From 06aa51602d02c36118a7a9e5fb51e84faaa0b7d8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Patryk=20Kopyci=C5=84ski?= <contact@patrykkopycinski.com>
Date: Mon, 25 Jul 2022 09:16:21 +0200
Subject: [PATCH 01/12] [Osquery] Run packs live (#132198)

---
 x-pack/plugins/osquery/common/constants.ts    |   2 +
 .../osquery/common/schemas/common/schemas.ts  |  43 ++
 .../create_action_request_body_schema.ts      |  24 -
 .../create_live_query_request_body_schema.ts  |  35 +
 .../routes/{action => live_query}/index.ts    |   2 +-
 .../common/search_strategy/common/index.ts    |   8 -
 .../search_strategy/osquery/actions/index.ts  |  58 +-
 .../search_strategy/osquery/agents/index.ts   |   4 +-
 .../common/search_strategy/osquery/index.ts   |   1 +
 .../search_strategy/osquery/results/index.ts  |   4 +-
 x-pack/plugins/osquery/common/types.ts        |  45 --
 .../common/utils/build_query/filters.ts       |  20 +-
 .../integration/all/add_integration.spec.ts   |   3 +-
 .../cypress/integration/all/alerts.spec.ts    |   4 +-
 .../integration/all/live_query.spec.ts        |  20 +
 .../cypress/integration/all/packs.spec.ts     |   2 +-
 .../integration/roles/alert_test.spec.ts      |   2 +-
 .../integration/roles/t1_analyst.spec.ts      |   3 +-
 .../integration/roles/t2_analyst.spec.ts      |   2 +-
 .../osquery/cypress/tasks/saved_queries.ts    |   2 +-
 x-pack/plugins/osquery/kibana.json            |   1 +
 .../action_results/action_agents_status.tsx   |  92 ---
 .../action_results/action_results_summary.tsx |   8 +-
 .../action_results/use_action_results.ts      |  29 +-
 .../osquery/public/actions/actions_table.tsx  |  73 +-
 .../public/actions/use_action_details.ts      |  70 --
 .../osquery/public/actions/use_all_actions.ts |   3 -
 .../public/actions/use_live_query_details.ts  |  81 ++
 .../public/agent_policies/use_agent_policy.ts |   4 +-
 .../osquery/public/agents/agents_table.tsx    |   8 +-
 .../osquery/public/agents/use_agent_groups.ts |  11 +-
 .../osquery/public/agents/use_all_agents.ts   |   5 +-
 .../public/assets/use_import_assets.ts        |  27 +-
 .../plugins/osquery/public/common/helpers.ts  |   1 -
 .../common/hooks/use_logs_data_view.tsx       |  31 +
 .../osquery/public/common/validations.ts      |  14 +-
 .../public/components/main_navigation.tsx     |   2 +-
 ...managed_policy_create_import_extension.tsx |   3 +-
 .../public/live_queries/form/index.tsx        | 369 ++++++---
 .../form/pack_queries_status_table.tsx        | 718 ++++++++++++++++++
 .../form/packs_combobox_field.tsx             | 160 ++++
 .../public/live_queries/form/schema.ts        |   7 +
 .../osquery/public/live_queries/index.tsx     |  47 +-
 .../use_create_live_query_action.tsx          |  67 ++
 .../public/packs/active_state_switch.tsx      |  19 +-
 .../osquery/public/packs/form/index.tsx       |  16 +-
 .../public/packs/form/queries_field.tsx       |  13 +-
 .../packs/pack_queries_status_table.tsx       | 164 ++--
 .../public/packs/pack_queries_table.tsx       |  30 +-
 .../osquery/public/packs/packs_table.tsx      |   7 +-
 .../public/packs/queries/query_flyout.tsx     |   4 +-
 .../packs/queries/use_pack_query_form.tsx     |  42 +-
 .../public/packs/queries/validations.ts       |  17 +-
 x-pack/plugins/osquery/public/packs/types.ts  |  25 +-
 .../osquery/public/packs/use_create_pack.ts   |   7 +-
 .../osquery/public/packs/use_delete_pack.ts   |   2 +-
 .../plugins/osquery/public/packs/use_pack.ts  |  21 +-
 .../public/packs/use_pack_query_errors.ts     |   3 +-
 .../packs/use_pack_query_last_results.ts      |  25 +-
 .../plugins/osquery/public/packs/use_packs.ts |  21 +-
 .../osquery/public/packs/use_update_pack.ts   |  26 +-
 .../osquery/public/results/results_table.tsx  |  39 +-
 .../osquery/public/results/use_all_results.ts |   4 +-
 .../routes/live_queries/details/index.tsx     |  37 +-
 .../public/routes/packs/details/index.tsx     |   9 +-
 .../public/routes/saved_queries/edit/form.tsx |   5 +-
 .../routes/saved_queries/edit/index.tsx       |  11 +-
 .../public/routes/saved_queries/edit/tabs.tsx |  59 +-
 .../routes/saved_queries/list/index.tsx       |  12 +-
 .../public/routes/saved_queries/new/form.tsx  |   5 +-
 .../public/routes/saved_queries/new/index.tsx |  11 +-
 .../form/use_saved_query_form.tsx             |  46 +-
 .../saved_queries/saved_queries_dropdown.tsx  |  25 +-
 .../saved_queries/saved_query_flyout.tsx      |   7 +-
 .../saved_queries/use_create_saved_query.ts   |  12 +-
 .../saved_queries/use_delete_saved_query.ts   |   2 +-
 .../public/saved_queries/use_saved_queries.ts |  20 +-
 .../public/saved_queries/use_saved_query.ts   |  16 +-
 .../saved_queries/use_update_saved_query.ts   |   6 +-
 .../use_is_osquery_available.ts               |  14 +-
 .../plugins/osquery/public/shared_imports.ts  |   1 +
 x-pack/plugins/osquery/server/common/types.ts |   4 +-
 .../osquery/server/create_data_views/index.ts |  19 +
 .../action_responses_mapping.ts               |  96 +++
 .../server/create_indices/actions_mapping.ts  | 115 +++
 .../create_transforms_indices.ts              |  67 ++
 .../action_responses_transform.ts             |  47 ++
 .../create_transforms.test.ts                 | 128 ++++
 .../create_transforms/create_transforms.ts    | 108 +++
 .../osquery/server/lib/parse_agent_groups.ts  |  15 +-
 .../osquery/server/lib/telemetry/constants.ts |   3 +-
 .../osquery/server/lib/telemetry/helpers.ts   |  40 +-
 .../osquery/server/lib/telemetry/receiver.ts  |  40 +-
 .../server/lib/telemetry/tasks/configs.ts     |  57 ++
 .../server/lib/telemetry/tasks/index.ts       |   7 +-
 x-pack/plugins/osquery/server/plugin.ts       |  63 +-
 .../routes/action/create_action_route.ts      | 123 ---
 .../osquery/server/routes/action/index.ts     |  14 -
 x-pack/plugins/osquery/server/routes/index.ts |  10 +-
 .../live_query/create_live_query_route.ts     | 199 +++++
 .../get_live_query_details_route.ts           | 133 ++++
 .../get_live_query_results_route.ts           | 115 +++
 .../osquery/server/routes/live_query/index.ts |  22 +
 .../osquery/server/routes/live_query/utils.ts |  88 +++
 .../server/routes/pack/create_pack_route.ts   |  14 +-
 .../server/routes/pack/delete_pack_route.ts   |   2 +-
 .../server/routes/pack/find_pack_route.ts     |  34 +-
 .../osquery/server/routes/pack/index.ts       |   4 +-
 .../server/routes/pack/read_pack_route.ts     |  18 +-
 .../server/routes/pack/update_pack_route.ts   |   4 +-
 .../osquery/server/routes/pack/utils.ts       |  13 +-
 .../saved_query/create_saved_query_route.ts   |  18 +-
 .../saved_query/delete_saved_query_route.ts   |   2 +-
 .../saved_query/find_saved_query_route.ts     |  29 +-
 .../saved_query/read_saved_query_route.ts     |   4 +-
 .../saved_query/update_saved_query_route.ts   |   4 +-
 .../routes/status/create_status_route.ts      |  33 +-
 .../osquery/factory/actions/all/index.ts      |   8 -
 .../actions/all/query.all_actions.dsl.ts      |   5 +-
 .../osquery/factory/actions/details/index.ts  |   5 +-
 .../details/query.action_details.dsl.ts       |   5 +-
 .../osquery/factory/actions/results/index.ts  |  16 +-
 .../results/query.action_results.dsl.ts       |   7 +-
 .../osquery/factory/agents/index.ts           |   8 -
 .../factory/agents/query.all_agents.dsl.ts    |   3 +-
 .../osquery/factory/results/index.ts          |   8 -
 .../server/search_strategy/osquery/index.ts   |  58 +-
 x-pack/plugins/osquery/server/types.ts        |   2 +
 .../plugins/osquery/server/usage/fetchers.ts  |  10 +-
 .../translations/translations/fr-FR.json      |   1 -
 .../translations/translations/ja-JP.json      |   1 -
 .../translations/translations/zh-CN.json      |   1 -
 .../api_integration/apis/osquery/packs.ts     |  16 +-
 133 files changed, 3531 insertions(+), 1213 deletions(-)
 delete mode 100644 x-pack/plugins/osquery/common/schemas/routes/action/create_action_request_body_schema.ts
 create mode 100644 x-pack/plugins/osquery/common/schemas/routes/live_query/create_live_query_request_body_schema.ts
 rename x-pack/plugins/osquery/common/schemas/routes/{action => live_query}/index.ts (81%)
 delete mode 100644 x-pack/plugins/osquery/public/action_results/action_agents_status.tsx
 delete mode 100644 x-pack/plugins/osquery/public/actions/use_action_details.ts
 create mode 100644 x-pack/plugins/osquery/public/actions/use_live_query_details.ts
 create mode 100644 x-pack/plugins/osquery/public/common/hooks/use_logs_data_view.tsx
 create mode 100644 x-pack/plugins/osquery/public/live_queries/form/pack_queries_status_table.tsx
 create mode 100644 x-pack/plugins/osquery/public/live_queries/form/packs_combobox_field.tsx
 create mode 100644 x-pack/plugins/osquery/public/live_queries/use_create_live_query_action.tsx
 create mode 100644 x-pack/plugins/osquery/server/create_data_views/index.ts
 create mode 100644 x-pack/plugins/osquery/server/create_indices/action_responses_mapping.ts
 create mode 100644 x-pack/plugins/osquery/server/create_indices/actions_mapping.ts
 create mode 100644 x-pack/plugins/osquery/server/create_indices/create_transforms_indices.ts
 create mode 100644 x-pack/plugins/osquery/server/create_transforms/action_responses_transform.ts
 create mode 100644 x-pack/plugins/osquery/server/create_transforms/create_transforms.test.ts
 create mode 100644 x-pack/plugins/osquery/server/create_transforms/create_transforms.ts
 create mode 100644 x-pack/plugins/osquery/server/lib/telemetry/tasks/configs.ts
 delete mode 100644 x-pack/plugins/osquery/server/routes/action/create_action_route.ts
 delete mode 100644 x-pack/plugins/osquery/server/routes/action/index.ts
 create mode 100644 x-pack/plugins/osquery/server/routes/live_query/create_live_query_route.ts
 create mode 100644 x-pack/plugins/osquery/server/routes/live_query/get_live_query_details_route.ts
 create mode 100644 x-pack/plugins/osquery/server/routes/live_query/get_live_query_results_route.ts
 create mode 100644 x-pack/plugins/osquery/server/routes/live_query/index.ts
 create mode 100644 x-pack/plugins/osquery/server/routes/live_query/utils.ts

diff --git a/x-pack/plugins/osquery/common/constants.ts b/x-pack/plugins/osquery/common/constants.ts
index 5354332fd89f8..4d6be1f3f2ae8 100644
--- a/x-pack/plugins/osquery/common/constants.ts
+++ b/x-pack/plugins/osquery/common/constants.ts
@@ -9,3 +9,5 @@ export const DEFAULT_MAX_TABLE_QUERY_SIZE = 10000;
 export const DEFAULT_DARK_MODE = 'theme:darkMode';
 export const OSQUERY_INTEGRATION_NAME = 'osquery_manager';
 export const BASE_PATH = '/app/osquery';
+export const ACTIONS_INDEX = `.logs-${OSQUERY_INTEGRATION_NAME}.actions`;
+export const ACTION_RESPONSES_INDEX = `.logs-${OSQUERY_INTEGRATION_NAME}.action.responses`;
diff --git a/x-pack/plugins/osquery/common/schemas/common/schemas.ts b/x-pack/plugins/osquery/common/schemas/common/schemas.ts
index 24eaa11a7bf84..fda6e2cec8b50 100644
--- a/x-pack/plugins/osquery/common/schemas/common/schemas.ts
+++ b/x-pack/plugins/osquery/common/schemas/common/schemas.ts
@@ -53,6 +53,20 @@ export type SavedQueryId = t.TypeOf<typeof savedQueryId>;
 export const savedQueryIdOrUndefined = t.union([savedQueryId, t.undefined]);
 export type SavedQueryIdOrUndefined = t.TypeOf<typeof savedQueryIdOrUndefined>;
 
+export const packId = t.string;
+export type PackId = t.TypeOf<typeof packId>;
+export const packIdOrUndefined = t.union([packId, t.undefined]);
+export type PackIdOrUndefined = t.TypeOf<typeof packIdOrUndefined>;
+
+export const executionContext = t.type({
+  name: t.union([t.string, t.undefined]),
+  url: t.union([t.string, t.undefined]),
+});
+
+export type ExecutionContext = t.TypeOf<typeof executionContext>;
+export const executionContextOrUndefined = t.union([executionContext, t.undefined]);
+export type ExecutionContextOrUndefined = t.TypeOf<typeof executionContextOrUndefined>;
+
 export const ecsMapping = t.record(
   t.string,
   t.partial({
@@ -63,3 +77,32 @@ export const ecsMapping = t.record(
 export type ECSMapping = t.TypeOf<typeof ecsMapping>;
 export const ecsMappingOrUndefined = t.union([ecsMapping, t.undefined]);
 export type ECSMappingOrUndefined = t.TypeOf<typeof ecsMappingOrUndefined>;
+
+export const stringArrayOrUndefined = t.union([t.array(t.string), t.undefined]);
+export type StringArrayOrUndefined = t.TypeOf<typeof stringArrayOrUndefined>;
+
+export const arrayQueries = t.array(
+  t.type({
+    id,
+    query,
+    ecsMapping,
+    version,
+    platform,
+  })
+);
+export type ArrayQueries = t.TypeOf<typeof arrayQueries>;
+export const objectQueries = t.record(
+  t.string,
+  t.type({
+    query,
+    ecsMapping: ecsMappingOrUndefined,
+    version: versionOrUndefined,
+    platform: platformOrUndefined,
+    saved_query_id: savedQueryIdOrUndefined,
+  })
+);
+export type ObjectQueries = t.TypeOf<typeof objectQueries>;
+export const queries = t.union([arrayQueries, objectQueries]);
+export type Queries = t.TypeOf<typeof queries>;
+export const queriesOrUndefined = t.union([queries, t.undefined]);
+export type QueriesOrUndefined = t.TypeOf<typeof queriesOrUndefined>;
diff --git a/x-pack/plugins/osquery/common/schemas/routes/action/create_action_request_body_schema.ts b/x-pack/plugins/osquery/common/schemas/routes/action/create_action_request_body_schema.ts
deleted file mode 100644
index a85471a95a137..0000000000000
--- a/x-pack/plugins/osquery/common/schemas/routes/action/create_action_request_body_schema.ts
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import * as t from 'io-ts';
-
-import {
-  query,
-  agentSelection,
-  ecsMappingOrUndefined,
-  savedQueryIdOrUndefined,
-} from '../../common/schemas';
-
-export const createActionRequestBodySchema = t.type({
-  agentSelection,
-  query,
-  saved_query_id: savedQueryIdOrUndefined,
-  ecs_mapping: ecsMappingOrUndefined,
-});
-
-export type CreateActionRequestBodySchema = t.OutputOf<typeof createActionRequestBodySchema>;
diff --git a/x-pack/plugins/osquery/common/schemas/routes/live_query/create_live_query_request_body_schema.ts b/x-pack/plugins/osquery/common/schemas/routes/live_query/create_live_query_request_body_schema.ts
new file mode 100644
index 0000000000000..6d37ab6d56288
--- /dev/null
+++ b/x-pack/plugins/osquery/common/schemas/routes/live_query/create_live_query_request_body_schema.ts
@@ -0,0 +1,35 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import * as t from 'io-ts';
+
+import {
+  ecsMappingOrUndefined,
+  savedQueryIdOrUndefined,
+  packIdOrUndefined,
+  queryOrUndefined,
+  queriesOrUndefined,
+  stringArrayOrUndefined,
+} from '../../common/schemas';
+
+export const createLiveQueryRequestBodySchema = t.type({
+  agent_ids: stringArrayOrUndefined,
+  agent_all: t.union([t.boolean, t.undefined]),
+  agent_platforms: stringArrayOrUndefined,
+  agent_policy_ids: stringArrayOrUndefined,
+  query: queryOrUndefined,
+  queries: queriesOrUndefined,
+  saved_query_id: savedQueryIdOrUndefined,
+  ecs_mapping: ecsMappingOrUndefined,
+  pack_id: packIdOrUndefined,
+  alert_ids: stringArrayOrUndefined,
+  case_ids: stringArrayOrUndefined,
+  event_ids: stringArrayOrUndefined,
+  metadata: t.union([t.object, t.undefined]),
+});
+
+export type CreateLiveQueryRequestBodySchema = t.OutputOf<typeof createLiveQueryRequestBodySchema>;
diff --git a/x-pack/plugins/osquery/common/schemas/routes/action/index.ts b/x-pack/plugins/osquery/common/schemas/routes/live_query/index.ts
similarity index 81%
rename from x-pack/plugins/osquery/common/schemas/routes/action/index.ts
rename to x-pack/plugins/osquery/common/schemas/routes/live_query/index.ts
index 286aa2e5128b2..0438204e6c86e 100644
--- a/x-pack/plugins/osquery/common/schemas/routes/action/index.ts
+++ b/x-pack/plugins/osquery/common/schemas/routes/live_query/index.ts
@@ -5,4 +5,4 @@
  * 2.0.
  */
 
-export * from './create_action_request_body_schema';
+export * from './create_live_query_request_body_schema';
diff --git a/x-pack/plugins/osquery/common/search_strategy/common/index.ts b/x-pack/plugins/osquery/common/search_strategy/common/index.ts
index a0b7b5719cbcc..6139682935b66 100644
--- a/x-pack/plugins/osquery/common/search_strategy/common/index.ts
+++ b/x-pack/plugins/osquery/common/search_strategy/common/index.ts
@@ -20,12 +20,6 @@ export interface Inspect {
   dsl: string[];
 }
 
-export interface PageInfoPaginated {
-  activePage: number;
-  fakeTotalCount: number;
-  showMorePagesIndicator: boolean;
-}
-
 export interface CursorType {
   value?: Maybe<string>;
   tiebreaker?: Maybe<string>;
@@ -64,8 +58,6 @@ export interface PaginationInputPaginated {
   activePage: number;
   /** The cursorStart parameter defines the start of the results to be displayed */
   cursorStart: number;
-  /** The fakePossibleCount parameter determines the total count in order to show 5 additional pages */
-  fakePossibleCount: number;
   /** The querySize parameter is the number of items to be returned */
   querySize: number;
 }
diff --git a/x-pack/plugins/osquery/common/search_strategy/osquery/actions/index.ts b/x-pack/plugins/osquery/common/search_strategy/osquery/actions/index.ts
index 217f150f514a4..283ae46269422 100644
--- a/x-pack/plugins/osquery/common/search_strategy/osquery/actions/index.ts
+++ b/x-pack/plugins/osquery/common/search_strategy/osquery/actions/index.ts
@@ -6,9 +6,9 @@
  */
 
 import type * as estypes from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
-import type { IEsSearchResponse } from '@kbn/data-plugin/common';
+import type { IEsSearchResponse, IKibanaSearchResponse } from '@kbn/data-plugin/common';
 
