alerts to notify you of a significant move
in your dataset.
You can create alerts for all your Observability, Security, and Elastic Stack use cases.
Alerts will trigger a new incident on the corresponding PagerDuty service.

[float]
==== Requirements

In the `kibana.yml` configuration file, you must add the <<general-alert-action-settings, saved objects encryption setting>>.
This is required to encrypt parameters that must be secured, for example PagerDuty’s integration key.

If you have security enabled:

* You must have
application privileges to access Metrics, APM, Uptime, or SIEM.
* If you are using a self-managed deployment with security, you must have
Transport Security Layer (TLS) enabled for communication <<configuring-tls-kib-es, between Elasticsearch and Kibana>>.
Alerts uses API keys to secure background alert checks and actions,
and API keys require {ref}/configuring-tls.html#tls-http[TLS on the HTTP interface].

Although not a requirement, to harden the integrations security you might want to
review the <<action-settings, Actions settings>> that are available to you.

[float]
[[pagerduty-support]]
==== Support
If you need help with this integration, get in touch with the {kib} team by visiting
https://support.elastic.co[support.elastic.co] or by using the *Ask Elastic* option in the {kib} Help menu.
You can also select the {kib} category at https://discuss.elastic.co/[discuss.elastic.co].

[float]
[[pagerduty-integration-walkthrough]]
==== Integration with PagerDuty walkthrough

[float]
[[pagerduty-in-pagerduty]]
===== In PagerDuty

. From the *Configuration* menu, select *Services*.
. Add an integration to a service:
+
* If you are adding your integration to an existing service,
click the name of the service you want to add the integration to.
Then, select the *Integrations* tab and click the *New Integration* button.
* If you are creating a new service for your integration,
go to
https://support.pagerduty.com/docs/services-and-integrations#section-configuring-services-and-integrations[Configuring Services and Integrations]
and follow the steps outlined in the *Create a New Service* section, selecting *Elastic* as the *Integration Type* in step 4.
Continue with the <<pagerduty-in-elastic, In Elastic>> section once you have finished these steps.

. Enter an *Integration Name* in the format Elastic-service-name (for example, Elastic-Alerting or Kibana-APM-Alerting)
and select Elastic from the *Integration Type* menu.
. Click *Add Integration* to save your new integration.
+
You will be redirected to the *Integrations* tab for your service. An Integration Key is generated on this screen.
+
[role="screenshot"]
image::user/alerting/images/pagerduty-integration.png[PagerDuty Integrations tab]

. Save this key, as you will use it when you configure the integration with Elastic in the next section.

[float]
[[pagerduty-in-elastic]]
===== In Elastic

. Create a PagerDuty Connector in Kibana. You can:
+
* Create a connector as part of creating an alert by selecting PagerDuty in the *Actions*
section of the alert configuration and selecting *Add new*.
* Alternatively, create a connector by navigating to *Management* from the {kib} navbar and selecting
*Alerts and Actions*. Then, select the *Connectors* tab, click the *Create connector* button, and select the PagerDuty option.

. Configure the connector by giving it a name and optionally entering the API URL and Routing Key, or using the defaults.
+
See <<pagerduty-in-pagerduty, In PagerDuty>> for how to obtain the endpoint and key information from PagerDuty and
<<pagerduty-connector-configuration, Connector configuration>> for more details.

. Save the Connector.

. Create an alert using *Management > Alerts and Actions* or the application of your choice.

. Set up an action using your PagerDuty connector, by determining:
+
* The action’s type: Trigger, Resolve, or Acknowledge.
* The event’s severity: Info, warning, error, or critical.
* An array of different fields, including the timestamp, group, class, component, and your dedup key.
Depending on your custom needs, assign them variables from the alerting context.
To see the available context variables, click on the *Add alert variable* icon next
to each corresponding field. For more details on these parameters, see the
<<pagerduty-action-configuration, Actions Configuration>> and the PagerDuty
https://v2.developer.pagerduty.com/v2/docs/send-an-event-events-api-v2[API v2 documentation].


[float]
[[pagerduty-uninstall]]
==== How to uninstall
To remove a PagerDuty connector from an alert, simply remove it
from the *Actions* section of that alert, using the remove (x) icon.
This will disable the integration for the particular alert.

To delete the connector entirely, go to *Management > Alerts and Actions*.
Select the *Connectors* tab, and then click on the delete icon.
This is an irreversible action and impacts all alerts that use this connector.