-import type { Inspect, Maybe, PageInfoPaginated } from '../../common';
+import type { Inspect, Maybe } from '../../common';
 import type { RequestOptions, RequestOptionsPaginated } from '../..';
 
 export type ActionEdges = estypes.SearchResponse<object>['hits']['hits'];
@@ -16,16 +16,40 @@ export type ActionEdges = estypes.SearchResponse<object>['hits']['hits'];
 export type ActionResultEdges = estypes.SearchResponse<object>['hits']['hits'];
 export interface ActionsStrategyResponse extends IEsSearchResponse {
   edges: ActionEdges;
-  totalCount: number;
-  pageInfo: PageInfoPaginated;
   inspect?: Maybe<Inspect>;
 }
 
+export interface ActionDetails {
+  action_id: string;
+  expiration: string;
+  '@timestamp': string;
+  agent_all: boolean;
+  agent_ids: string[];
+  agent_platforoms: string[];
+  agent_policy_ids: string[];
+  agents: string[];
+  user_id?: string;
+  pack_id?: string;
+  pack_name?: string;
+  pack_prebuilt?: boolean;
+  status?: string;
+  queries?: Array<{
+    action_id: string;
+    id: string;
+    query: string;
+    agents: string[];
+    ecs_mapping?: unknown;
+    version?: string;
+    platform?: string;
+    saved_query_id?: string;
+    expiration?: string;
+  }>;
+}
+
 export type ActionsRequestOptions = RequestOptionsPaginated;
 
 export interface ActionDetailsStrategyResponse extends IEsSearchResponse {
-  // eslint-disable-next-line @typescript-eslint/no-explicit-any
-  actionDetails: Record<string, any>;
+  actionDetails: estypes.SearchHit<ActionDetails>;
   inspect?: Maybe<Inspect>;
 }
 
@@ -33,10 +57,26 @@ export interface ActionDetailsRequestOptions extends RequestOptions {
   actionId: string;
 }
 
-export interface ActionResultsStrategyResponse extends IEsSearchResponse {
+export interface ActionResultsStrategyResponse
+  extends IKibanaSearchResponse<
+    estypes.SearchResponse<
+      object,
+      {
+        aggs: {
+          responses_by_action_id: estypes.AggregationsSingleBucketAggregateBase & {
+            rows_count: estypes.AggregationsSumAggregate;
+            responses: {
+              buckets: Array<{
+                key: string;
+                doc_count: number;
+              }>;
+            };
+          };
+        };
+      }
+    >
+  > {
   edges: ActionResultEdges;
-  totalCount: number;
-  pageInfo: PageInfoPaginated;
   inspect?: Maybe<Inspect>;
 }
 
diff --git a/x-pack/plugins/osquery/common/search_strategy/osquery/agents/index.ts b/x-pack/plugins/osquery/common/search_strategy/osquery/agents/index.ts
index 53492f937db58..06447beb18eac 100644
--- a/x-pack/plugins/osquery/common/search_strategy/osquery/agents/index.ts
+++ b/x-pack/plugins/osquery/common/search_strategy/osquery/agents/index.ts
@@ -7,14 +7,12 @@
 
 import type { IEsSearchResponse } from '@kbn/data-plugin/common';
 
-import type { Inspect, Maybe, PageInfoPaginated } from '../../common';
+import type { Inspect, Maybe } from '../../common';
 import type { RequestOptionsPaginated } from '../..';
 import type { Agent } from '../../../shared_imports';
 
 export interface AgentsStrategyResponse extends IEsSearchResponse {
   edges: Agent[];
-  totalCount: number;
-  pageInfo: PageInfoPaginated;
   inspect?: Maybe<Inspect>;
 }
 
diff --git a/x-pack/plugins/osquery/common/search_strategy/osquery/index.ts b/x-pack/plugins/osquery/common/search_strategy/osquery/index.ts
index b089d1fcf6484..b8985297b3062 100644
--- a/x-pack/plugins/osquery/common/search_strategy/osquery/index.ts
+++ b/x-pack/plugins/osquery/common/search_strategy/osquery/index.ts
@@ -40,6 +40,7 @@ export interface RequestBasicOptions extends IEsSearchRequest {
   aggregations?: Record<string, estypes.AggregationsAggregationContainer>;
   docValueFields?: DocValueFields[];
   factoryQueryType?: FactoryQueryTypes;
+  componentTemplateExists?: boolean;
 }
 
 /** A mapping of semantic fields to their document counterparts */
diff --git a/x-pack/plugins/osquery/common/search_strategy/osquery/results/index.ts b/x-pack/plugins/osquery/common/search_strategy/osquery/results/index.ts
index 5a0e14f99ed70..d7777e389dde8 100644
--- a/x-pack/plugins/osquery/common/search_strategy/osquery/results/index.ts
+++ b/x-pack/plugins/osquery/common/search_strategy/osquery/results/index.ts
@@ -8,15 +8,13 @@
 import type * as estypes from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
 import type { IEsSearchResponse } from '@kbn/data-plugin/common';
 
-import type { Inspect, Maybe, PageInfoPaginated, SortField } from '../../common';
+import type { Inspect, Maybe, SortField } from '../../common';
 import type { RequestOptionsPaginated } from '../..';
 
 export type ResultEdges = estypes.SearchResponse<unknown>['hits']['hits'];
 
 export interface ResultsStrategyResponse extends IEsSearchResponse {
   edges: ResultEdges;
-  totalCount: number;
-  pageInfo: PageInfoPaginated;
   inspect?: Maybe<Inspect>;
 }
 
diff --git a/x-pack/plugins/osquery/common/types.ts b/x-pack/plugins/osquery/common/types.ts
index ef2c077056b86..981dbef21de7c 100644
--- a/x-pack/plugins/osquery/common/types.ts
+++ b/x-pack/plugins/osquery/common/types.ts
@@ -5,12 +5,6 @@
  * 2.0.
  */
 
-import type {
-  PackagePolicy,
-  PackagePolicyInput,
-  PackagePolicyInputStream,
-} from '@kbn/fleet-plugin/common';
-
 export const savedQuerySavedObjectType = 'osquery-saved-query';
 export const packSavedObjectType = 'osquery-pack';
 export const packAssetSavedObjectType = 'osquery-pack-asset';
@@ -36,42 +30,3 @@ export type RequiredKeepUndefined<T> = { [K in keyof T]-?: [T[K]] } extends infe
     ? { [K in keyof U]: U[K][0] }
     : never
   : never;
-
-export interface OsqueryManagerPackagePolicyConfigRecordEntry {
-  type: string;
-  value: string;
-  frozen?: boolean;
-}
-
-export interface OsqueryManagerPackagePolicyConfigRecord {
-  id: OsqueryManagerPackagePolicyConfigRecordEntry;
-  query: OsqueryManagerPackagePolicyConfigRecordEntry;
-  interval: OsqueryManagerPackagePolicyConfigRecordEntry;
-  platform?: OsqueryManagerPackagePolicyConfigRecordEntry;
-  version?: OsqueryManagerPackagePolicyConfigRecordEntry;
-  ecs_mapping?:
-    | {
-        value: Record<
-          string,
-          {
-            field: string;
-          }
-        >;
-      }
-    | undefined;
-}
-
-export interface OsqueryManagerPackagePolicyInputStream
-  extends Omit<PackagePolicyInputStream, 'config' | 'vars'> {
-  config?: OsqueryManagerPackagePolicyConfigRecord;
-  vars?: OsqueryManagerPackagePolicyConfigRecord;
-}
-
-export interface OsqueryManagerPackagePolicyInput extends Omit<PackagePolicyInput, 'streams'> {
-  streams: OsqueryManagerPackagePolicyInputStream[];
-}
-
-export interface OsqueryManagerPackagePolicy extends Omit<PackagePolicy, 'inputs'> {
-  inputs: OsqueryManagerPackagePolicyInput[];
-  read_only?: boolean;
-}
diff --git a/x-pack/plugins/osquery/common/utils/build_query/filters.ts b/x-pack/plugins/osquery/common/utils/build_query/filters.ts
index a9a9b3319661b..0d82a581e27d9 100644
--- a/x-pack/plugins/osquery/common/utils/build_query/filters.ts
+++ b/x-pack/plugins/osquery/common/utils/build_query/filters.ts
@@ -6,8 +6,26 @@
  */
 
 import { isEmpty, isString } from 'lodash/fp';
-
+import type { PaginationInputPaginated, Inspect } from '../../search_strategy';
 import type { ESQuery } from '../../typed_json';
 
 export const createQueryFilterClauses = (filterQuery: ESQuery | string | undefined) =>
   !isEmpty(filterQuery) ? [isString(filterQuery) ? JSON.parse(filterQuery) : filterQuery] : [];
+
+export const createFilter = (filterQuery: ESQuery | string | undefined) =>
+  isString(filterQuery) ? filterQuery : JSON.stringify(filterQuery);
+
+export type InspectResponse = Inspect & { response: string[] };
+
+export const generateTablePaginationOptions = (
+  activePage: number,
+  limit: number
+): PaginationInputPaginated => {
+  const cursorStart = activePage * limit;
+
+  return {
+    activePage,
+    cursorStart,
+    querySize: limit,
+  };
+};
diff --git a/x-pack/plugins/osquery/cypress/integration/all/add_integration.spec.ts b/x-pack/plugins/osquery/cypress/integration/all/add_integration.spec.ts
index 1ad43e5003827..a6850e7fdbc03 100644
--- a/x-pack/plugins/osquery/cypress/integration/all/add_integration.spec.ts
+++ b/x-pack/plugins/osquery/cypress/integration/all/add_integration.spec.ts
@@ -76,7 +76,8 @@ describe('ALL - Add Integration', () => {
     addIntegration();
     cy.contains('osquery_manager-');
   });
-  it('should have integration and packs copied when upgrading integration', () => {
+
+  it.skip('should have integration and packs copied when upgrading integration', () => {
     const packageName = 'osquery_manager';
     const oldVersion = '1.2.0';
     const newVersion = '1.3.1';
diff --git a/x-pack/plugins/osquery/cypress/integration/all/alerts.spec.ts b/x-pack/plugins/osquery/cypress/integration/all/alerts.spec.ts
index 4ef3e263df01c..80516f480e803 100644
--- a/x-pack/plugins/osquery/cypress/integration/all/alerts.spec.ts
+++ b/x-pack/plugins/osquery/cypress/integration/all/alerts.spec.ts
@@ -58,11 +58,11 @@ describe('Alert Event Details', () => {
     cy.getBySel('ruleSwitch').should('have.attr', 'aria-checked', 'true');
   });
 
-  it('should be able to run live query and add to timeline (-depending on the previous test)', () => {
+  it.skip('should be able to run live query and add to timeline (-depending on the previous test)', () => {
     const TIMELINE_NAME = 'Untitled timeline';
     cy.visit('/app/security/alerts');
     cy.getBySel('header-page-title').contains('Alerts').should('exist');
-    cy.getBySel('timeline-context-menu-button').first().click({ force: true });
+    cy.getBySel('timeline-context-menu-button').first().click();
     cy.getBySel('osquery-action-item').should('exist').contains('Run Osquery');
     cy.getBySel('expand-event').first().click();
     cy.getBySel('take-action-dropdown-btn').click();
diff --git a/x-pack/plugins/osquery/cypress/integration/all/live_query.spec.ts b/x-pack/plugins/osquery/cypress/integration/all/live_query.spec.ts
index 930d1e29c2ebf..731802a021ae4 100644
--- a/x-pack/plugins/osquery/cypress/integration/all/live_query.spec.ts
+++ b/x-pack/plugins/osquery/cypress/integration/all/live_query.spec.ts
@@ -17,6 +17,7 @@ import {
   typeInOsqueryFieldInput,
 } from '../../tasks/live_query';
 import {
+  LIVE_QUERY_EDITOR,
   RESULTS_TABLE,
   RESULTS_TABLE_BUTTON,
   RESULTS_TABLE_CELL_WRRAPER,
@@ -92,4 +93,23 @@ describe('ALL - Live Query', () => {
 
     cy.react('ReactAce', { props: { value: 'select * from users' } }).should('exist');
   });
+
+  it.skip('should run live pack', () => {
+    cy.contains('New live query').click();
+    cy.contains('Run a set of queries in a pack.').click();
+    cy.get(LIVE_QUERY_EDITOR).should('not.exist');
+    cy.getBySel('select-live-pack').click();
+    cy.contains('Integration').click();
+    cy.contains('This table contains 1 rows.');
+    cy.contains('Integration (');
+    cy.contains('system_memory_linux_elastic');
+    selectAllAgents();
+    submitQuery();
+    cy.getBySel('live-query-loading').should('exist');
+    cy.getBySel('live-query-loading', { timeout: 10000 }).should('not.exist');
+    cy.getBySel('toggleIcon-events').click();
+    checkResults();
+    navigateTo('/app/osquery');
+    cy.contains('Integration');
+  });
 });
diff --git a/x-pack/plugins/osquery/cypress/integration/all/packs.spec.ts b/x-pack/plugins/osquery/cypress/integration/all/packs.spec.ts
index 4a8842d21c9b1..260408ca428c1 100644
--- a/x-pack/plugins/osquery/cypress/integration/all/packs.spec.ts
+++ b/x-pack/plugins/osquery/cypress/integration/all/packs.spec.ts
@@ -96,7 +96,7 @@ describe('ALL - Packs', () => {
       cy.contains('ID must be unique').should('exist');
       cy.react('EuiFlyoutFooter').react('EuiButtonEmpty').contains('Cancel').click();
     });
-    it('should open lens in new tab', () => {
+    it.skip('should open lens in new tab', () => {
       let lensUrl = '';
       cy.window().then((win) => {
         cy.stub(win, 'open')
diff --git a/x-pack/plugins/osquery/cypress/integration/roles/alert_test.spec.ts b/x-pack/plugins/osquery/cypress/integration/roles/alert_test.spec.ts
index 5d25b6599b13c..b68cd0d17e466 100644
--- a/x-pack/plugins/osquery/cypress/integration/roles/alert_test.spec.ts
+++ b/x-pack/plugins/osquery/cypress/integration/roles/alert_test.spec.ts
@@ -13,7 +13,7 @@ import { preparePack } from '../../tasks/packs';
 import { closeModalIfVisible } from '../../tasks/integrations';
 import { navigateTo } from '../../tasks/navigation';
 
-describe('Alert_Test', () => {
+describe.skip('Alert_Test', () => {
   before(() => {
     runKbnArchiverScript(ArchiverMethod.LOAD, 'pack');
     runKbnArchiverScript(ArchiverMethod.LOAD, 'rule');
diff --git a/x-pack/plugins/osquery/cypress/integration/roles/t1_analyst.spec.ts b/x-pack/plugins/osquery/cypress/integration/roles/t1_analyst.spec.ts
index 51270332e0a51..57995296cfb17 100644
--- a/x-pack/plugins/osquery/cypress/integration/roles/t1_analyst.spec.ts
+++ b/x-pack/plugins/osquery/cypress/integration/roles/t1_analyst.spec.ts
@@ -12,7 +12,7 @@ import { checkResults, selectAllAgents, submitQuery } from '../../tasks/live_que
 import { ArchiverMethod, runKbnArchiverScript } from '../../tasks/archiver';
 import { getSavedQueriesDropdown, LIVE_QUERY_EDITOR } from '../../screens/live_query';
 
-describe('T1 Analyst - READ + runSavedQueries ', () => {
+describe.skip('T1 Analyst - READ + runSavedQueries ', () => {
   const SAVED_QUERY_ID = 'Saved-Query-Id';
 
   beforeEach(() => {
@@ -50,7 +50,6 @@ describe('T1 Analyst - READ + runSavedQueries ', () => {
     cy.contains('select * from uptime');
     cy.wait(1000);
     cy.react('EuiTableBody').first().react('DefaultItemAction').first().click();
-    selectAllAgents();
     cy.contains(SAVED_QUERY_ID);
     submitQuery();
     checkResults();
diff --git a/x-pack/plugins/osquery/cypress/integration/roles/t2_analyst.spec.ts b/x-pack/plugins/osquery/cypress/integration/roles/t2_analyst.spec.ts
index 901b18f1461c7..cf91a49e9dad6 100644
--- a/x-pack/plugins/osquery/cypress/integration/roles/t2_analyst.spec.ts
+++ b/x-pack/plugins/osquery/cypress/integration/roles/t2_analyst.spec.ts
@@ -19,7 +19,7 @@ import {
 import { ArchiverMethod, runKbnArchiverScript } from '../../tasks/archiver';
 import { getSavedQueriesComplexTest } from '../../tasks/saved_queries';
 
-describe('T2 Analyst - READ + Write Live/Saved + runSavedQueries ', () => {
+describe.skip('T2 Analyst - READ + Write Live/Saved + runSavedQueries ', () => {
   const SAVED_QUERY_ID = 'Saved-Query-Id';
   const NEW_SAVED_QUERY_ID = 'Saved-Query-Id-T2';
   const NEW_SAVED_QUERY_DESCRIPTION = 'Test saved query description T2';
diff --git a/x-pack/plugins/osquery/cypress/tasks/saved_queries.ts b/x-pack/plugins/osquery/cypress/tasks/saved_queries.ts
index 66e606132b05e..d288584b6a169 100644
--- a/x-pack/plugins/osquery/cypress/tasks/saved_queries.ts
+++ b/x-pack/plugins/osquery/cypress/tasks/saved_queries.ts
@@ -75,7 +75,7 @@ export const getSavedQueriesComplexTest = (savedQueryId: string, savedQueryDescr
       // visit Status results
       cy.react('EuiTab', { props: { id: 'status' } }).click();
       cy.react('EuiTableRow').should('have.lengthOf', 1);
-      cy.contains('Successful').siblings().contains(1);
+      // cy.contains('Successful').siblings().contains(1);
 
       // play saved query
       cy.contains('Saved queries').click();
diff --git a/x-pack/plugins/osquery/kibana.json b/x-pack/plugins/osquery/kibana.json
index 1ea8468529b85..539c2f7dc18dc 100644
--- a/x-pack/plugins/osquery/kibana.json
+++ b/x-pack/plugins/osquery/kibana.json
@@ -12,6 +12,7 @@
   "requiredPlugins": [
     "actions",
     "data",
+    "dataViews",
     "discover",
     "features",
     "navigation",
diff --git a/x-pack/plugins/osquery/public/action_results/action_agents_status.tsx b/x-pack/plugins/osquery/public/action_results/action_agents_status.tsx
deleted file mode 100644
index f5b952af8acd4..0000000000000
--- a/x-pack/plugins/osquery/public/action_results/action_agents_status.tsx
+++ /dev/null
@@ -1,92 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { EuiFlexGroup, EuiFlexItem, EuiText } from '@elastic/eui';
-import { FormattedMessage } from '@kbn/i18n-react';
-import React, { useEffect, useMemo, useState } from 'react';
-
-import { Direction } from '../../common/search_strategy';
-import { AgentStatusBar } from './action_agents_status_bar';
-import { ActionAgentsStatusBadges } from './action_agents_status_badges';
-import { useActionResults } from './use_action_results';
-
-interface ActionAgentsStatusProps {
-  actionId: string;
-  expirationDate?: string;
-  agentIds?: string[];
-}
-
-const ActionAgentsStatusComponent: React.FC<ActionAgentsStatusProps> = ({
-  actionId,
-  expirationDate,
-  agentIds,
-}) => {
-  const [isLive, setIsLive] = useState(true);
-  const expired = useMemo(
-    () => (!expirationDate ? false : new Date(expirationDate) < new Date()),
-    [expirationDate]
-  );
-  const {
-    // @ts-expect-error update types
-    data: { aggregations },
-  } = useActionResults({
-    actionId,
-    activePage: 0,
-    agentIds,
-    limit: 0,
-    direction: Direction.asc,
-    sortField: '@timestamp',
-    isLive,
-  });
-
-  const agentStatus = useMemo(() => {
-    const notRespondedCount = !agentIds?.length ? 0 : agentIds.length - aggregations.totalResponded;
-
-    return {
-      success: aggregations.successful,
-      pending: notRespondedCount,
-      failed: aggregations.failed,
-    };
-  }, [agentIds?.length, aggregations.failed, aggregations.successful, aggregations.totalResponded]);
-
-  useEffect(
-    () =>
-      setIsLive(() => {
-        if (!agentIds?.length || expired) return false;
-
-        return !!(aggregations.totalResponded !== agentIds?.length);
-      }),
-    [agentIds?.length, aggregations.totalResponded, expired]
-  );
-
-  return (
-    <>
-      <EuiFlexGroup alignItems="center">
-        <EuiFlexItem>
-          <EuiText size="xs" color="subdued">
-            <FormattedMessage
-              id="xpack.osquery.liveQueryActionResults.summary.agentsQueriedLabelText"
-              defaultMessage="Queried {count, plural, one {# agent} other {# agents}}"
-              // eslint-disable-next-line react-perf/jsx-no-new-object-as-prop
-              values={{ count: agentIds?.length }}
-            />
-          </EuiText>
-        </EuiFlexItem>
-        <EuiFlexItem grow={false}>
-          <ActionAgentsStatusBadges expired={expired} agentStatus={agentStatus} />
-        </EuiFlexItem>
-      </EuiFlexGroup>
-      <EuiFlexGroup>
-        <EuiFlexItem>
-          <AgentStatusBar agentStatus={agentStatus} />
-        </EuiFlexItem>
-      </EuiFlexGroup>
-    </>
-  );
-};
-
-export const ActionAgentsStatus = React.memo(ActionAgentsStatusComponent);
diff --git a/x-pack/plugins/osquery/public/action_results/action_results_summary.tsx b/x-pack/plugins/osquery/public/action_results/action_results_summary.tsx
index e04f783608420..29d823560d6e3 100644
--- a/x-pack/plugins/osquery/public/action_results/action_results_summary.tsx
+++ b/x-pack/plugins/osquery/public/action_results/action_results_summary.tsx
@@ -5,8 +5,6 @@
  * 2.0.
  */
 
-/* eslint-disable @typescript-eslint/no-unused-vars */
-
 import { i18n } from '@kbn/i18n';
 import { EuiInMemoryTable, EuiCodeBlock } from '@elastic/eui';
 import React, { useCallback, useEffect, useMemo, useState } from 'react';
@@ -33,10 +31,8 @@ const ActionResultsSummaryComponent: React.FC<ActionResultsSummaryProps> = ({
   expirationDate,
   agentIds,
 }) => {
-  // @ts-expect-error update types
-  const [pageIndex, setPageIndex] = useState(0);
-  // @ts-expect-error update types
-  const [pageSize, setPageSize] = useState(50);
+  const [pageIndex] = useState(0);
+  const [pageSize] = useState(50);
   const expired = useMemo(
     () => (!expirationDate ? false : new Date(expirationDate) < new Date()),
     [expirationDate]
diff --git a/x-pack/plugins/osquery/public/action_results/use_action_results.ts b/x-pack/plugins/osquery/public/action_results/use_action_results.ts
index 629c490660a2e..964feb9eafb3b 100644
--- a/x-pack/plugins/osquery/public/action_results/use_action_results.ts
+++ b/x-pack/plugins/osquery/public/action_results/use_action_results.ts
@@ -5,9 +5,9 @@
  * 2.0.
  */
 
+import type * as estypes from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
 import { flatten, reverse, uniqBy } from 'lodash/fp';
 import { useQuery } from 'react-query';
-
 import { i18n } from '@kbn/i18n';
 import { lastValueFrom } from 'rxjs';
 import type { InspectResponse } from '../common/helpers';
@@ -19,7 +19,6 @@ import {
 import { useKibana } from '../common/lib/kibana';
 import type {
   ResultEdges,
-  PageInfoPaginated,
   ActionResultsRequestOptions,
   ActionResultsStrategyResponse,
   Direction,
@@ -35,8 +34,6 @@ export interface ResultsArgs {
   id: string;
   inspect: InspectResponse;
   isInspected: boolean;
-  pageInfo: PageInfoPaginated;
-  totalCount: number;
 }
 
 export interface UseActionResults {
@@ -65,7 +62,7 @@ export const useActionResults = ({
   const { data } = useKibana().services;
   const setErrorToast = useErrorToast();
 
-  return useQuery(
+  return useQuery<{}, Error, ActionResultsStrategyResponse>(
     ['actionResults', { actionId }],
     async () => {
       const responseData = await lastValueFrom(
@@ -87,22 +84,23 @@ export const useActionResults = ({
       );
 
       const totalResponded =
-        // @ts-expect-error update types
         responseData.rawResponse?.aggregations?.aggs.responses_by_action_id?.doc_count ?? 0;
       const totalRowCount =
-        // @ts-expect-error update types
         responseData.rawResponse?.aggregations?.aggs.responses_by_action_id?.rows_count?.value ?? 0;
       const aggsBuckets =
-        // @ts-expect-error update types
         responseData.rawResponse?.aggregations?.aggs.responses_by_action_id?.responses.buckets;
 
-      const cachedData = queryClient.getQueryData(['actionResults', { actionId }]);
+      const cachedData = queryClient.getQueryData<ActionResultsStrategyResponse>([
+        'actionResults',
+        { actionId },
+      ]);
 
-      // @ts-expect-error update types
       const previousEdges = cachedData?.edges.length
-        ? // @ts-expect-error update types
-          cachedData?.edges
-        : agentIds?.map((agentId) => ({ fields: { agent_id: [agentId] } })) ?? [];
+        ? cachedData?.edges
+        : agentIds?.map(
+            (agentId) =>
+              ({ fields: { agent_id: [agentId] } } as unknown as estypes.SearchHit<object>)
+          ) ?? [];
 
       return {
         ...responseData,
@@ -110,9 +108,7 @@ export const useActionResults = ({
         aggregations: {
           totalRowCount,
           totalResponded,
-          // @ts-expect-error update types
           successful: aggsBuckets?.find((bucket) => bucket.key === 'success')?.doc_count ?? 0,
-          // @ts-expect-error update types
           failed: aggsBuckets?.find((bucket) => bucket.key === 'error')?.doc_count ?? 0,
         },
         inspect: getInspectResponse(responseData, {} as InspectResponse),
@@ -124,7 +120,6 @@ export const useActionResults = ({
         aggregations: {
           totalResponded: 0,
           successful: 0,
-          // @ts-expect-error update types
           pending: agentIds?.length ?? 0,
           failed: 0,
         },
@@ -133,7 +128,7 @@ export const useActionResults = ({
       keepPreviousData: true,
       enabled: !skip && !!agentIds?.length,
       onSuccess: () => setErrorToast(),
-      onError: (error: Error) =>
+      onError: (error) =>
         setErrorToast(error, {
           title: i18n.translate('xpack.osquery.action_results.fetchError', {
             defaultMessage: 'Error while fetching action results',
diff --git a/x-pack/plugins/osquery/public/actions/actions_table.tsx b/x-pack/plugins/osquery/public/actions/actions_table.tsx
index 2f81394bccde8..25c35d09e1ba0 100644
--- a/x-pack/plugins/osquery/public/actions/actions_table.tsx
+++ b/x-pack/plugins/osquery/public/actions/actions_table.tsx
@@ -7,7 +7,15 @@
 
 import { isArray, isEmpty, pickBy } from 'lodash';
 import { i18n } from '@kbn/i18n';
-import { EuiBasicTable, EuiButtonIcon, EuiCodeBlock, formatDate } from '@elastic/eui';
+import {
+  EuiBasicTable,
+  EuiButtonIcon,
+  EuiCodeBlock,
+  formatDate,
+  EuiIcon,
+  EuiFlexItem,
+  EuiFlexGroup,
+} from '@elastic/eui';
 import React, { useState, useCallback, useMemo } from 'react';
 import { useHistory } from 'react-router-dom';
 
@@ -47,14 +55,24 @@ const ActionsTableComponent = () => {
     setPageSize(size);
   }, []);
 
-  const renderQueryColumn = useCallback(
-    (_, item) => (
+  const renderQueryColumn = useCallback((_, item) => {
+    if (item._source.pack_name) {
+      return (
+        <EuiFlexGroup gutterSize="s" alignItems="center" justifyContent="center">
+          <EuiFlexItem grow={false}>
+            <EuiIcon type="package" />
+          </EuiFlexItem>
+          <EuiFlexItem>{item._source.pack_name}</EuiFlexItem>
+        </EuiFlexGroup>
+      );
+    }
+
+    return (
       <EuiCodeBlock language="sql" fontSize="s" paddingSize="none" transparentBackground>
-        {item._source.data.query}
+        {item._source.queries[0].query}
       </EuiCodeBlock>
-    ),
-    []
-  );
+    );
+  }, []);
 
   const renderAgentsColumn = useCallback((_, item) => <>{item.fields.agents?.length ?? 0}</>, []);
 
@@ -71,18 +89,43 @@ const ActionsTableComponent = () => {
   );
 
   const handlePlayClick = useCallback(
-    (item) =>
+    (item) => {
+      const packId = item._source.pack_id;
+
+      if (packId) {
+        return push('/live_queries/new', {
+          form: pickBy(
+            {
+              packId: item._source.pack_id,
+              agentSelection: {
+                agents: item._source.agent_ids,
+                allAgentsSelected: item._source.agent_all,
+                platformsSelected: item._source.agent_platforms,
+                policiesSelected: item._source.agent_policy_ids,
+              },
+            },
+            (value) => !isEmpty(value)
+          ),
+        });
+      }
+
       push('/live_queries/new', {
         form: pickBy(
           {
-            agentIds: item.fields.agents,
-            query: item._source.data.query,
-            ecs_mapping: item._source.data.ecs_mapping,
-            savedQueryId: item._source.data.saved_query_id,
+            query: item._source.queries[0].query,
+            ecs_mapping: item._source.queries[0].ecs_mapping,
+            savedQueryId: item._source.queries[0].saved_query_id,
+            agentSelection: {
+              agents: item._source.agent_ids,
+              allAgentsSelected: item._source.agent_all,
+              platformsSelected: item._source.agent_platforms,
+              policiesSelected: item._source.agent_policy_ids,
+            },
           },
           (value) => !isEmpty(value)
         ),
-      }),
+      });
+    },
     [push]
   );
   const isPlayButtonAvailable = useCallback(
@@ -156,10 +199,10 @@ const ActionsTableComponent = () => {
     () => ({
       pageIndex,
       pageSize,
-      totalItemCount: actionsData?.totalCount ?? 0,
+      totalItemCount: actionsData?.total ?? 0,
       pageSizeOptions: [20, 50, 100],
     }),
-    [actionsData?.totalCount, pageIndex, pageSize]
+    [actionsData?.total, pageIndex, pageSize]
   );
 
   return (
diff --git a/x-pack/plugins/osquery/public/actions/use_action_details.ts b/x-pack/plugins/osquery/public/actions/use_action_details.ts
deleted file mode 100644
index 39abf4ac23852..0000000000000
--- a/x-pack/plugins/osquery/public/actions/use_action_details.ts
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { useQuery } from 'react-query';
-
-import { i18n } from '@kbn/i18n';
-import { lastValueFrom } from 'rxjs';
-import { createFilter } from '../common/helpers';
-import { useKibana } from '../common/lib/kibana';
-import type {
-  ActionDetailsRequestOptions,
-  ActionDetailsStrategyResponse,
-} from '../../common/search_strategy';
-import { OsqueryQueries } from '../../common/search_strategy';
-import type { ESTermQuery } from '../../common/typed_json';
-import { useErrorToast } from '../common/hooks/use_error_toast';
-
-export interface ActionDetailsArgs {
-  actionDetails: Record<string, string>;
-  id: string;
-}
-
-interface UseActionDetails {
-  actionId: string;
-  filterQuery?: ESTermQuery | string;
-  skip?: boolean;
-}
-
-export const useActionDetails = ({ actionId, filterQuery, skip = false }: UseActionDetails) => {
-  const { data } = useKibana().services;
-  const setErrorToast = useErrorToast();
-
-  return useQuery(
-    ['actionDetails', { actionId, filterQuery }],
-    async () => {
-      const responseData = await lastValueFrom(
-        data.search.search<ActionDetailsRequestOptions, ActionDetailsStrategyResponse>(
-          {
-            actionId,
-            factoryQueryType: OsqueryQueries.actionDetails,
-            filterQuery: createFilter(filterQuery),
-          },
-          {
-            strategy: 'osquerySearchStrategy',
-          }
-        )
-      );
-
-      if (!responseData.actionDetails) throw new Error();
-
-      return responseData;
-    },
-    {
-      enabled: !skip,
-      onSuccess: () => setErrorToast(),
-      onError: (error: Error) =>
-        setErrorToast(error, {
-          title: i18n.translate('xpack.osquery.action_details.fetchError', {
-            defaultMessage: 'Error while fetching action details',
-          }),
-        }),
-      refetchOnWindowFocus: false,
-      retryDelay: 1000,
-    }
-  );
-};
diff --git a/x-pack/plugins/osquery/public/actions/use_all_actions.ts b/x-pack/plugins/osquery/public/actions/use_all_actions.ts
index a0a53ab4566bd..fc3f2a6d123ac 100644
--- a/x-pack/plugins/osquery/public/actions/use_all_actions.ts
+++ b/x-pack/plugins/osquery/public/actions/use_all_actions.ts
@@ -18,7 +18,6 @@ import {
 import { useKibana } from '../common/lib/kibana';
 import type {
   ActionEdges,
-  PageInfoPaginated,
   ActionsRequestOptions,
   ActionsStrategyResponse,
   Direction,
@@ -33,8 +32,6 @@ export interface ActionsArgs {
   id: string;
   inspect: InspectResponse;
   isInspected: boolean;
-  pageInfo: PageInfoPaginated;
-  totalCount: number;
 }
 
 interface UseAllActions {
diff --git a/x-pack/plugins/osquery/public/actions/use_live_query_details.ts b/x-pack/plugins/osquery/public/actions/use_live_query_details.ts
new file mode 100644
index 0000000000000..a31c493487057
--- /dev/null
+++ b/x-pack/plugins/osquery/public/actions/use_live_query_details.ts
@@ -0,0 +1,81 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { useQuery } from 'react-query';
+
+import { i18n } from '@kbn/i18n';
+import { useKibana } from '../common/lib/kibana';
+import type { ESTermQuery } from '../../common/typed_json';
+import { useErrorToast } from '../common/hooks/use_error_toast';
+
+export interface LiveQueryDetailsArgs {
+  actionDetails: Record<string, string>;
+  id: string;
+}
+
+interface UseLiveQueryDetails {
+  actionId?: string;
+  isLive?: boolean;
+  filterQuery?: ESTermQuery | string;
+  skip?: boolean;
+}
+
+export interface LiveQueryDetailsItem {
+  action_id: string;
+  expiration: string;
+  '@timestamp': string;
+  agent_all: boolean;
+  agent_ids: string[];
+  agent_platforoms: string[];
+  agent_policy_ids: string[];
+  agents: string[];
+  user_id?: string;
+  pack_id?: string;
+  pack_name?: string;
+  pack_prebuilt?: boolean;
+  status?: string;
+  queries?: Array<{
+    action_id: string;
+    id: string;
+    query: string;
+    agents: string[];
+    ecs_mapping?: unknown;
+    version?: string;
+    platform?: string;
+    saved_query_id?: string;
+    expiration?: string;
+  }>;
+}
+
+export const useLiveQueryDetails = ({
+  actionId,
+  filterQuery,
+  isLive = false,
+  skip = false,
+}: UseLiveQueryDetails) => {
+  const { http } = useKibana().services;
+  const setErrorToast = useErrorToast();
+
+  return useQuery<{ data: LiveQueryDetailsItem }, Error, LiveQueryDetailsItem>(
+    ['liveQueries', { actionId, filterQuery }],
+    () => http.get(`/api/osquery/live_queries/${actionId}`),
+    {
+      enabled: !skip && !!actionId,
+      refetchInterval: isLive ? 5000 : false,
+      onSuccess: () => setErrorToast(),
+      onError: (error) =>
+        setErrorToast(error, {
+          title: i18n.translate('xpack.osquery.action_details.fetchError', {
+            defaultMessage: 'Error while fetching action details',
+          }),
+        }),
+      select: (response) => response.data,
+      refetchOnWindowFocus: false,
+      retryDelay: 5000,
+    }
+  );
+};
diff --git a/x-pack/plugins/osquery/public/agent_policies/use_agent_policy.ts b/x-pack/plugins/osquery/public/agent_policies/use_agent_policy.ts
index 608357bd72912..f629a138f70f6 100644
--- a/x-pack/plugins/osquery/public/agent_policies/use_agent_policy.ts
+++ b/x-pack/plugins/osquery/public/agent_policies/use_agent_policy.ts
@@ -8,6 +8,7 @@
 import { useQuery } from 'react-query';
 
 import { i18n } from '@kbn/i18n';
+import type { AgentPolicy } from '@kbn/fleet-plugin/common';
 import { useKibana } from '../common/lib/kibana';
 import { useErrorToast } from '../common/hooks/use_error_toast';
 
@@ -21,8 +22,7 @@ export const useAgentPolicy = ({ policyId, skip, silent }: UseAgentPolicy) => {
   const { http } = useKibana().services;
   const setErrorToast = useErrorToast();
 
-  // eslint-disable-next-line @typescript-eslint/no-explicit-any
-  return useQuery<any, Error>(
+  return useQuery<{ item: AgentPolicy }, Error, AgentPolicy>(
     ['agentPolicy', { policyId }],
     () => http.get(`/internal/osquery/fleet_wrapper/agent_policies/${policyId}`),
     {
diff --git a/x-pack/plugins/osquery/public/agents/agents_table.tsx b/x-pack/plugins/osquery/public/agents/agents_table.tsx
index e892a7f7a4840..e11cb9b8277d9 100644
--- a/x-pack/plugins/osquery/public/agents/agents_table.tsx
+++ b/x-pack/plugins/osquery/public/agents/agents_table.tsx
@@ -88,7 +88,7 @@ const AgentsTableComponent: React.FC<AgentsTableProps> = ({ agentSelection, onCh
         selectedGroups: SelectedGroups;
       } = generateAgentSelection(selection);
       if (newAgentSelection.allAgentsSelected) {
-        setNumAgentsSelected(agentGroupsData?.totalCount ?? 0);
+        setNumAgentsSelected(agentGroupsData?.total ?? 0);
       } else {
         const checkAgent = generateAgentCheck(selectedGroups);
         setNumAgentsSelected(
@@ -135,11 +135,11 @@ const AgentsTableComponent: React.FC<AgentsTableProps> = ({ agentSelection, onCh
         }
       }
 
-      if (agentSelection.policiesSelected.length) {
+      if (agentSelection.policiesSelected?.length) {
         handleSelectedOptions(agentSelection.policiesSelected, AGENT_POLICY_LABEL);
       }
 
-      if (agentSelection.agents.length) {
+      if (agentSelection.agents?.length) {
         handleSelectedOptions(agentSelection.agents, AGENT_SELECTION_LABEL);
       }
     }
@@ -149,7 +149,7 @@ const AgentsTableComponent: React.FC<AgentsTableProps> = ({ agentSelection, onCh
     if (agentsFetched && groupsFetched && agentGroupsData) {
       const grouper = new AgentGrouper();
       // update the groups when groups or agents have changed
-      grouper.setTotalAgents(agentGroupsData?.totalCount);
+      grouper.setTotalAgents(agentGroupsData?.total);
       grouper.updateGroup(AGENT_GROUP_KEY.Platform, agentGroupsData?.groups.platforms);
       grouper.updateGroup(AGENT_GROUP_KEY.Policy, agentGroupsData?.groups.policies);
       // @ts-expect-error update types
diff --git a/x-pack/plugins/osquery/public/agents/use_agent_groups.ts b/x-pack/plugins/osquery/public/agents/use_agent_groups.ts
index 5076082563ba3..497819a15031d 100644
--- a/x-pack/plugins/osquery/public/agents/use_agent_groups.ts
+++ b/x-pack/plugins/osquery/public/agents/use_agent_groups.ts
@@ -29,7 +29,7 @@ export const useAgentGroups = () => {
     AgentsStrategyResponse,
     unknown,
     {
-      totalCount: number;
+      total: number;
       groups: ReturnType<typeof processAggregations>;
     }
   >(
@@ -80,7 +80,7 @@ export const useAgentGroups = () => {
         );
 
         return {
-          totalCount: response.totalCount,
+          total: response.total ?? 0,
           groups: {
             platforms,
             overlap,
@@ -96,13 +96,8 @@ export const useAgentGroups = () => {
         };
       },
       placeholderData: {
-        totalCount: 0,
+        total: 0,
         edges: [],
-        pageInfo: {
-          activePage: 1,
-          fakeTotalCount: 100,
-          showMorePagesIndicator: true,
-        },
         rawResponse: {
           took: 0,
           timed_out: false,
diff --git a/x-pack/plugins/osquery/public/agents/use_all_agents.ts b/x-pack/plugins/osquery/public/agents/use_all_agents.ts
index 39a77fa72fa4e..c5e7c2d703bcf 100644
--- a/x-pack/plugins/osquery/public/agents/use_all_agents.ts
+++ b/x-pack/plugins/osquery/public/agents/use_all_agents.ts
@@ -8,7 +8,7 @@
 import { i18n } from '@kbn/i18n';
 import { useQuery } from 'react-query';
 