[float]
[[pagerduty-connector-configuration]]
==== Connector configuration
=== Connector configuration

PagerDuty connectors have the following configuration properties:

Name:: The name of the connector. The name is used to identify a connector in the management UI connector listing, or in the connector list when configuring an action.
API URL:: An optional PagerDuty event URL. Defaults to `https://events.pagerduty.com/v2/enqueue`. If you are using the <<action-settings, `xpack.actions.whitelistedHosts`>> setting, make sure the hostname is whitelisted.
API URL:: An optional PagerDuty event URL. Defaults to `https://events.pagerduty.com/v2/enqueue`. If you are using the <<action-settings, `xpack.actions.whitelistedHosts`>> setting, make sure the hostname is whitelisted.
Routing Key:: A 32 character PagerDuty Integration Key for an integration on a service or on a global ruleset.

[float]
[[pagerduty-action-configuration]]
==== Action configuration
=== Action configuration

PagerDuty actions have the following properties:

Expand All @@ -26,8 +149,8 @@ Dedup Key:: All actions sharing this key will be associated with the same Pa
Timestamp:: An *optional* https://v2.developer.pagerduty.com/v2/docs/types#datetime[ISO-8601 format date-time], indicating the time the event was detected or generated.
Component:: An *optional* value indicating the component of the source machine that is responsible for the event, for example `mysql` or `eth0`.
Group:: An *optional* value indicating the logical grouping of components of a service, for example `app-stack`.
Source:: An *optional* value indicating the affected system, preferably a hostname or fully qualified domain name. Defaults to the {kib} saved object id of the action.
Source:: An *optional* value indicating the affected system, preferably a hostname or fully qualified domain name. Defaults to the {kib} saved object id of the action.
Summary:: An *optional* text summary of the event, defaults to `No summary provided`. The maximum length is 1024 characters.
Class:: An *optional* value indicating the class/type of the event, for example `ping failure` or `cpu load`.

For more details on these properties, see https://v2.developer.pagerduty.com/v2/docs/send-an-event-events-api-v2[PagerDuty v2 event parameters].
For more details on these properties, see https://v2.developer.pagerduty.com/v2/docs/send-an-event-events-api-v2[PagerDuty v2 event parameters].
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
18 changes: 18 additions & 0 deletions docs/user/dashboard.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,24 @@ to the new dimensions.
* To delete a panel, open the panel menu and select *Delete from dashboard.* Deleting a panel from a
dashboard does *not* delete the saved visualization or search.

[float]
[[cloning-a-panel]]
=== Clone dashboard elements

In *Edit* mode, you can clone any panel on a dashboard.

To clone an existing panel, open the panel menu of the element you wish to clone, then select *Clone panel*.

* Cloned panels appear beside the original, and will move other panels down to make room if necessary.

* Clones support all of the original panel's functionality, including renaming, editing, and cloning.

* All cloned visualizations will appear in the visualization list.

[role="screenshot"]
image:images/clone_panel.gif[clone panel]


[float]
[[viewing-detailed-information]]
=== Inspect and edit elements
Expand Down
Binary file modified docs/user/ml/images/ml-data-visualizer-sample.jpg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
22 changes: 11 additions & 11 deletions docs/user/ml/index.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -4,31 +4,31 @@

[partintro]
--
As datasets increase in size and complexity, the human effort required to
As data sets increase in size and complexity, the human effort required to
inspect dashboards or maintain rules for spotting infrastructure problems,
cyber attacks, or business issues becomes impractical. Elastic {ml-features}
such as {anomaly-detect} and {oldetection} make it easier to notice suspicious
activities with minimal human interference.

If you have a basic license, you can use the *Data Visualizer* to learn more
about your data. In particular, if your data is stored in {es} and contains a
time field, you can use the *Data Visualizer* to identify possible fields for
{anomaly-detect}:
{kib} includes a free *{data-viz}* to learn more about your data. In particular,
if your data is stored in {es} and contains a time field, you can use the
*{data-viz}* to identify possible fields for {anomaly-detect}:

[role="screenshot"]
image::user/ml/images/ml-data-visualizer-sample.jpg[Data Visualizer for sample flight data]
image::user/ml/images/ml-data-visualizer-sample.jpg[{data-viz} for sample flight data]

experimental[] You can also upload a CSV, NDJSON, or log file (up to 100 MB in
size). The *Data Visualizer* identifies the file format and field mappings. You
can then optionally import that data into an {es} index.
experimental[] You can also upload a CSV, NDJSON, or log file. The *{data-viz}*
identifies the file format and field mappings. You can then optionally import
that data into an {es} index. To change the default file size limit, see
<<data-visualizer-settings>>.

You need the following permissions to use the Data Visualizer with file upload:
You need the following permissions to use the {data-viz} with file upload:

* cluster privileges: `monitor`, `manage_ingest_pipelines`
* index privileges: `read`, `manage`, `index`

For more information, see {ref}/security-privileges.html[Security privileges]
and {ref}/built-in-roles.html[Built-in roles].
and {ml-docs}/setup.html[Set up {ml-features}].

--

Expand Down
Loading

0 comments on commit 032959e

Please sign in to comment.