-import type { GetAgentsResponse } from '@kbn/fleet-plugin/common';
+import type { ListResult, Agent } from '@kbn/fleet-plugin/common';
 import { useErrorToast } from '../common/hooks/use_error_toast';
 import { useKibana } from '../common/lib/kibana';
 import { useOsqueryPolicies } from './use_osquery_policies';
@@ -26,7 +26,7 @@ export const useAllAgents = (searchValue = '', opts: RequestOptions = { perPage:
 
   const { data: osqueryPolicies, isFetched } = useOsqueryPolicies();
 
-  return useQuery<GetAgentsResponse>(
+  return useQuery<Omit<ListResult<{}>, 'items'> & { agents: Agent[] }, unknown, Agent[]>(
     ['agents', osqueryPolicies, searchValue, perPage],
     () => {
       let kuery = '';
@@ -47,7 +47,6 @@ export const useAllAgents = (searchValue = '', opts: RequestOptions = { perPage:
       });
     },
     {
-      // @ts-expect-error update types
       select: (data) => data?.agents || [],
       enabled: isFetched && !!osqueryPolicies?.length,
       onSuccess: () => setErrorToast(),
diff --git a/x-pack/plugins/osquery/public/assets/use_import_assets.ts b/x-pack/plugins/osquery/public/assets/use_import_assets.ts
index f63f3e7096f03..feb2c48041567 100644
--- a/x-pack/plugins/osquery/public/assets/use_import_assets.ts
+++ b/x-pack/plugins/osquery/public/assets/use_import_assets.ts
@@ -23,20 +23,15 @@ export const useImportAssets = ({ successToastText }: UseImportAssetsProps) => {
   } = useKibana().services;
   const setErrorToast = useErrorToast();
 
-  return useMutation(
-    () =>
-      // eslint-disable-next-line @typescript-eslint/no-explicit-any
-      http.post<any>('/internal/osquery/assets/update'),
-    {
-      onSuccess: () => {
-        setErrorToast();
-        queryClient.invalidateQueries(PACKS_ID);
-        queryClient.invalidateQueries(INTEGRATION_ASSETS_STATUS_ID);
-        toasts.addSuccess(successToastText);
-      },
-      onError: (error) => {
-        setErrorToast(error);
-      },
-    }
-  );
+  return useMutation(() => http.post('/internal/osquery/assets/update'), {
+    onSuccess: () => {
+      setErrorToast();
+      queryClient.invalidateQueries(PACKS_ID);
+      queryClient.invalidateQueries(INTEGRATION_ASSETS_STATUS_ID);
+      toasts.addSuccess(successToastText);
+    },
+    onError: (error) => {
+      setErrorToast(error);
+    },
+  });
 };
diff --git a/x-pack/plugins/osquery/public/common/helpers.ts b/x-pack/plugins/osquery/public/common/helpers.ts
index 42860bfb80edc..6b0a5f2a51c39 100644
--- a/x-pack/plugins/osquery/public/common/helpers.ts
+++ b/x-pack/plugins/osquery/public/common/helpers.ts
@@ -31,7 +31,6 @@ export const generateTablePaginationOptions = (
   return {
     activePage,
     cursorStart,
-    fakePossibleCount: 4 <= activePage && activePage > 0 ? limit * (activePage + 2) : limit * 5,
     querySize: limit,
   };
 };
diff --git a/x-pack/plugins/osquery/public/common/hooks/use_logs_data_view.tsx b/x-pack/plugins/osquery/public/common/hooks/use_logs_data_view.tsx
new file mode 100644
index 0000000000000..8da13f72a077d
--- /dev/null
+++ b/x-pack/plugins/osquery/public/common/hooks/use_logs_data_view.tsx
@@ -0,0 +1,31 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { useQuery } from 'react-query';
+import type { DataView } from '@kbn/data-plugin/common';
+
+import { useKibana } from '../lib/kibana';
+
+export interface LogsDataView extends DataView {
+  id: string;
+}
+
+export const useLogsDataView = () => {
+  const dataViews = useKibana().services.data.dataViews;
+
+  return useQuery<LogsDataView>(['logsDataView'], async () => {
+    let dataView = (await dataViews.find('logs-osquery_manager.result*', 1))[0];
+    if (!dataView && dataViews.getCanSaveSync()) {
+      dataView = await dataViews.createAndSave({
+        title: 'logs-osquery_manager.result*',
+        timeFieldName: '@timestamp',
+      });
+    }
+
+    return dataView as LogsDataView;
+  });
+};
diff --git a/x-pack/plugins/osquery/public/common/validations.ts b/x-pack/plugins/osquery/public/common/validations.ts
index 1dc2ddbf139b8..4a29d274fcc0c 100644
--- a/x-pack/plugins/osquery/public/common/validations.ts
+++ b/x-pack/plugins/osquery/public/common/validations.ts
@@ -7,12 +7,12 @@
 
 import { i18n } from '@kbn/i18n';
 
-import type { ValidationFunc } from '../shared_imports';
+import type { FormData, ValidationFunc } from '../shared_imports';
 import { fieldValidators } from '../shared_imports';
 
-// eslint-disable-next-line @typescript-eslint/no-explicit-any
-export const queryFieldValidation: ValidationFunc<any, string, string> = fieldValidators.emptyField(
-  i18n.translate('xpack.osquery.pack.queryFlyoutForm.emptyQueryError', {
-    defaultMessage: 'Query is a required field',
-  })
-);
+export const queryFieldValidation: ValidationFunc<FormData, string, string> =
+  fieldValidators.emptyField(
+    i18n.translate('xpack.osquery.pack.queryFlyoutForm.emptyQueryError', {
+      defaultMessage: 'Query is a required field',
+    })
+  );
diff --git a/x-pack/plugins/osquery/public/components/main_navigation.tsx b/x-pack/plugins/osquery/public/components/main_navigation.tsx
index 8757ee0ea576c..8e0c3d7a8d55c 100644
--- a/x-pack/plugins/osquery/public/components/main_navigation.tsx
+++ b/x-pack/plugins/osquery/public/components/main_navigation.tsx
@@ -27,7 +27,7 @@ export const MainNavigation = () => {
     <Nav>
       <EuiFlexGroup gutterSize="l" alignItems="center">
         <EuiFlexItem>
-          <EuiTabs>
+          <EuiTabs bottomBorder={false}>
             <EuiTab
               isSelected={section === Section.LiveQueries}
               {...useRouterNavigate(Section.LiveQueries)}
diff --git a/x-pack/plugins/osquery/public/fleet_integration/osquery_managed_policy_create_import_extension.tsx b/x-pack/plugins/osquery/public/fleet_integration/osquery_managed_policy_create_import_extension.tsx
index a4dd17a66c48f..cf736d4fe2f57 100644
--- a/x-pack/plugins/osquery/public/fleet_integration/osquery_managed_policy_create_import_extension.tsx
+++ b/x-pack/plugins/osquery/public/fleet_integration/osquery_managed_policy_create_import_extension.tsx
@@ -28,6 +28,7 @@ import type {
   PackagePolicyEditExtensionComponentProps,
 } from '@kbn/fleet-plugin/public';
 import { pagePathGetters } from '@kbn/fleet-plugin/public';
+import { OSQUERY_INTEGRATION_NAME } from '../../common';
 import { useKibana } from '../common/lib/kibana';
 import { NavigationButtons } from './navigation_buttons';
 import { DisabledCallout } from './disabled_callout';
@@ -316,7 +317,7 @@ export const OsqueryManagedPolicyCreateImportExtension = React.memo<
               type: 'osquery',
               enabled: true,
               streams: [],
-              policy_template: 'osquery_manager',
+              policy_template: OSQUERY_INTEGRATION_NAME,
             });
           }
 
diff --git a/x-pack/plugins/osquery/public/live_queries/form/index.tsx b/x-pack/plugins/osquery/public/live_queries/form/index.tsx
index 908cd60f893f1..f7cb1e602dbbb 100644
--- a/x-pack/plugins/osquery/public/live_queries/form/index.tsx
+++ b/x-pack/plugins/osquery/public/live_queries/form/index.tsx
@@ -6,6 +6,7 @@
  */
 
 import type { EuiAccordionProps } from '@elastic/eui';
+import { EuiFormRow } from '@elastic/eui';
 import {
   EuiButton,
   EuiButtonEmpty,
@@ -13,13 +14,14 @@ import {
   EuiFlexGroup,
   EuiFlexItem,
   EuiAccordion,
+  EuiCard,
 } from '@elastic/eui';
 import { FormattedMessage } from '@kbn/i18n-react';
-import React, { useCallback, useEffect, useMemo, useState } from 'react';
-import { useMutation } from 'react-query';
+import React, { useCallback, useEffect, useLayoutEffect, useMemo, useState } from 'react';
 import styled from 'styled-components';
 
-import { pickBy, isEmpty, map } from 'lodash';
+import { pickBy, isEmpty, map, find } from 'lodash';
+import { i18n } from '@kbn/i18n';
 import { convertECSMappingToObject } from '../../../common/schemas/common/utils';
 import type { FormData } from '../../shared_imports';
 import { UseField, Form, useForm, useFormData } from '../../shared_imports';
@@ -28,13 +30,54 @@ import { LiveQueryQueryField } from './live_query_query_field';
 import { useKibana } from '../../common/lib/kibana';
 import { ResultTabs } from '../../routes/saved_queries/edit/tabs';
 import { SavedQueryFlyout } from '../../saved_queries';
-import { useErrorToast } from '../../common/hooks/use_error_toast';
 import { ECSMappingEditorField } from '../../packs/queries/lazy_ecs_mapping_editor_field';
 import { SavedQueriesDropdown } from '../../saved_queries/saved_queries_dropdown';
 import { liveQueryFormSchema } from './schema';
+import { usePacks } from '../../packs/use_packs';
+import { PackQueriesStatusTable } from './pack_queries_status_table';
+import { useCreateLiveQuery } from '../use_create_live_query_action';
+import { useLiveQueryDetails } from '../../actions/use_live_query_details';
+import { PacksComboBoxField } from './packs_combobox_field';
 
 const FORM_ID = 'liveQueryForm';
 
+const StyledEuiCard = styled(EuiCard)`
+  padding: 16px 92px 16px 16px !important;
+
+  .euiTitle {
+    font-size: 1rem;
+  }
+
+  .euiText {
+    margin-top: 0;
+    color: ${(props) => props.theme.eui.euiTextSubduedColor};
+  }
+
+  button[role='switch'] {
+    left: auto;
+    height: 100% !important;
+    width: 80px;
+    right: 0;
+    border-radius: 0 5px 5px 0;
+
+    > span {
+      svg {
+        width: 18px;
+        height: 18px;
+      }
+
+      // hide the label
+      > :not(svg) {
+        display: none;
+      }
+    }
+  }
+
+  button[aria-checked='false'] > span > svg {
+    display: none;
+  }
+`;
+
 const StyledEuiAccordion = styled(EuiAccordion)`
   ${({ isDisabled }: { isDisabled?: boolean }) => isDisabled && 'display: none;'}
   .euiAccordion__button {
@@ -68,33 +111,23 @@ const LiveQueryFormComponent: React.FC<LiveQueryFormProps> = ({
   addToTimeline,
 }) => {
   const permissions = useKibana().services.application.capabilities.osquery;
-  const { http } = useKibana().services;
   const [advancedContentState, setAdvancedContentState] =
     useState<EuiAccordionProps['forceState']>('closed');
   const [showSavedQueryFlyout, setShowSavedQueryFlyout] = useState(false);
-  const setErrorToast = useErrorToast();
-
-  const handleShowSaveQueryFlout = useCallback(() => setShowSavedQueryFlyout(true), []);
-  const handleCloseSaveQueryFlout = useCallback(() => setShowSavedQueryFlyout(false), []);
-
-  const { data, isLoading, mutateAsync, isError, isSuccess } = useMutation(
-    (payload: Record<string, unknown>) =>
-      // eslint-disable-next-line @typescript-eslint/no-explicit-any
-      http.post<any>('/internal/osquery/action', {
-        body: JSON.stringify(payload),
-      }),
-    {
-      onSuccess: () => {
-        setErrorToast();
-        if (onSuccess) {
-          onSuccess();
-        }
-      },
-      onError: (error) => {
-        setErrorToast(error);
-      },
-    }
+  const [queryType, setQueryType] = useState<string>(() =>
+    defaultValue?.packId ? 'pack' : 'query'
   );
+  const [isLive, setIsLive] = useState(false);
+
+  const handleShowSaveQueryFlyout = useCallback(() => setShowSavedQueryFlyout(true), []);
+  const handleCloseSaveQueryFlyout = useCallback(() => setShowSavedQueryFlyout(false), []);
+
+  const { data, isLoading, mutateAsync, isError, isSuccess } = useCreateLiveQuery({ onSuccess });
+
+  const { data: liveQueryDetails } = useLiveQueryDetails({
+    actionId: data?.action_id,
+    isLive,
+  });
 
   const { form } = useForm({
     id: FORM_ID,
@@ -102,7 +135,8 @@ const LiveQueryFormComponent: React.FC<LiveQueryFormProps> = ({
     onSubmit: async (formData, isValid) => {
       if (isValid) {
         try {
-          await mutateAsync(pickBy(formData, (value) => !isEmpty(value)));
+          // @ts-expect-error update types
+          await mutateAsync(formData);
           // eslint-disable-next-line no-empty
         } catch (e) {}
       }
@@ -114,11 +148,13 @@ const LiveQueryFormComponent: React.FC<LiveQueryFormProps> = ({
       savedQueryId,
       // eslint-disable-next-line @typescript-eslint/naming-convention
       ecs_mapping,
+      packId,
       ...formData
     }) =>
       pickBy(
         {
           ...formData,
+          pack_id: packId?.length ? packId[0] : undefined,
           saved_query_id: savedQueryId,
           ecs_mapping: convertECSMappingToObject(ecs_mapping),
         },
@@ -128,12 +164,14 @@ const LiveQueryFormComponent: React.FC<LiveQueryFormProps> = ({
 
   const { updateFieldValues, setFieldValue, submit, isSubmitting } = form;
 
-  const actionId = useMemo(() => data?.actions[0].action_id, [data?.actions]);
-  const agentIds = useMemo(() => data?.actions[0].agents, [data?.actions]);
-  const [{ agentSelection, ecs_mapping: ecsMapping, query, savedQueryId }, formDataSerializer] =
-    useFormData({
-      form,
-    });
+  const actionId = useMemo(() => liveQueryDetails?.action_id, [liveQueryDetails?.action_id]);
+  const agentIds = useMemo(() => liveQueryDetails?.agents, [liveQueryDetails?.agents]);
+  const [
+    { agentSelection, ecs_mapping: ecsMapping, query, savedQueryId, packId },
+    formDataSerializer,
+  ] = useFormData({
+    form,
+  });
 
   /* recalculate the form data when ecs_mapping changes */
   // eslint-disable-next-line react-hooks/exhaustive-deps
@@ -233,6 +271,64 @@ const LiveQueryFormComponent: React.FC<LiveQueryFormProps> = ({
     [permissions.readSavedQueries, permissions.runSavedQueries]
   );
 
+  const submitButtonContent = useMemo(
+    () => (
+      <EuiFlexItem>
+        <EuiFlexGroup justifyContent="flexEnd">
+          {formType === 'steps' && queryType !== 'pack' && (
+            <EuiFlexItem grow={false}>
+              <EuiButtonEmpty
+                disabled={
+                  !permissions.writeSavedQueries ||
+                  !agentSelected ||
+                  !queryValueProvided ||
+                  resultsStatus === 'disabled'
+                }
+                onClick={handleShowSaveQueryFlyout}
+              >
+                <FormattedMessage
+                  id="xpack.osquery.liveQueryForm.form.saveForLaterButtonLabel"
+                  defaultMessage="Save for later"
+                />
+              </EuiButtonEmpty>
+            </EuiFlexItem>
+          )}
+          <EuiFlexItem grow={false}>
+            <EuiButton
+              id="submit-button"
+              disabled={
+                !enabled ||
+                !agentSelected ||
+                (queryType === 'query' && !queryValueProvided) ||
+                (queryType === 'pack' && !packId) ||
+                isSubmitting
+              }
+              onClick={submit}
+            >
+              <FormattedMessage
+                id="xpack.osquery.liveQueryForm.form.submitButtonLabel"
+                defaultMessage="Submit"
+              />
+            </EuiButton>
+          </EuiFlexItem>
+        </EuiFlexGroup>
+      </EuiFlexItem>
+    ),
+    [
+      agentSelected,
+      enabled,
+      formType,
+      handleShowSaveQueryFlyout,
+      isSubmitting,
+      packId,
+      permissions.writeSavedQueries,
+      queryType,
+      queryValueProvided,
+      resultsStatus,
+      submit,
+    ]
+  );
+
   const queryFieldStepContent = useMemo(
     () => (
       <>
@@ -275,73 +371,40 @@ const LiveQueryFormComponent: React.FC<LiveQueryFormProps> = ({
         ) : (
           <UseField path="ecs_mapping" component={GhostFormField} />
         )}
-        <EuiSpacer />
-        <EuiFlexGroup justifyContent="flexEnd">
-          {formType === 'steps' && (
-            <EuiFlexItem grow={false}>
-              <EuiButtonEmpty
-                disabled={
-                  !permissions.writeSavedQueries ||
-                  !agentSelected ||
-                  !queryValueProvided ||
-                  resultsStatus === 'disabled'
-                }
-                onClick={handleShowSaveQueryFlout}
-              >
-                <FormattedMessage
-                  id="xpack.osquery.liveQueryForm.form.saveForLaterButtonLabel"
-                  defaultMessage="Save for later"
-                />
-              </EuiButtonEmpty>
-            </EuiFlexItem>
-          )}
-          <EuiFlexItem grow={false}>
-            <EuiButton
-              id="submit-button"
-              disabled={!enabled || !agentSelected || !queryValueProvided || isSubmitting}
-              onClick={submit}
-            >
-              <FormattedMessage
-                id="xpack.osquery.liveQueryForm.form.submitButtonLabel"
-                defaultMessage="Submit"
-              />
-            </EuiButton>
-          </EuiFlexItem>
-        </EuiFlexGroup>
       </>
     ),
     [
       queryField,
       queryComponentProps,
-      permissions.writeSavedQueries,
       handleSavedQueryChange,
       ecsMappingField,
       advancedContentState,
       handleToggle,
       ecsFieldProps,
-      formType,
-      agentSelected,
-      queryValueProvided,
-      resultsStatus,
-      handleShowSaveQueryFlout,
-      enabled,
-      isSubmitting,
-      submit,
       isSavedQueryDisabled,
     ]
   );
 
+  const singleQueryDetails = useMemo(() => liveQueryDetails?.queries?.[0], [liveQueryDetails]);
+
   const resultsStepContent = useMemo(
     () =>
-      actionId ? (
+      singleQueryDetails?.action_id ? (
         <ResultTabs
-          actionId={actionId}
-          endDate={data?.actions[0].expiration}
-          agentIds={agentIds}
+          actionId={singleQueryDetails?.action_id}
+          ecsMapping={serializedFormData.ecs_mapping}
+          endDate={singleQueryDetails?.expiration}
+          agentIds={singleQueryDetails?.agents}
           addToTimeline={addToTimeline}
         />
       ) : null,
-    [actionId, agentIds, data?.actions, addToTimeline]
+    [
+      singleQueryDetails?.action_id,
+      singleQueryDetails?.expiration,
+      singleQueryDetails?.agents,
+      serializedFormData.ecs_mapping,
+      addToTimeline,
+    ]
   );
 
   useEffect(() => {
@@ -363,24 +426,150 @@ const LiveQueryFormComponent: React.FC<LiveQueryFormProps> = ({
     }
   }, [defaultValue, updateFieldValues]);
 
+  const { data: packsData } = usePacks({});
+
+  const selectedPackData = useMemo(
+    () => (packId?.length ? find(packsData?.data, { id: packId[0] }) : null),
+    [packId, packsData]
+  );
+
+  const queryCardSelectable = useMemo(
+    () => ({
+      onClick: () => setQueryType('query'),
+      isSelected: queryType === 'query',
+      iconType: 'check',
+    }),
+    [queryType]
+  );
+
+  const packCardSelectable = useMemo(
+    () => ({
+      onClick: () => setQueryType('pack'),
+      isSelected: queryType === 'pack',
+      iconType: 'check',
+    }),
+    [queryType]
+  );
+
+  const canRunPacks = useMemo(
+    () => !!(permissions.runSavedQueries && permissions.readPacks),
+    [permissions]
+  );
+
+  useLayoutEffect(() => {
+    if (defaultValue?.packId) {
+      setQueryType('pack');
+      const selectedPackOption = find(packsData?.data, ['id', defaultValue.packId]);
+      if (selectedPackOption) {
+        updateFieldValues({
+          packId: [defaultValue.packId],
+        });
+      }
+    }
+  }, [defaultValue, packsData, updateFieldValues]);
+
+  useLayoutEffect(() => {
+    setIsLive(() => !(liveQueryDetails?.status === 'completed'));
+  }, [liveQueryDetails?.status]);
+
   return (
     <>
       <Form form={form}>
         <EuiFlexGroup direction="column">
-          <EuiFlexItem>
-            <UseField
-              path="agentSelection"
-              component={!hideAgentsField ? AgentsTableField : GhostFormField}
-            />
-          </EuiFlexItem>
-          <EuiFlexItem>{queryFieldStepContent}</EuiFlexItem>
-          <EuiFlexItem>{resultsStepContent}</EuiFlexItem>
+          {queryField && (
+            <EuiFlexItem>
+              <EuiFormRow label="Query type" fullWidth>
+                <EuiFlexGroup gutterSize="m">
+                  <EuiFlexItem>
+                    <StyledEuiCard
+                      layout="horizontal"
+                      title={i18n.translate(
+                        'xpack.osquery.liveQuery.queryForm.singleQueryTypeLabel',
+                        {
+                          defaultMessage: 'Single query',
+                        }
+                      )}
+                      titleSize="xs"
+                      hasBorder
+                      description={i18n.translate(
+                        'xpack.osquery.liveQuery.queryForm.singleQueryTypeDescription',
+                        {
+                          defaultMessage: 'Run a saved query or new one.',
+                        }
+                      )}
+                      selectable={queryCardSelectable}
+                    />
+                  </EuiFlexItem>
+                  <EuiFlexItem>
+                    <StyledEuiCard
+                      layout="horizontal"
+                      title={i18n.translate(
+                        'xpack.osquery.liveQuery.queryForm.packQueryTypeLabel',
+                        {
+                          defaultMessage: 'Pack',
+                        }
+                      )}
+                      titleSize="xs"
+                      hasBorder
+                      description={i18n.translate(
+                        'xpack.osquery.liveQuery.queryForm.packQueryTypeDescription',
+                        {
+                          defaultMessage: 'Run a set of queries in a pack.',
+                        }
+                      )}
+                      selectable={packCardSelectable}
+                      isDisabled={!canRunPacks}
+                    />
+                  </EuiFlexItem>
+                </EuiFlexGroup>
+              </EuiFormRow>
+            </EuiFlexItem>
+          )}
+          {!hideAgentsField ? (
+            <EuiFlexItem>
+              <UseField path="agentSelection" component={AgentsTableField} />
+            </EuiFlexItem>
+          ) : (
+            <UseField path="agentSelection" component={GhostFormField} />
+          )}
+          {queryType === 'pack' ? (
+            <>
+              <EuiFlexItem>
+                <UseField
+                  path="packId"
+                  component={PacksComboBoxField}
+                  // eslint-disable-next-line react-perf/jsx-no-new-object-as-prop
+                  euiFieldProps={{ packsData: packsData?.data }}
+                />
+              </EuiFlexItem>
+              {submitButtonContent}
+              <EuiSpacer />
+              {(liveQueryDetails?.queries?.length ||
+                selectedPackData?.attributes?.queries?.length) && (
+                <>
+                  <EuiFlexItem>
+                    <PackQueriesStatusTable
+                      actionId={actionId}
+                      agentIds={agentIds}
+                      data={liveQueryDetails?.queries ?? selectedPackData?.attributes?.queries}
+                    />
+                  </EuiFlexItem>
+                </>
+              )}
+            </>
+          ) : (
+            <>
+              <EuiFlexItem>{queryFieldStepContent}</EuiFlexItem>
+              {submitButtonContent}
+              <EuiFlexItem>{resultsStepContent}</EuiFlexItem>
+            </>
+          )}
         </EuiFlexGroup>
       </Form>
       {showSavedQueryFlyout ? (
         <SavedQueryFlyout
           isExternal={!!addToTimeline}
-          onClose={handleCloseSaveQueryFlout}
+          onClose={handleCloseSaveQueryFlyout}
           defaultValue={flyoutFormDefaultValue}
         />
       ) : null}
diff --git a/x-pack/plugins/osquery/public/live_queries/form/pack_queries_status_table.tsx b/x-pack/plugins/osquery/public/live_queries/form/pack_queries_status_table.tsx
new file mode 100644
index 0000000000000..eb687303588eb
--- /dev/null
+++ b/x-pack/plugins/osquery/public/live_queries/form/pack_queries_status_table.tsx
@@ -0,0 +1,718 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { get } from 'lodash';
+import React, { useCallback, useEffect, useLayoutEffect, useState, useMemo } from 'react';
+import {
+  EuiBasicTable,
+  EuiButtonEmpty,
+  EuiCodeBlock,
+  EuiButtonIcon,
+  EuiToolTip,
+  EuiLoadingSpinner,
+  EuiFlexGroup,
+  EuiFlexItem,
+  EuiNotificationBadge,
+  RIGHT_ALIGNMENT,
+  EuiBadge,
+  EuiText,
+} from '@elastic/eui';
+import { i18n } from '@kbn/i18n';
+import moment from 'moment-timezone';
+
+import type {
+  TypedLensByValueInput,
+  PersistedIndexPatternLayer,
+  PieVisualizationState,
+  TermsIndexPatternColumn,
+} from '@kbn/lens-plugin/public';
+import { DOCUMENT_FIELD_NAME as RECORDS_FIELD } from '@kbn/lens-plugin/common/constants';
+import { FilterStateStore } from '@kbn/es-query';
+import styled from 'styled-components';
+import { Direction } from '../../../common/search_strategy';
+import { removeMultilines } from '../../../common/utils/build_query/remove_multilines';
+import { useKibana } from '../../common/lib/kibana';
+import { usePackQueryLastResults } from '../../packs/use_pack_query_last_results';
+import { ResultTabs } from '../../routes/saved_queries/edit/tabs';
+import type { PackItem } from '../../packs/types';
+import type { LogsDataView } from '../../common/hooks/use_logs_data_view';
+import { useLogsDataView } from '../../common/hooks/use_logs_data_view';
+
+const EMPTY_ARRAY: PackQueryStatusItem[] = [];
+
+// @ts-expect-error TS2769
+const StyledEuiBasicTable = styled(EuiBasicTable)`
+  .euiTableRow.euiTableRow-isExpandedRow > td > div {
+    padding: 0;
+  }
+`;
+
+const VIEW_IN_DISCOVER = i18n.translate(
+  'xpack.osquery.pack.queriesTable.viewDiscoverResultsActionAriaLabel',
+  {
+    defaultMessage: 'View in Discover',
+  }
+);
+
+const VIEW_IN_LENS = i18n.translate(
+  'xpack.osquery.pack.queriesTable.viewLensResultsActionAriaLabel',
+  {
+    defaultMessage: 'View in Lens',
+  }
+);
+
+export enum ViewResultsActionButtonType {
+  icon = 'icon',
+  button = 'button',
+}
+
+interface ViewResultsInDiscoverActionProps {
+  actionId?: string;
+  agentIds?: string[];
+  buttonType: ViewResultsActionButtonType;
+  endDate?: string;
+  startDate?: string;
+  mode?: string;
+}
+
+function getLensAttributes(
+  logsDataView: LogsDataView,
+  actionId?: string,
+  agentIds?: string[]
+): TypedLensByValueInput['attributes'] {
+  const dataLayer: PersistedIndexPatternLayer = {
+    columnOrder: ['8690befd-fd69-4246-af4a-dd485d2a3b38', 'ed999e9d-204c-465b-897f-fe1a125b39ed'],
+    columns: {
+      '8690befd-fd69-4246-af4a-dd485d2a3b38': {
+        sourceField: 'type',
+        isBucketed: true,
+        dataType: 'string',
+        scale: 'ordinal',
+        operationType: 'terms',
+        label: 'Top values of type',
+        params: {
+          otherBucket: true,
+          size: 5,
+          missingBucket: false,
+          orderBy: {
+            columnId: 'ed999e9d-204c-465b-897f-fe1a125b39ed',
+            type: 'column',
+          },
+          orderDirection: 'desc',
+        },
+      } as TermsIndexPatternColumn,
+      'ed999e9d-204c-465b-897f-fe1a125b39ed': {
+        sourceField: RECORDS_FIELD,
+        isBucketed: false,
+        dataType: 'number',
+        scale: 'ratio',
+        operationType: 'count',
+        label: 'Count of records',
+      },
+    },
+    incompleteColumns: {},
+  };
+
+  const xyConfig: PieVisualizationState = {
+    shape: 'pie',
+    layers: [
+      {
+        layerType: 'data',
+        legendDisplay: 'default',
+        nestedLegend: false,
+        layerId: 'layer1',
+        metric: 'ed999e9d-204c-465b-897f-fe1a125b39ed',
+        numberDisplay: 'percent',
+        groups: ['8690befd-fd69-4246-af4a-dd485d2a3b38'],
+        categoryDisplay: 'default',
+      },
+    ],
+  };
+
+  const agentIdsQuery = agentIds?.length
+    ? {
+        bool: {
+          minimum_should_match: 1,
+          should: agentIds?.map((agentId) => ({ match_phrase: { 'agent.id': agentId } })),
+        },
+      }
+    : undefined;
+
+  return {
+    visualizationType: 'lnsPie',
+    title: `Action ${actionId} results`,
+    references: [
+      {
+        id: logsDataView.id,
+        name: 'indexpattern-datasource-current-indexpattern',
+        type: 'index-pattern',
+      },
+      {
+        id: logsDataView.id,
+        name: 'indexpattern-datasource-layer-layer1',
+        type: 'index-pattern',
+      },
+      {
+        name: 'filter-index-pattern-0',
+        id: logsDataView.id,
+        type: 'index-pattern',
+      },
+    ],
+    state: {
+      datasourceStates: {
+        indexpattern: {
+          layers: {
+            layer1: dataLayer,
+          },
+        },
+      },
+      filters: [
+        {
+          $state: { store: FilterStateStore.APP_STATE },
+          meta: {
+            index: 'filter-index-pattern-0',
+            negate: false,
+            alias: null,
+            disabled: false,
+            params: {
+              query: actionId,
+            },
+            type: 'phrase',
+            key: 'action_id',
+          },
+          query: {
+            match_phrase: {
+              action_id: actionId,
+            },
+          },
+        },
+        ...(agentIdsQuery
+          ? [
+              {
+                $state: { store: FilterStateStore.APP_STATE },
+                meta: {
+                  alias: 'agent IDs',
+                  disabled: false,
+                  index: 'filter-index-pattern-0',
+                  key: 'query',
+                  negate: false,
+                  type: 'custom',
+                  value: JSON.stringify(agentIdsQuery),
+                },
+                query: agentIdsQuery,
+              },
+            ]
+          : []),
+      ],
+      query: { language: 'kuery', query: '' },
+      visualization: xyConfig,
+    },
+  };
+}
+
+const ViewResultsInLensActionComponent: React.FC<ViewResultsInDiscoverActionProps> = ({
+  actionId,
+  agentIds,
+  buttonType,
+  endDate,
+  startDate,
+  mode,
+}) => {
+  const lensService = useKibana().services.lens;
+  const isLensAvailable = lensService?.canUseEditor();
+  const { data: logsDataView } = useLogsDataView();
+
+  const handleClick = useCallback(
+    (event) => {
+      event.preventDefault();
+
+      if (logsDataView) {
+        lensService?.navigateToPrefilledEditor(
+          {
+            id: '',
+            timeRange: {
+              from: startDate ?? 'now-1d',
+              to: endDate ?? 'now',
+              mode: mode ?? (startDate || endDate) ? 'absolute' : 'relative',
+            },
+            attributes: getLensAttributes(logsDataView, actionId, agentIds),
+          },
+          {
+            openInNewTab: true,
+            skipAppLeave: true,
+          }
+        );
+      }
+    },
+    [actionId, agentIds, endDate, lensService, logsDataView, mode, startDate]
+  );
+
+  const isDisabled = useMemo(() => !actionId || !logsDataView, [actionId, logsDataView]);
+
+  if (!isLensAvailable) {
+    return null;
+  }
+
+  if (buttonType === ViewResultsActionButtonType.button) {
+    return (
+      <EuiButtonEmpty size="xs" iconType="lensApp" onClick={handleClick} isDisabled={isDisabled}>
+        {VIEW_IN_LENS}
+      </EuiButtonEmpty>
+    );
+  }
+
+  return (
+    <EuiToolTip content={VIEW_IN_LENS}>
+      <EuiButtonIcon
+        iconType="lensApp"
+        disabled={false}
+        onClick={handleClick}
+        aria-label={VIEW_IN_LENS}
+        isDisabled={isDisabled}
+      />
+    </EuiToolTip>
+  );
+};
+
+export const ViewResultsInLensAction = React.memo(ViewResultsInLensActionComponent);
+
+const ViewResultsInDiscoverActionComponent: React.FC<ViewResultsInDiscoverActionProps> = ({
+  actionId,
+  agentIds,
+  buttonType,
+  endDate,
+  startDate,
+}) => {
+  const { discover, application } = useKibana().services;
+  const locator = discover?.locator;
+  const discoverPermissions = application.capabilities.discover;
+  const { data: logsDataView } = useLogsDataView();
+
+  const [discoverUrl, setDiscoverUrl] = useState<string>('');
+
+  useEffect(() => {
+    const getDiscoverUrl = async () => {
+      if (!locator || !logsDataView) return;
+
+      const agentIdsQuery = agentIds?.length
+        ? {
+            bool: {
+              minimum_should_match: 1,
+              should: agentIds.map((agentId) => ({ match_phrase: { 'agent.id': agentId } })),
+            },
+          }
+        : null;
+
+      const newUrl = await locator.getUrl({
+        indexPatternId: logsDataView.id,
+        filters: [
+          {
+            meta: {
+              index: logsDataView.id,
+              alias: null,
+              negate: false,
+              disabled: false,
+              type: 'phrase',
+              key: 'action_id',
+              params: { query: actionId },
+            },
+            query: { match_phrase: { action_id: actionId } },
+            $state: { store: FilterStateStore.APP_STATE },
+          },
+          ...(agentIdsQuery
+            ? [
+                {
+                  $state: { store: FilterStateStore.APP_STATE },
+                  meta: {
+                    alias: 'agent IDs',
+                    disabled: false,
+                    index: logsDataView.id,
+                    key: 'query',
+                    negate: false,
+                    type: 'custom',
+                    value: JSON.stringify(agentIdsQuery),
+                  },
+                  query: agentIdsQuery,
+                },
+              ]
+            : []),
+        ],
+        refreshInterval: {
+          pause: true,
+          value: 0,
+        },
+        timeRange:
+          startDate && endDate
+            ? {
+                to: endDate,
+                from: startDate,
+                mode: 'absolute',
+              }
+            : {
+                to: 'now',
+                from: 'now-1d',
+                mode: 'relative',
+              },
+      });
+      setDiscoverUrl(newUrl);
+    };
+
+    getDiscoverUrl();
+  }, [actionId, agentIds, endDate, startDate, locator, logsDataView]);
+
+  if (!discoverPermissions.show) {
+    return null;
+  }
+
+  if (buttonType === ViewResultsActionButtonType.button) {
+    return (
+      <EuiButtonEmpty size="xs" iconType="discoverApp" href={discoverUrl} target="_blank">
+        {VIEW_IN_DISCOVER}
+      </EuiButtonEmpty>
+    );
+  }
+
+  return (
+    <EuiToolTip content={VIEW_IN_DISCOVER}>
+      <EuiButtonIcon
+        iconType="discoverApp"
+        aria-label={VIEW_IN_DISCOVER}
+        href={discoverUrl}
+        target="_blank"
+        isDisabled={!actionId}
+      />
+    </EuiToolTip>
+  );
+};
+
+export const ViewResultsInDiscoverAction = React.memo(ViewResultsInDiscoverActionComponent);
+
+interface DocsColumnResultsProps {
+  count?: number;
+  isLive?: boolean;
+}
+
+const DocsColumnResults: React.FC<DocsColumnResultsProps> = ({ count, isLive }) => (
+  <EuiFlexGroup gutterSize="s" alignItems="center">
+    <EuiFlexItem grow={false}>
+      {count ? <EuiNotificationBadge color="subdued">{count}</EuiNotificationBadge> : '-'}
+    </EuiFlexItem>
+    {isLive ? (
+      <EuiFlexItem grow={false} data-test-subj={'live-query-loading'}>
+        <EuiLoadingSpinner />
+      </EuiFlexItem>
+    ) : null}
+  </EuiFlexGroup>
+);
+
+interface AgentsColumnResultsProps {
+  successful?: number;
+  pending?: number;
+  failed?: number;
+}
+
+const AgentsColumnResults: React.FC<AgentsColumnResultsProps> = ({
+  successful,
+  pending,
+  failed,
+}) => (
+  <EuiFlexGroup gutterSize="s" alignItems="center">
+    <EuiFlexItem grow={false}>
+      <EuiText color="subdued">
+        <EuiBadge color="success">{successful}</EuiBadge>
+        {' / '}
+        <EuiBadge color="default">{pending}</EuiBadge>
+        {' / '}
+        <EuiBadge color={failed ? 'danger' : 'default'}>{failed}</EuiBadge>
+      </EuiText>
+    </EuiFlexItem>
+  </EuiFlexGroup>
+);
+
+interface PackViewInActionProps {
+  item: {
+    id: string;
+    interval: number;
+    action_id?: string;
+    agents: string[];
+  };
+  actionId?: string;
+}
+
+const PackViewInDiscoverActionComponent: React.FC<PackViewInActionProps> = ({ item }) => {
+  const { action_id: actionId, agents: agentIds, interval } = item;
+  const { data: lastResultsData } = usePackQueryLastResults({
+    actionId,
+    interval,
+  });
+
+  const startDate = lastResultsData?.['@timestamp']
+    ? moment(lastResultsData?.['@timestamp'][0]).subtract(interval, 'seconds').toISOString()
+    : `now-${interval}s`;
+  const endDate = lastResultsData?.['@timestamp']
+    ? moment(lastResultsData?.['@timestamp'][0]).toISOString()
+    : 'now';
+
+  return (
+    <ViewResultsInDiscoverAction
+      actionId={actionId}
+      agentIds={agentIds}
+      buttonType={ViewResultsActionButtonType.icon}
+      startDate={startDate}
+      endDate={endDate}
+      mode={lastResultsData?.['@timestamp'][0] ? 'absolute' : 'relative'}
+    />
+  );
+};
+
+const PackViewInDiscoverAction = React.memo(PackViewInDiscoverActionComponent);
+
+const PackViewInLensActionComponent: React.FC<PackViewInActionProps> = ({ item }) => {
+  const { action_id: actionId, agents: agentIds, interval } = item;
+  const { data: lastResultsData } = usePackQueryLastResults({
+    actionId,
+    interval,
+  });
+
+  const startDate = lastResultsData?.['@timestamp']
+    ? moment(lastResultsData?.['@timestamp'][0]).subtract(interval, 'seconds').toISOString()
+    : `now-${interval}s`;
+  const endDate = lastResultsData?.['@timestamp']
+    ? moment(lastResultsData?.['@timestamp'][0]).toISOString()
+    : 'now';
+
+  return (
+    <ViewResultsInLensAction
+      actionId={actionId}
+      agentIds={agentIds}
+      buttonType={ViewResultsActionButtonType.icon}
+      startDate={startDate}
+      endDate={endDate}
+      mode={lastResultsData?.['@timestamp'][0] ? 'absolute' : 'relative'}
+    />
+  );
+};
+
+const PackViewInLensAction = React.memo(PackViewInLensActionComponent);
+
+type PackQueryStatusItem = Partial<{
+  action_id: string;
+  id: string;
+  query: string;
+  agents: string[];
+  ecs_mapping?: unknown;
+  version?: string;
+  platform?: string;
+  saved_query_id?: string;
+  status?: string;
+  pending?: number;
+  docs?: number;
+}>;
+
+interface PackQueriesStatusTableProps {
+  agentIds?: string[];
+  actionId?: string;
+  data?: PackQueryStatusItem[];
+  startDate?: string;
+  expirationDate?: string;
+}
+
+const PackQueriesStatusTableComponent: React.FC<PackQueriesStatusTableProps> = ({
+  agentIds,
+  data,
+  startDate,
+  expirationDate,
+}) => {
+  const [itemIdToExpandedRowMap, setItemIdToExpandedRowMap] = useState<Record<string, unknown>>({});
+
+  const renderQueryColumn = useCallback((query: string, item) => {
+    const singleLine = removeMultilines(query);
+    const content = singleLine.length > 55 ? `${singleLine.substring(0, 55)}...` : singleLine;
+
+    return (
+      <EuiToolTip title={item.id} content={<EuiFlexItem>{query}</EuiFlexItem>}>
+        <EuiCodeBlock language="sql" fontSize="s" paddingSize="none" transparentBackground>
+          {content}
+        </EuiCodeBlock>
+      </EuiToolTip>
+    );
+  }, []);
+
+  const renderDocsColumn = useCallback(
+    (item: PackQueryStatusItem) => (
+      <DocsColumnResults
+        count={item?.docs ?? 0}
+        isLive={item?.status === 'running' && item?.pending !== 0}
+      />
+    ),
+    []
+  );
+
+  const renderAgentsColumn = useCallback((item) => {
+    if (!item.action_id) return;
+
+    return (
+      <AgentsColumnResults
+        successful={item?.successful ?? 0}
+        pending={item?.pending ?? 0}
+        failed={item?.failed ?? 0}
+      />
+    );
+  }, []);
+
+  const renderDiscoverResultsAction = useCallback(
+    (item) => <PackViewInDiscoverAction item={item} />,
+    []
+  );
+
+  const renderLensResultsAction = useCallback((item) => <PackViewInLensAction item={item} />, []);
+
+  const getHandleErrorsToggle = useCallback(
+    (item) => () => {
+      setItemIdToExpandedRowMap((prevValue) => {
+        const itemIdToExpandedRowMapValues = { ...prevValue };
+        if (itemIdToExpandedRowMapValues[item.id]) {
+          delete itemIdToExpandedRowMapValues[item.id];
+        } else {
+          itemIdToExpandedRowMapValues[item.id] = (
+            <EuiFlexGroup gutterSize="xl">
+              <EuiFlexItem>
+                <ResultTabs
+                  actionId={item.action_id}
+                  startDate={startDate}
+                  ecsMapping={item.ecs_mapping}
+                  endDate={expirationDate}
+                  agentIds={agentIds}
+                  failedAgentsCount={item?.failed ?? 0}
+                />
+              </EuiFlexItem>
+            </EuiFlexGroup>
+          );
+        }
+
+        return itemIdToExpandedRowMapValues;
+      });
+    },
+    [agentIds, expirationDate, startDate]
+  );
+
+  const renderToggleResultsAction = useCallback(
+    (item) =>
+      item?.action_id ? (
+        <EuiButtonIcon
+          data-test-subj={`toggleIcon-${item.id}`}
+          onClick={getHandleErrorsToggle(item)}
+          iconType={itemIdToExpandedRowMap[item.id] ? 'arrowUp' : 'arrowDown'}
+        />
+      ) : (
+        <></>
+      ),
+    [getHandleErrorsToggle, itemIdToExpandedRowMap]
+  );
+
+  const getItemId = useCallback((item: PackItem) => get(item, 'id'), []);
+
+  const columns = useMemo(
+    () => [
+      {
+        field: 'id',
+        name: i18n.translate('xpack.osquery.pack.queriesTable.idColumnTitle', {
+          defaultMessage: 'ID',
+        }),
+        width: '15%',
+        truncateText: true,
+      },
+      {
+        field: 'query',
+        name: i18n.translate('xpack.osquery.pack.queriesTable.queryColumnTitle', {
+          defaultMessage: 'Query',
+        }),
+        render: renderQueryColumn,
+        width: '40%',
+      },
+      {
+        name: i18n.translate('xpack.osquery.pack.queriesTable.docsResultsColumnTitle', {
+          defaultMessage: 'Docs',
+        }),
+        render: renderDocsColumn,
+      },
+      {
+        name: i18n.translate('xpack.osquery.pack.queriesTable.agentsResultsColumnTitle', {
+          defaultMessage: 'Agents',
+        }),
+        render: renderAgentsColumn,
+      },
+      {
+        name: i18n.translate('xpack.osquery.pack.queriesTable.viewResultsColumnTitle', {
+          defaultMessage: 'View results',
+        }),
+        width: '90px',
+        actions: [
+          {
+            render: renderDiscoverResultsAction,
+          },
+          {
+            render: renderLensResultsAction,
+          },
+        ],
+      },
+      {
+        id: 'actions',
+        width: '45px',
+        isVisuallyHiddenLabel: true,
+        alignment: RIGHT_ALIGNMENT,
+        actions: [
+          {
+            render: renderToggleResultsAction,
+          },
+        ],
+      },
+    ],
+    [
+      renderQueryColumn,
+      renderDocsColumn,
+      renderAgentsColumn,
+      renderDiscoverResultsAction,
+      renderLensResultsAction,
+      renderToggleResultsAction,
+    ]
+  );
+
+  const sorting = useMemo(
+    () => ({
+      sort: {
+        field: 'id' as keyof PackItem,
+        direction: Direction.asc,
+      },
+    }),
+    []
+  );
+
+  useLayoutEffect(() => {
+    if (
+      data?.length === 1 &&
+      agentIds?.length &&
+      data?.[0].id &&
+      !itemIdToExpandedRowMap[data?.[0].id]
+    ) {
+      getHandleErrorsToggle(data?.[0])();
+    }
+  }, [agentIds?.length, data, getHandleErrorsToggle, itemIdToExpandedRowMap]);
+
+  return (
+    <StyledEuiBasicTable
+      items={data ?? EMPTY_ARRAY}
+      itemId={getItemId}
+      columns={columns}
+      sorting={sorting}
+      itemIdToExpandedRowMap={itemIdToExpandedRowMap}
+      isExpandable
+    />
+  );
+};
+
+export const PackQueriesStatusTable = React.memo(PackQueriesStatusTableComponent);
diff --git a/x-pack/plugins/osquery/public/live_queries/form/packs_combobox_field.tsx b/x-pack/plugins/osquery/public/live_queries/form/packs_combobox_field.tsx
new file mode 100644
index 0000000000000..41b0bdc919993
--- /dev/null
+++ b/x-pack/plugins/osquery/public/live_queries/form/packs_combobox_field.tsx
@@ -0,0 +1,160 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { find } from 'lodash';
+import React, { useCallback, useEffect, useMemo, useState } from 'react';
+import { i18n } from '@kbn/i18n';
+import type { EuiComboBoxOptionOption } from '@elastic/eui';
+import { EuiFormRow, EuiComboBox, EuiTextColor, EuiFlexGroup, EuiFlexItem } from '@elastic/eui';
+import styled from 'styled-components';
+
+import type { FieldHook } from '../../shared_imports';
+import { VALIDATION_TYPES } from '../../shared_imports';
+import type { PackSavedObject } from '../../packs/types';
+
+const TextTruncate = styled.div`
+  overflow: hidden;
+  text-overflow: ellipsis;
+`;
+
+interface Props {
+  field: FieldHook<string[]>;
+  euiFieldProps?: {
+    packsData?: PackSavedObject[];
+  };
+  idAria?: string;
+  [key: string]: unknown;
+}
+
+interface PackOption {
+  id: string;
+  name: string;
+  description?: string;
+}
+
+export const PacksComboBoxField = ({ field, euiFieldProps = {}, idAria, ...rest }: Props) => {
+  const [selectedOptions, setSelectedOptions] = useState<
+    Array<EuiComboBoxOptionOption<PackOption>>
+  >([]);
+  // Errors for the comboBox value (the "array")
+  const errorMessageField = field.getErrorsMessages();
+
+  // Errors for comboBox option added (the array "item")
+  const errorMessageArrayItem = field.getErrorsMessages({
+    validationType: VALIDATION_TYPES.ARRAY_ITEM,
+  });
+
+  const isInvalid = field.errors.length
+    ? errorMessageField !== null || errorMessageArrayItem !== null
+    : false;
+
+  // Concatenate error messages.
+  const errorMessage =
+    errorMessageField && errorMessageArrayItem
+      ? `${errorMessageField}, ${errorMessageArrayItem}`
+      : errorMessageField
+      ? errorMessageField
+      : errorMessageArrayItem;
+
+  const handlePackChange = useCallback(
+    (newSelectedOptions) => {
+      if (!newSelectedOptions.length) {
+        setSelectedOptions(newSelectedOptions);
+
+        return;
+      }
+
+      setSelectedOptions(newSelectedOptions);
+      field.setValue([newSelectedOptions[0].value?.id]);
+    },
+    [field]
+  );
+
+  const packOptions = useMemo<Array<EuiComboBoxOptionOption<PackOption>>>(
+    () =>
+      euiFieldProps?.packsData?.map((packSO) => ({
+        label: packSO.attributes.name ?? '',
+        value: {
+          id: packSO.id,
+          name: packSO.attributes.name,
+          description: packSO.attributes.description,
+        },
+      })) ?? [],
+    [euiFieldProps?.packsData]
+  );
+
+  const onSearchComboChange = useCallback(
+    (value: string) => {
+      if (value !== undefined) {
+        field.clearErrors(VALIDATION_TYPES.ARRAY_ITEM);
+      }
+    },
+    [field]
+  );
+
+  const renderOption = useCallback(
+    ({ value }) => (
+      <EuiFlexGroup
+        gutterSize="none"
+        direction="column"
+        alignItems="flexStart"
+        justifyContent="flexStart"
+      >
+        <EuiFlexItem>
+          <strong>{value.name}</strong>
+        </EuiFlexItem>
+        <EuiFlexItem>
+          <TextTruncate>
+            <EuiTextColor color="subdued">{value.description}</EuiTextColor>
+          </TextTruncate>
+        </EuiFlexItem>
+      </EuiFlexGroup>
+    ),
+    []
+  );
+
+  useEffect(() => {
+    if (field.value.length) {
+      const packOption = find(packOptions, ['value.id', field.value[0]]);
+
+      if (packOption) {
+        setSelectedOptions([packOption]);
+      }
+    }
+  }, [field.value, packOptions]);
+
+  return (
+    <EuiFormRow
+      label={field.label}
+      labelAppend={field.labelAppend}
+      helpText={typeof field.helpText === 'function' ? field.helpText() : field.helpText}
+      error={errorMessage}
+      isInvalid={isInvalid}
+      fullWidth
+      // eslint-disable-next-line react-perf/jsx-no-new-array-as-prop
+      describedByIds={idAria ? [idAria] : undefined}
+      {...rest}
+    >
+      <EuiComboBox<PackOption>
+        placeholder={i18n.translate('xpack.osquery.packs.dropdown.searchFieldPlaceholder', {
+          defaultMessage: `Search for a pack to run`,
+        })}
+        selectedOptions={selectedOptions}
+        onChange={handlePackChange}
+        onSearchChange={onSearchComboChange}
+        data-test-subj="select-live-pack"
+        fullWidth
+        // eslint-disable-next-line react-perf/jsx-no-new-object-as-prop
+        singleSelection={{ asPlainText: true }}
+        renderOption={renderOption}
+        options={packOptions}
+        rowHeight={60}
+        {...euiFieldProps}
+      />
+    </EuiFormRow>
+  );
+};
diff --git a/x-pack/plugins/osquery/public/live_queries/form/schema.ts b/x-pack/plugins/osquery/public/live_queries/form/schema.ts
index d8bd0bc4354ab..c09eccd1c5c88 100644
--- a/x-pack/plugins/osquery/public/live_queries/form/schema.ts
+++ b/x-pack/plugins/osquery/public/live_queries/form/schema.ts
@@ -43,6 +43,13 @@ export const liveQueryFormSchema = {
       { validator: queryFieldValidation },
     ],
   },
+  packId: {
+    label: i18n.translate('xpack.osquery.packs.dropdown.searchFieldLabel', {
+      defaultMessage: `Pack`,
+    }),
+    type: FIELD_TYPES.COMBO_BOX,
+    defaultValue: [],
+  },
   ecs_mapping: {
     defaultValue: [],
     type: FIELD_TYPES.JSON,
diff --git a/x-pack/plugins/osquery/public/live_queries/index.tsx b/x-pack/plugins/osquery/public/live_queries/index.tsx
index a147f929f7f25..22aa3be77c2a7 100644
--- a/x-pack/plugins/osquery/public/live_queries/index.tsx
+++ b/x-pack/plugins/osquery/public/live_queries/index.tsx
@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import { castArray } from 'lodash';
+import { castArray, isEmpty, pickBy } from 'lodash';
 import { EuiCode, EuiLoadingContent, EuiEmptyPrompt } from '@elastic/eui';
 import React, { useMemo } from 'react';
 import { FormattedMessage } from '@kbn/i18n-react';
@@ -14,6 +14,7 @@ import { LiveQueryForm } from './form';
 import { useActionResultsPrivileges } from '../action_results/use_action_privileges';
 import { OSQUERY_INTEGRATION_NAME } from '../../common';
 import { OsqueryIcon } from '../components/osquery_icon';
+import type { AgentSelection } from '../agents/types';
 
 interface LiveQueryProps {
   agentId?: string;
@@ -29,6 +30,8 @@ interface LiveQueryProps {
   enabled?: boolean;
   formType?: 'steps' | 'simple';
   hideAgentsField?: boolean;
+  packId?: string;
+  agentSelection?: AgentSelection;
   addToTimeline?: (payload: { query: [string, string]; isIcon?: true }) => React.ReactElement;
 }
 
@@ -46,32 +49,40 @@ const LiveQueryComponent: React.FC<LiveQueryProps> = ({
   formType,
   enabled,
   hideAgentsField,
+  packId,
+  agentSelection,
   addToTimeline,
 }) => {
   const { data: hasActionResultsPrivileges, isLoading } = useActionResultsPrivileges();
 
-  const defaultValue = useMemo(() => {
-    if (agentId || agentPolicyIds?.length || query?.length) {
-      const agentSelection =
-        agentId || agentPolicyIds?.length
-          ? {
-              allAgentsSelected: false,
-              agents: castArray(agentId ?? agentIds ?? []),
-              platformsSelected: [],
-              policiesSelected: agentPolicyIds ?? [],
-            }
-          : null;
+  const initialAgentSelection = useMemo(() => {
+    if (agentSelection) {
+      return agentSelection;
+    }
 
+    if (agentId || agentPolicyIds?.length) {
       return {
-        ...(agentSelection ? { agentSelection } : {}),
-        query,
-        savedQueryId,
-        ecs_mapping,
+        allAgentsSelected: false,
+        agents: castArray(agentId ?? agentIds ?? []),
+        platformsSelected: [],
+        policiesSelected: agentPolicyIds ?? [],
       };
     }
 
-    return undefined;
-  }, [agentId, agentIds, agentPolicyIds, ecs_mapping, query, savedQueryId]);
+    return null;
+  }, [agentId, agentIds, agentPolicyIds, agentSelection]);
+
+  const defaultValue = useMemo(() => {
+    const initialValue = {
+      ...(initialAgentSelection ? { agentSelection: initialAgentSelection } : {}),
+      query,
+      savedQueryId,
+      ecs_mapping,
+      packId,
+    };
+
+    return !isEmpty(pickBy(initialValue, (value) => !isEmpty(value))) ? initialValue : undefined;
+  }, [ecs_mapping, initialAgentSelection, packId, query, savedQueryId]);
 
   if (isLoading) {
     return <EuiLoadingContent lines={10} />;
diff --git a/x-pack/plugins/osquery/public/live_queries/use_create_live_query_action.tsx b/x-pack/plugins/osquery/public/live_queries/use_create_live_query_action.tsx
new file mode 100644
index 0000000000000..72ac627b02a63
--- /dev/null
+++ b/x-pack/plugins/osquery/public/live_queries/use_create_live_query_action.tsx
@@ -0,0 +1,67 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { useMutation } from 'react-query';
+import type { AgentSelection } from '../../common/schemas/common';
+import type { CreateLiveQueryRequestBodySchema } from '../../common/schemas/routes/live_query';
+import { useKibana } from '../common/lib/kibana';
+import { useErrorToast } from '../common/hooks/use_error_toast';
+import type { LiveQueryDetailsItem } from '../actions/use_live_query_details';
+
+interface UseLiveQueryProps {
+  onSuccess?: () => void;
+}
+
+export const useCreateLiveQuery = ({ onSuccess }: UseLiveQueryProps) => {
+  const setErrorToast = useErrorToast();
+
+  const { executionContext, http } = useKibana().services;
+  const queryExecutionContext = executionContext?.get();
+
+  return useMutation<
+    LiveQueryDetailsItem,
+    { body: { error: string; message: string } },
+    Omit<
+      CreateLiveQueryRequestBodySchema,
+      'agent_all' | 'agent_ids' | 'agent_platforms' | 'agent_policy_ids'
+    > & {
+      agentSelection: AgentSelection;
+    }
+  >(
+    async ({ agentSelection, ...payload }) => {
+      const response = await http.post<{ data: LiveQueryDetailsItem }>(
+        '/api/osquery/live_queries',
+        {
+          body: JSON.stringify({
+            ...payload,
+            agent_all: agentSelection.allAgentsSelected,
+            agent_ids: agentSelection.agents,
+            agent_platforms: agentSelection.platformsSelected,
+            agent_policy_ids: agentSelection.policiesSelected,
+            metadata: { execution_context: queryExecutionContext },
+          }),
+        }
+      );
+
+      return response?.data;
+    },
+    {
+      onSuccess: () => {
+        setErrorToast();
+        if (onSuccess) {
+          onSuccess();
+        }
+      },
+      onError: (error) => {
+        setErrorToast(error, {
+          title: error.body.error,
+          toastMessage: error.body.message,
+        });
+      },
+    }
+  );
+};
diff --git a/x-pack/plugins/osquery/public/packs/active_state_switch.tsx b/x-pack/plugins/osquery/public/packs/active_state_switch.tsx
index 6ba0e8998f4d7..41f7c7a32522e 100644
--- a/x-pack/plugins/osquery/public/packs/active_state_switch.tsx
+++ b/x-pack/plugins/osquery/public/packs/active_state_switch.tsx
@@ -11,13 +11,13 @@ import { useQueryClient } from 'react-query';
 import styled from 'styled-components';
 import { i18n } from '@kbn/i18n';
 
-import type { PackagePolicy } from '@kbn/fleet-plugin/common';
 import { useKibana } from '../common/lib/kibana';
 import { useAgentPolicies } from '../agent_policies/use_agent_policies';
 import { ConfirmDeployAgentPolicyModal } from './form/confirmation_modal';
 import { useErrorToast } from '../common/hooks/use_error_toast';
 import { useUpdatePack } from './use_update_pack';
 import { PACKS_ID } from './constants';
+import type { PackSavedObject } from './types';
 
 const StyledEuiLoadingSpinner = styled(EuiLoadingSpinner)`
   margin-right: ${({ theme }) => theme.eui.euiSizeS};
@@ -25,7 +25,7 @@ const StyledEuiLoadingSpinner = styled(EuiLoadingSpinner)`
 
 interface ActiveStateSwitchProps {
   disabled?: boolean;
-  item: PackagePolicy & { policy_ids: string[] };
+  item: PackSavedObject & { policy_ids: string[] };
 }
 
 const ActiveStateSwitchComponent: React.FC<ActiveStateSwitchProps> = ({ item }) => {
@@ -54,35 +54,29 @@ const ActiveStateSwitchComponent: React.FC<ActiveStateSwitchProps> = ({ item })
 
   const { isLoading, mutateAsync } = useUpdatePack({
     options: {
-      // @ts-expect-error update types
       onSuccess: (response) => {
         queryClient.invalidateQueries(PACKS_ID);
         setErrorToast();
         toasts.addSuccess(
-          response.attributes.enabled
+          response?.data?.attributes.enabled
             ? i18n.translate('xpack.osquery.pack.table.activatedSuccessToastMessageText', {
                 defaultMessage: 'Successfully activated "{packName}" pack',
                 values: {
-                  packName: response.attributes.name,
+                  packName: response?.data?.attributes.name,
                 },
               })
             : i18n.translate('xpack.osquery.pack.table.deactivatedSuccessToastMessageText', {
                 defaultMessage: 'Successfully deactivated "{packName}" pack',
                 values: {
-                  packName: response.attributes.name,
+                  packName: response?.data?.attributes.name,
                 },
               })
         );
       },
-      // @ts-expect-error update types
-      onError: (error) => {
-        setErrorToast(error, { title: error.body.error, toastMessage: error.body.message });
-      },
     },
   });
 
   const handleToggleActive = useCallback(() => {
-    // @ts-expect-error update types
     mutateAsync({ id: item.id, enabled: !item.attributes.enabled });
     hideConfirmationModal();
   }, [hideConfirmationModal, item, mutateAsync]);
@@ -99,8 +93,7 @@ const ActiveStateSwitchComponent: React.FC<ActiveStateSwitchProps> = ({ item })
     <>
       {isLoading && <StyledEuiLoadingSpinner />}
       <EuiSwitch
-        // @ts-expect-error update types
-        checked={item.attributes.enabled}
+        checked={!!item.attributes.enabled}
         disabled={!permissions.writePacks || isLoading}
         showLabel={false}
         label=""
diff --git a/x-pack/plugins/osquery/public/packs/form/index.tsx b/x-pack/plugins/osquery/public/packs/form/index.tsx
index 5b0d3c19888ec..51bec779b1f05 100644
--- a/x-pack/plugins/osquery/public/packs/form/index.tsx
+++ b/x-pack/plugins/osquery/public/packs/form/index.tsx
@@ -19,7 +19,6 @@ import React, { useCallback, useMemo, useState } from 'react';
 import { i18n } from '@kbn/i18n';
 import { FormattedMessage } from '@kbn/i18n-react';
 
-import type { OsqueryManagerPackagePolicy } from '../../../common/types';
 import {
   Form,
   useForm,
@@ -38,6 +37,7 @@ import { useCreatePack } from '../use_create_pack';
 import { useUpdatePack } from '../use_update_pack';
 import { convertPackQueriesToSO, convertSOQueriesToPack } from './utils';
 import { idSchemaValidation } from '../queries/validations';
+import type { PackItem } from '../types';
 
 const GhostFormField = () => <></>;
 
@@ -46,7 +46,7 @@ const FORM_ID = 'scheduledQueryForm';
 const CommonUseField = getUseField({ component: Field });
 
 interface PackFormProps {
-  defaultValue?: OsqueryManagerPackagePolicy;
+  defaultValue?: PackItem;
   editMode?: boolean;
   isReadOnly?: boolean;
 }
@@ -70,16 +70,7 @@ const PackFormComponent: React.FC<PackFormProps> = ({
     withRedirect: true,
   });
 
-  const { form } = useForm<
-    Omit<OsqueryManagerPackagePolicy, 'policy_id' | 'id'> & {
-      queries: {};
-      policy_ids: string[];
-    },
-    Omit<OsqueryManagerPackagePolicy, 'policy_id' | 'id'> & {
-      queries: {};
-      policy_ids: string[];
-    }
-  >({
+  const { form } = useForm<PackItem>({
     id: FORM_ID,
     schema: {
       name: {
@@ -142,6 +133,7 @@ const PackFormComponent: React.FC<PackFormProps> = ({
       policy_ids: payload.policy_ids ?? [],
       queries: convertPackQueriesToSO(payload.queries),
     }),
+    // @ts-expect-error update types
     serializer: (payload) => ({
       ...payload,
       queries: convertSOQueriesToPack(payload.queries),
diff --git a/x-pack/plugins/osquery/public/packs/form/queries_field.tsx b/x-pack/plugins/osquery/public/packs/form/queries_field.tsx
index 909a0db2f558e..bff3e30a901c1 100644
--- a/x-pack/plugins/osquery/public/packs/form/queries_field.tsx
+++ b/x-pack/plugins/osquery/public/packs/form/queries_field.tsx
@@ -12,16 +12,17 @@ import { produce } from 'immer';
 import React, { useCallback, useMemo, useState } from 'react';
 import { FormattedMessage } from '@kbn/i18n-react';
 
-import type { OsqueryManagerPackagePolicyInputStream } from '../../../common/types';
 import type { FieldHook } from '../../shared_imports';
 import { PackQueriesTable } from '../pack_queries_table';
 import { QueryFlyout } from '../queries/query_flyout';
 import { OsqueryPackUploader } from './pack_uploader';
 import { getSupportedPlatforms } from '../queries/platforms/helpers';
+import type { PackItem } from '../types';
+import type { PackQueryFormData } from '../queries/use_pack_query_form';
 
 interface QueriesFieldProps {
   handleNameChange: (name: string) => void;
-  field: FieldHook<Array<Record<string, unknown>>>;
+  field: FieldHook<PackItem['queries'], PackQueryFormData[]>;
   euiFieldProps: EuiComboBoxProps<{}>;
 }
 
@@ -33,9 +34,7 @@ const QueriesFieldComponent: React.FC<QueriesFieldProps> = ({
   const isReadOnly = !!euiFieldProps?.isDisabled;
   const [showAddQueryFlyout, setShowAddQueryFlyout] = useState(false);
   const [showEditQueryFlyout, setShowEditQueryFlyout] = useState<number>(-1);
-  const [tableSelectedItems, setTableSelectedItems] = useState<
-    OsqueryManagerPackagePolicyInputStream[]
-  >([]);
+  const [tableSelectedItems, setTableSelectedItems] = useState<PackQueryFormData[]>([]);
 
   const handleShowAddFlyout = useCallback(() => setShowAddQueryFlyout(true), []);
   const handleHideAddFlyout = useCallback(() => setShowAddQueryFlyout(false), []);
@@ -141,6 +140,7 @@ const QueriesFieldComponent: React.FC<QueriesFieldProps> = ({
         produce((draft) => {
           forEach(parsedContent.queries, (newQuery, newQueryId) => {
             draft.push(
+              // @ts-expect-error update types
               pickBy(
                 {
                   id: newQueryId,
@@ -170,7 +170,6 @@ const QueriesFieldComponent: React.FC<QueriesFieldProps> = ({
       field.value && field.value.length
         ? field.value.reduce((acc, query) => {
             if (query?.id) {
-              // @ts-expect-error update types
               acc.push(query.id);
             }
 
@@ -212,7 +211,6 @@ const QueriesFieldComponent: React.FC<QueriesFieldProps> = ({
       )}
       {field.value?.length ? (
         <PackQueriesTable
-          // @ts-expect-error update types
           data={tableData}
           isReadOnly={isReadOnly}
           onEditClick={handleEditClick}
@@ -233,7 +231,6 @@ const QueriesFieldComponent: React.FC<QueriesFieldProps> = ({
       {showEditQueryFlyout != null && showEditQueryFlyout >= 0 && (
         <QueryFlyout
           uniqueQueryIds={uniqueQueryIds}
-          // @ts-expect-error update types
           defaultValue={field.value[showEditQueryFlyout]}
           onSave={handleEditQuery}
           onClose={handleHideEditFlyout}
diff --git a/x-pack/plugins/osquery/public/packs/pack_queries_status_table.tsx b/x-pack/plugins/osquery/public/packs/pack_queries_status_table.tsx
index 5b7eb30d54b34..c09c5385478c4 100644
--- a/x-pack/plugins/osquery/public/packs/pack_queries_status_table.tsx
+++ b/x-pack/plugins/osquery/public/packs/pack_queries_status_table.tsx
@@ -5,7 +5,6 @@
  * 2.0.
  */
 
-import { get } from 'lodash/fp';
 import React, { useCallback, useEffect, useState, useMemo } from 'react';
 import {
   EuiBasicTable,
@@ -32,13 +31,14 @@ import type {
 } from '@kbn/lens-plugin/public';
 import { DOCUMENT_FIELD_NAME as RECORDS_FIELD } from '@kbn/lens-plugin/common/constants';
 import { FilterStateStore } from '@kbn/es-query';
-import type { DataView } from '@kbn/data-plugin/common';
 import { removeMultilines } from '../../common/utils/build_query/remove_multilines';
 import { useKibana } from '../common/lib/kibana';
-import type { OsqueryManagerPackagePolicyInputStream } from '../../common/types';
 import { ScheduledQueryErrorsTable } from './scheduled_query_errors_table';
 import { usePackQueryLastResults } from './use_pack_query_last_results';
 import { usePackQueryErrors } from './use_pack_query_errors';
+import type { PackQueryFormData } from './queries/use_pack_query_form';
+import type { LogsDataView } from '../common/hooks/use_logs_data_view';
+import { useLogsDataView } from '../common/hooks/use_logs_data_view';
 
 const VIEW_IN_DISCOVER = i18n.translate(
   'xpack.osquery.pack.queriesTable.viewDiscoverResultsActionAriaLabel',
@@ -69,6 +69,7 @@ interface ViewResultsInDiscoverActionProps {
 }
 
 function getLensAttributes(
+  logsDataView: LogsDataView,
   actionId: string,
   agentIds?: string[]
 ): TypedLensByValueInput['attributes'] {
@@ -133,18 +134,18 @@ function getLensAttributes(
     title: `Action ${actionId} results`,
     references: [
       {
-        id: 'logs-*',
+        id: logsDataView.id,
         name: 'indexpattern-datasource-current-indexpattern',
         type: 'index-pattern',
       },
       {
-        id: 'logs-*',
+        id: logsDataView.id,
         name: 'indexpattern-datasource-layer-layer1',
         type: 'index-pattern',
       },
       {
         name: 'filter-index-pattern-0',
-        id: 'logs-*',
+        id: logsDataView.id,
         type: 'index-pattern',
       },
     ],
@@ -210,28 +211,31 @@ const ViewResultsInLensActionComponent: React.FC<ViewResultsInDiscoverActionProp
 }) => {
   const lensService = useKibana().services.lens;
   const isLensAvailable = lensService?.canUseEditor();
+  const { data: logsDataView } = useLogsDataView();
 
   const handleClick = useCallback(
     (event) => {
       event.preventDefault();
 
-      lensService?.navigateToPrefilledEditor(
-        {
-          id: '',
-          timeRange: {
-            from: startDate ?? 'now-1d',
-            to: endDate ?? 'now',
-            mode: mode ?? (startDate || endDate) ? 'absolute' : 'relative',
+      if (logsDataView?.id) {
+        lensService?.navigateToPrefilledEditor(
+          {
+            id: '',
+            timeRange: {
+              from: startDate ?? 'now-1d',
+              to: endDate ?? 'now',
+              mode: mode ?? (startDate || endDate) ? 'absolute' : 'relative',
+            },
+            attributes: getLensAttributes(logsDataView, actionId, agentIds),
           },
-          attributes: getLensAttributes(actionId, agentIds),
-        },
-        {
-          openInNewTab: true,
-          skipAppLeave: true,
-        }
-      );
+          {
+            openInNewTab: true,
+            skipAppLeave: true,
+          }
+        );
+      }
     },
-    [actionId, agentIds, endDate, lensService, mode, startDate]
+    [actionId, agentIds, endDate, lensService, logsDataView, mode, startDate]
   );
 
   if (!isLensAvailable) {
@@ -240,7 +244,7 @@ const ViewResultsInLensActionComponent: React.FC<ViewResultsInDiscoverActionProp
 
   if (buttonType === ViewResultsActionButtonType.button) {
     return (
-      <EuiButtonEmpty size="xs" iconType="lensApp" onClick={handleClick} disabled={false}>
+      <EuiButtonEmpty size="xs" iconType="lensApp" onClick={handleClick} isDisabled={!logsDataView}>
         {VIEW_IN_LENS}
       </EuiButtonEmpty>
     );
@@ -250,7 +254,7 @@ const ViewResultsInLensActionComponent: React.FC<ViewResultsInDiscoverActionProp
     <EuiToolTip content={VIEW_IN_LENS}>
       <EuiButtonIcon
         iconType="lensApp"
-        disabled={false}
+        isDisabled={!logsDataView}
         onClick={handleClick}
         aria-label={VIEW_IN_LENS}
       />
@@ -270,12 +274,13 @@ const ViewResultsInDiscoverActionComponent: React.FC<ViewResultsInDiscoverAction
   const { discover, application } = useKibana().services;
   const locator = discover?.locator;
   const discoverPermissions = application.capabilities.discover;
+  const { data: logsDataView } = useLogsDataView();
 
   const [discoverUrl, setDiscoverUrl] = useState<string>('');
 
   useEffect(() => {
     const getDiscoverUrl = async () => {
-      if (!locator) return;
+      if (!locator || !logsDataView) return;
 
       const agentIdsQuery = agentIds?.length
         ? {
@@ -287,11 +292,11 @@ const ViewResultsInDiscoverActionComponent: React.FC<ViewResultsInDiscoverAction
         : null;
 
       const newUrl = await locator.getUrl({
-        indexPatternId: 'logs-*',
+        indexPatternId: logsDataView.id,
         filters: [
           {
             meta: {
-              index: 'logs-*',
+              index: logsDataView.id,
               alias: null,
               negate: false,
               disabled: false,
@@ -309,7 +314,7 @@ const ViewResultsInDiscoverActionComponent: React.FC<ViewResultsInDiscoverAction
                   meta: {
                     alias: 'agent IDs',
                     disabled: false,
-                    index: 'logs-*',
+                    index: logsDataView.id,
                     key: 'query',
                     negate: false,
                     type: 'custom',
@@ -341,7 +346,7 @@ const ViewResultsInDiscoverActionComponent: React.FC<ViewResultsInDiscoverAction
     };
 
     getDiscoverUrl();
-  }, [actionId, agentIds, endDate, startDate, locator]);
+  }, [actionId, agentIds, endDate, startDate, locator, logsDataView]);
 
   if (!discoverPermissions.show) {
     return null;
@@ -349,7 +354,13 @@ const ViewResultsInDiscoverActionComponent: React.FC<ViewResultsInDiscoverAction
 
   if (buttonType === ViewResultsActionButtonType.button) {
     return (
-      <EuiButtonEmpty size="xs" iconType="discoverApp" href={discoverUrl} target="_blank">
+      <EuiButtonEmpty
+        size="xs"
+        iconType="discoverApp"
+        href={discoverUrl}
+        target="_blank"
+        isDisabled={!logsDataView}
+      >
         {VIEW_IN_DISCOVER}
       </EuiButtonEmpty>
     );
@@ -362,6 +373,7 @@ const ViewResultsInDiscoverActionComponent: React.FC<ViewResultsInDiscoverAction
         aria-label={VIEW_IN_DISCOVER}
         href={discoverUrl}
         target="_blank"
+        isDisabled={!logsDataView}
       />
     </EuiToolTip>
   );
@@ -395,14 +407,12 @@ interface ScheduledQueryLastResultsProps {
   actionId: string;
   queryId?: string;
   interval: number;
-  logsDataView: DataView | undefined;
 }
 
 interface ScheduledQueryErrorsProps {
   actionId: string;
   queryId: string;
   interval: number;
-  logsDataView: DataView | undefined;
   toggleErrors: (payload: { queryId: string; interval: number }) => void;
   expanded: boolean;
 }
@@ -410,12 +420,10 @@ interface ScheduledQueryErrorsProps {
 const ScheduledQueryLastResults: React.FC<ScheduledQueryLastResultsProps> = ({
   actionId,
   interval,
-  logsDataView,
 }) => {
   const { data: lastResultsData, isLoading } = usePackQueryLastResults({
     actionId,
     interval,
-    logsDataView,
   });
 
   if (isLoading) {
@@ -453,16 +461,12 @@ const ScheduledQueryLastResults: React.FC<ScheduledQueryLastResultsProps> = ({
   );
 };
 
-const DocsColumnResults: React.FC<ScheduledQueryLastResultsProps> = ({
-  actionId,
-  interval,
-  logsDataView,
-}) => {
+const DocsColumnResults: React.FC<ScheduledQueryLastResultsProps> = ({ actionId, interval }) => {
   const { data: lastResultsData, isLoading } = usePackQueryLastResults({
     actionId,
     interval,
-    logsDataView,
   });
+
   if (isLoading) {
     return <EuiLoadingSpinner />;
   }
@@ -482,15 +486,10 @@ const DocsColumnResults: React.FC<ScheduledQueryLastResultsProps> = ({
   );
 };
 
-const AgentsColumnResults: React.FC<ScheduledQueryLastResultsProps> = ({
-  actionId,
-  interval,
-  logsDataView,
-}) => {
+const AgentsColumnResults: React.FC<ScheduledQueryLastResultsProps> = ({ actionId, interval }) => {
   const { data: lastResultsData, isLoading } = usePackQueryLastResults({
     actionId,
     interval,
-    logsDataView,
   });
   if (isLoading) {
     return <EuiLoadingSpinner />;
@@ -517,7 +516,6 @@ const ErrorsColumnResults: React.FC<ScheduledQueryErrorsProps> = ({
   queryId,
   toggleErrors,
   expanded,
-  logsDataView,
 }) => {
   const handleErrorsToggle = useCallback(
     () => toggleErrors({ queryId, interval }),
@@ -527,7 +525,6 @@ const ErrorsColumnResults: React.FC<ScheduledQueryErrorsProps> = ({
   const { data: errorsData, isLoading: errorsLoading } = usePackQueryErrors({
     actionId,
     interval,
-    logsDataView,
   });
   if (errorsLoading) {
     return <EuiLoadingSpinner />;
@@ -565,14 +562,12 @@ interface PackViewInActionProps {
     id: string;
     interval: number;
   };
-  logsDataView: DataView | undefined;
   packName: string;
   agentIds?: string[];
 }
 
 const PackViewInDiscoverActionComponent: React.FC<PackViewInActionProps> = ({
   item,
-  logsDataView,
   packName,
   agentIds,
 }) => {
@@ -581,7 +576,6 @@ const PackViewInDiscoverActionComponent: React.FC<PackViewInActionProps> = ({
   const { data: lastResultsData } = usePackQueryLastResults({
     actionId,
     interval,
-    logsDataView,
   });
 
   const startDate = lastResultsData?.['@timestamp']
@@ -607,7 +601,6 @@ const PackViewInDiscoverAction = React.memo(PackViewInDiscoverActionComponent);
 
 const PackViewInLensActionComponent: React.FC<PackViewInActionProps> = ({
   item,
-  logsDataView,
   packName,
   agentIds,
 }) => {
@@ -616,7 +609,6 @@ const PackViewInLensActionComponent: React.FC<PackViewInActionProps> = ({
   const { data: lastResultsData } = usePackQueryLastResults({
     actionId,
     interval,
-    logsDataView,
   });
 
   const startDate = lastResultsData?.['@timestamp']
@@ -642,7 +634,7 @@ const PackViewInLensAction = React.memo(PackViewInLensActionComponent);
 
 interface PackQueriesStatusTableProps {
   agentIds?: string[];
-  data: OsqueryManagerPackagePolicyInputStream[];
+  data: PackQueryFormData[];
   packName: string;
 }
 
@@ -655,19 +647,6 @@ const PackQueriesStatusTableComponent: React.FC<PackQueriesStatusTableProps> = (
     Record<string, ReturnType<typeof ScheduledQueryExpandedContent>>
   >({});
 
-  const dataViews = useKibana().services.data.dataViews;
-  const [logsDataView, setLogsDataView] = useState<DataView | undefined>(undefined);
-
-  useEffect(() => {
-    const fetchLogsDataView = async () => {
-      const dataView = await dataViews.find('logs-*');
-
-      setLogsDataView(dataView[0]);
-    };
-
-    fetchLogsDataView();
-  }, [dataViews]);
-
   const renderQueryColumn = useCallback((query: string, item) => {
     const singleLine = removeMultilines(query);
     const content = singleLine.length > 55 ? `${singleLine.substring(0, 55)}...` : singleLine;
@@ -704,32 +683,23 @@ const PackQueriesStatusTableComponent: React.FC<PackQueriesStatusTableProps> = (
   const renderLastResultsColumn = useCallback(
     (item) => (
       <ScheduledQueryLastResults
-        logsDataView={logsDataView}
         actionId={getPackActionId(item.id, packName)}
         interval={item.interval}
       />
     ),
-    [packName, logsDataView]
+    [packName]
   );
   const renderDocsColumn = useCallback(
     (item) => (
-      <DocsColumnResults
-        logsDataView={logsDataView}
-        actionId={getPackActionId(item.id, packName)}
-        interval={item.interval}
-      />
+      <DocsColumnResults actionId={getPackActionId(item.id, packName)} interval={item.interval} />
     ),
-    [logsDataView, packName]
+    [packName]
   );
   const renderAgentsColumn = useCallback(
     (item) => (
-      <AgentsColumnResults
-        logsDataView={logsDataView}
-        actionId={getPackActionId(item.id, packName)}
-        interval={item.interval}
-      />
+      <AgentsColumnResults actionId={getPackActionId(item.id, packName)} interval={item.interval} />
     ),
-    [logsDataView, packName]
+    [packName]
   );
   const renderErrorsColumn = useCallback(
     (item) => (
@@ -738,41 +708,23 @@ const PackQueriesStatusTableComponent: React.FC<PackQueriesStatusTableProps> = (
         interval={item.interval}
         actionId={getPackActionId(item.id, packName)}
         toggleErrors={toggleErrors}
-        logsDataView={logsDataView}
         expanded={!!itemIdToExpandedRowMap[item.id]}
       />
     ),
-    [itemIdToExpandedRowMap, logsDataView, packName, toggleErrors]
+    [itemIdToExpandedRowMap, packName, toggleErrors]
   );
 
   const renderDiscoverResultsAction = useCallback(
-    (item) => (
-      <PackViewInDiscoverAction
-        item={item}
-        agentIds={agentIds}
-        logsDataView={logsDataView}
-        packName={packName}
-      />
-    ),
-    [agentIds, logsDataView, packName]
+    (item) => <PackViewInDiscoverAction item={item} agentIds={agentIds} packName={packName} />,
+    [agentIds, packName]
   );
 
   const renderLensResultsAction = useCallback(
-    (item) => (
-      <PackViewInLensAction
-        item={item}
-        agentIds={agentIds}
-        logsDataView={logsDataView}
-        packName={packName}
-      />
-    ),
-    [agentIds, logsDataView, packName]
+    (item) => <PackViewInLensAction item={item} agentIds={agentIds} packName={packName} />,
+    [agentIds, packName]
   );
 
-  const getItemId = useCallback(
-    (item: OsqueryManagerPackagePolicyInputStream) => get('id', item),
-    []
-  );
+  const getItemId = useCallback((item: PackQueryFormData) => item.id ?? '', []);
 
   const columns = useMemo(
     () => [
@@ -853,7 +805,7 @@ const PackQueriesStatusTableComponent: React.FC<PackQueriesStatusTableProps> = (
   const sorting = useMemo(
     () => ({
       sort: {
-        field: 'id' as keyof OsqueryManagerPackagePolicyInputStream,
+        field: 'id' as keyof PackQueryFormData,
         direction: 'asc' as const,
       },
     }),
@@ -861,7 +813,7 @@ const PackQueriesStatusTableComponent: React.FC<PackQueriesStatusTableProps> = (
   );
 
   return (
-    <EuiBasicTable<OsqueryManagerPackagePolicyInputStream>
+    <EuiBasicTable<PackQueryFormData>
       // eslint-disable-next-line react-perf/jsx-no-new-array-as-prop
       items={data ?? []}
       itemId={getItemId}
diff --git a/x-pack/plugins/osquery/public/packs/pack_queries_table.tsx b/x-pack/plugins/osquery/public/packs/pack_queries_table.tsx
index d042e850a3861..4bf2c96b6a649 100644
--- a/x-pack/plugins/osquery/public/packs/pack_queries_table.tsx
+++ b/x-pack/plugins/osquery/public/packs/pack_queries_table.tsx
@@ -5,21 +5,21 @@
  * 2.0.
  */
 
-import { get } from 'lodash/fp';
 import React, { useCallback, useMemo } from 'react';
 import { EuiBasicTable, EuiCodeBlock, EuiButtonIcon } from '@elastic/eui';
 import { i18n } from '@kbn/i18n';
 
 import { PlatformIcons } from './queries/platforms';
-import type { OsqueryManagerPackagePolicyInputStream } from '../../common/types';
+import type { PackItem } from './types';
+import type { PackQueryFormData } from './queries/use_pack_query_form';
 
 export interface PackQueriesTableProps {
-  data: OsqueryManagerPackagePolicyInputStream[];
+  data: PackItem['queries'];
   isReadOnly?: boolean;
-  onDeleteClick?: (item: OsqueryManagerPackagePolicyInputStream) => void;
-  onEditClick?: (item: OsqueryManagerPackagePolicyInputStream) => void;
-  selectedItems?: OsqueryManagerPackagePolicyInputStream[];
-  setSelectedItems?: (selection: OsqueryManagerPackagePolicyInputStream[]) => void;
+  onDeleteClick?: (item: PackQueryFormData) => void;
+  onEditClick?: (item: PackQueryFormData) => void;
+  selectedItems?: PackItem['queries'];
+  setSelectedItems?: (selection: PackItem['queries']) => void;
 }
 
 const PackQueriesTableComponent: React.FC<PackQueriesTableProps> = ({
@@ -31,12 +31,11 @@ const PackQueriesTableComponent: React.FC<PackQueriesTableProps> = ({
   setSelectedItems,
 }) => {
   const renderDeleteAction = useCallback(
-    (item: OsqueryManagerPackagePolicyInputStream) => (
+    (item: PackQueryFormData) => (
       <EuiButtonIcon
         color="danger"
-        // @ts-expect-error update types
         // eslint-disable-next-line react/jsx-no-bind, react-perf/jsx-no-new-function-as-prop
-        onClick={() => onDeleteClick(item)}
+        onClick={() => onDeleteClick && onDeleteClick(item)}
         iconType="trash"
         aria-label={i18n.translate('xpack.osquery.pack.queriesTable.deleteActionAriaLabel', {
           defaultMessage: 'Delete {queryName}',
@@ -50,12 +49,11 @@ const PackQueriesTableComponent: React.FC<PackQueriesTableProps> = ({
   );
 
   const renderEditAction = useCallback(
-    (item: OsqueryManagerPackagePolicyInputStream) => (
+    (item: PackQueryFormData) => (
       <EuiButtonIcon
         color="primary"
-        // @ts-expect-error update types
         // eslint-disable-next-line react/jsx-no-bind, react-perf/jsx-no-new-function-as-prop
-        onClick={() => onEditClick(item)}
+        onClick={() => onEditClick && onEditClick(item)}
         iconType="pencil"
         aria-label={i18n.translate('xpack.osquery.pack.queriesTable.editActionAriaLabel', {
           defaultMessage: 'Edit {queryName}',
@@ -161,14 +159,14 @@ const PackQueriesTableComponent: React.FC<PackQueriesTableProps> = ({
   const sorting = useMemo(
     () => ({
       sort: {
-        field: 'id' as keyof OsqueryManagerPackagePolicyInputStream,
+        field: 'id' as keyof PackQueryFormData,
         direction: 'asc' as const,
       },
     }),
     []
   );
 
-  const itemId = useCallback((item: OsqueryManagerPackagePolicyInputStream) => get('id', item), []);
+  const itemId = useCallback((item: PackQueryFormData) => item.id ?? '', []);
 
   const selection = useMemo(
     () => ({
@@ -179,7 +177,7 @@ const PackQueriesTableComponent: React.FC<PackQueriesTableProps> = ({
   );
 
   return (
-    <EuiBasicTable<OsqueryManagerPackagePolicyInputStream>
+    <EuiBasicTable<PackQueryFormData>
       items={data}
       itemId={itemId}
       columns={columns}
diff --git a/x-pack/plugins/osquery/public/packs/packs_table.tsx b/x-pack/plugins/osquery/public/packs/packs_table.tsx
index 9c37056534b4e..6a62d0945d517 100644
--- a/x-pack/plugins/osquery/public/packs/packs_table.tsx
+++ b/x-pack/plugins/osquery/public/packs/packs_table.tsx
@@ -32,6 +32,8 @@ const UpdatedBy = styled.span`
   text-overflow: ellipsis;
 `;
 
+const EMPTY_ARRAY: PackSavedObject[] = [];
+
 const ScheduledQueryNameComponent = ({ id, name }: { id: string; name: string }) => (
   <EuiLink {...useRouterNavigate(`packs/${id}`)}>{name}</EuiLink>
 );
@@ -42,7 +44,7 @@ const renderName = (_: unknown, item: { id: string; attributes: { name: string }
   <ScheduledQueryName id={item.id} name={item.attributes.name} />
 );
 
-export const AgentPoliciesPopover = ({ agentPolicyIds }: { agentPolicyIds: string[] }) => {
+export const AgentPoliciesPopover = ({ agentPolicyIds = [] }: { agentPolicyIds?: string[] }) => {
   const [isPopoverOpen, setIsPopoverOpen] = useState(false);
 
   const onButtonClick = useCallback(
@@ -185,8 +187,7 @@ const PacksTableComponent = () => {
 
   return (
     <EuiInMemoryTable<PackSavedObject>
-      // eslint-disable-next-line react-perf/jsx-no-new-array-as-prop
-      items={data?.saved_objects ?? []}
+      items={data?.data ?? EMPTY_ARRAY}
       columns={columns}
       pagination={true}
       sorting={sorting}
diff --git a/x-pack/plugins/osquery/public/packs/queries/query_flyout.tsx b/x-pack/plugins/osquery/public/packs/queries/query_flyout.tsx
index 31b4cbd81d5c3..72317dbadc708 100644
--- a/x-pack/plugins/osquery/public/packs/queries/query_flyout.tsx
+++ b/x-pack/plugins/osquery/public/packs/queries/query_flyout.tsx
@@ -27,7 +27,7 @@ import { CodeEditorField } from '../../saved_queries/form/code_editor_field';
 import { Form, getUseField, Field } from '../../shared_imports';
 import { PlatformCheckBoxGroupField } from './platform_checkbox_group_field';
 import { ALL_OSQUERY_VERSIONS_OPTIONS } from './constants';
-import type { UsePackQueryFormProps, PackFormData } from './use_pack_query_form';
+import type { UsePackQueryFormProps, PackQueryFormData } from './use_pack_query_form';
 import { usePackQueryForm } from './use_pack_query_form';
 import { SavedQueriesDropdown } from '../../saved_queries/saved_queries_dropdown';
 import { ECSMappingEditorField } from './lazy_ecs_mapping_editor_field';
@@ -38,7 +38,7 @@ const CommonUseField = getUseField({ component: Field });
 interface QueryFlyoutProps {
   uniqueQueryIds: string[];
   defaultValue?: UsePackQueryFormProps['defaultValue'] | undefined;
-  onSave: (payload: PackFormData) => Promise<void>;
+  onSave: (payload: PackQueryFormData) => Promise<void>;
   onClose: () => void;
 }
 
diff --git a/x-pack/plugins/osquery/public/packs/queries/use_pack_query_form.tsx b/x-pack/plugins/osquery/public/packs/queries/use_pack_query_form.tsx
index 1d10b61168cef..16da80b048921 100644
--- a/x-pack/plugins/osquery/public/packs/queries/use_pack_query_form.tsx
+++ b/x-pack/plugins/osquery/public/packs/queries/use_pack_query_form.tsx
@@ -10,6 +10,7 @@ import uuid from 'uuid';
 import { produce } from 'immer';
 
 import { useMemo } from 'react';
+import type { ECSMapping } from '../../../common/schemas/common';
 import { convertECSMappingToObject } from '../../../common/schemas/common/utils';
 import type { FormConfig } from '../../shared_imports';
 import { useForm } from '../../shared_imports';
@@ -19,38 +20,39 @@ const FORM_ID = 'editQueryFlyoutForm';
 
 export interface UsePackQueryFormProps {
   uniqueQueryIds: string[];
-  defaultValue?: PackFormData | undefined;
-  handleSubmit: FormConfig<PackFormData, PackFormData>['onSubmit'];
+  defaultValue?: PackQueryFormData | undefined;
+  handleSubmit: FormConfig<PackQueryFormData, PackQueryFormData>['onSubmit'];
 }
 
-export interface PackSOFormData {
+export interface PackSOQueryFormData {
   id: string;
   query: string;
   interval: number;
   platform?: string | undefined;
   version?: string | undefined;
-  ecs_mapping?: Array<{ field: string; value: string }> | undefined;
+  ecs_mapping?: PackQuerySOECSMapping[] | undefined;
 }
 
-export interface PackFormData {
-  id: string;
+export type PackQuerySOECSMapping = Array<{ field: string; value: string }>;
+
+export interface PackQueryFormData {
+  id?: string;
+  description?: string;
   query: string;
-  interval: number;
+  interval?: number;
   platform?: string | undefined;
   version?: string | undefined;
-  ecs_mapping?:
-    | Array<
-        Record<
-          string,
-          {
-            field?: string;
-            value?: string;
-          }
-        >
-      >
-    | undefined;
+  ecs_mapping?: ECSMapping;
 }
 
+export type PackQueryECSMapping = Record<
+  string,
+  {
+    field?: string;
+    value?: string;
+  }
+>;
+
 export const usePackQueryForm = ({
   uniqueQueryIds,
   defaultValue,
@@ -65,7 +67,7 @@ export const usePackQueryForm = ({
     [idSet]
   );
 
-  return useForm<PackSOFormData, PackFormData>({
+  return useForm<PackSOQueryFormData, PackQueryFormData>({
     id: FORM_ID + uuid.v4(),
     onSubmit: async (formData, isValid) => {
       if (isValid && handleSubmit) {
@@ -109,7 +111,7 @@ export const usePackQueryForm = ({
       }),
     // @ts-expect-error update types
     deserializer: (payload) => {
-      if (!payload) return {} as PackFormData;
+      if (!payload) return {} as PackQueryFormData;
 
       return {
         id: payload.id,
diff --git a/x-pack/plugins/osquery/public/packs/queries/validations.ts b/x-pack/plugins/osquery/public/packs/queries/validations.ts
index ba8aad28fa17a..54ea9deece692 100644
--- a/x-pack/plugins/osquery/public/packs/queries/validations.ts
+++ b/x-pack/plugins/osquery/public/packs/queries/validations.ts
@@ -7,13 +7,12 @@
 
 import { i18n } from '@kbn/i18n';
 
-import type { ValidationConfig, ValidationFunc } from '../../shared_imports';
+import type { FormData, ValidationConfig, ValidationFunc } from '../../shared_imports';
 import { fieldValidators } from '../../shared_imports';
 export { queryFieldValidation } from '../../common/validations';
 
 const idPattern = /^[a-zA-Z0-9-_]+$/;
-// eslint-disable-next-line @typescript-eslint/no-explicit-any
-export const idSchemaValidation: ValidationFunc<any, string, string> = ({ value }) => {
+export const idSchemaValidation: ValidationFunc<FormData, string, string> = ({ value }) => {
   const valueIsValid = idPattern.test(value);
   if (!valueIsValid) {
     return {
@@ -25,8 +24,7 @@ export const idSchemaValidation: ValidationFunc<any, string, string> = ({ value
 };
 
 const createUniqueIdValidation = (ids: Set<string>) => {
-  // eslint-disable-next-line @typescript-eslint/no-explicit-any
-  const uniqueIdCheck: ValidationFunc<any, string, string> = ({ value }) => {
+  const uniqueIdCheck: ValidationFunc<FormData, string, string> = ({ value }) => {
     if (ids.has(value)) {
       return {
         message: i18n.translate('xpack.osquery.pack.queryFlyoutForm.uniqueIdError', {
@@ -49,14 +47,7 @@ export const createIdFieldValidations = (ids: Set<string>) => [
   createUniqueIdValidation(ids),
 ];
 
-export const intervalFieldValidations: Array<
-  ValidationConfig<
-    // eslint-disable-next-line @typescript-eslint/no-explicit-any
-    any,
-    string,
-    number
-  >
-> = [
+export const intervalFieldValidations: Array<ValidationConfig<FormData, string, number>> = [
   {
     validator: fieldValidators.numberGreaterThanField({
       than: 0,
diff --git a/x-pack/plugins/osquery/public/packs/types.ts b/x-pack/plugins/osquery/public/packs/types.ts
index fb78eccc86629..4a4253b35b048 100644
--- a/x-pack/plugins/osquery/public/packs/types.ts
+++ b/x-pack/plugins/osquery/public/packs/types.ts
@@ -5,6 +5,8 @@
  * 2.0.
  */
 import type { SavedObject } from '@kbn/core/public';
+import type { PackQueryFormData } from './queries/use_pack_query_form';
+import type { PackQueryECSMapping } from './queries/use_pack_query_form';
 
 export interface IQueryPayload {
   attributes?: {
@@ -13,15 +15,20 @@ export interface IQueryPayload {
   };
 }
 
+export interface PackItemQuery {
+  id: string;
+  name: string;
+  interval: number;
+  query: string;
+  platform?: string;
+  version?: string;
+  ecs_mapping?: PackQueryECSMapping[];
+}
+
 export type PackSavedObject = SavedObject<{
   name: string;
   description: string | undefined;
-  queries: Array<{
-    id: string;
-    name: string;
-    interval: number;
-    ecs_mapping: Record<string, unknown>;
-  }>;
+  queries: PackQueryFormData[];
   version?: number;
   enabled: boolean | undefined;
   created_at: string;
@@ -29,3 +36,9 @@ export type PackSavedObject = SavedObject<{
   updated_at: string;
   updated_by: string | undefined;
 }>;
+
+export type PackItem = PackSavedObject['attributes'] & {
+  id: string;
+  policy_ids: string[];
+  read_only?: boolean;
+};
diff --git a/x-pack/plugins/osquery/public/packs/use_create_pack.ts b/x-pack/plugins/osquery/public/packs/use_create_pack.ts
index 7af682a2ff872..3dcd7bfc11201 100644
--- a/x-pack/plugins/osquery/public/packs/use_create_pack.ts
+++ b/x-pack/plugins/osquery/public/packs/use_create_pack.ts
@@ -13,7 +13,7 @@ import { PLUGIN_ID } from '../../common';
 import { pagePathGetters } from '../common/page_paths';
 import { PACKS_ID } from './constants';
 import { useErrorToast } from '../common/hooks/use_error_toast';
-import type { IQueryPayload } from './types';
+import type { PackSavedObject } from './types';
 
 interface UseCreatePackProps {
   withRedirect?: boolean;
@@ -28,14 +28,13 @@ export const useCreatePack = ({ withRedirect }: UseCreatePackProps) => {
   } = useKibana().services;
   const setErrorToast = useErrorToast();
 
-  return useMutation(
+  return useMutation<PackSavedObject, { body: { error: string; message: string } }>(
     (payload) =>
-      http.post<IQueryPayload>('/internal/osquery/packs', {
+      http.post('/api/osquery/packs', {
         body: JSON.stringify(payload),
       }),
     {
       onError: (error) => {
-        // @ts-expect-error update types
         setErrorToast(error, { title: error.body.error, toastMessage: error.body.message });
       },
       onSuccess: (payload) => {
diff --git a/x-pack/plugins/osquery/public/packs/use_delete_pack.ts b/x-pack/plugins/osquery/public/packs/use_delete_pack.ts
index 505a941753a8a..439a850c785b0 100644
--- a/x-pack/plugins/osquery/public/packs/use_delete_pack.ts
+++ b/x-pack/plugins/osquery/public/packs/use_delete_pack.ts
@@ -28,7 +28,7 @@ export const useDeletePack = ({ packId, withRedirect }: UseDeletePackProps) => {
   } = useKibana().services;
   const setErrorToast = useErrorToast();
 
-  return useMutation(() => http.delete(`/internal/osquery/packs/${packId}`), {
+  return useMutation(() => http.delete(`/api/osquery/packs/${packId}`), {
     onError: (error: { body: { error: string; message: string } }) => {
       setErrorToast(error, {
         title: error.body.error,
diff --git a/x-pack/plugins/osquery/public/packs/use_pack.ts b/x-pack/plugins/osquery/public/packs/use_pack.ts
index e57b232d0ea2a..da6062fb8309f 100644
--- a/x-pack/plugins/osquery/public/packs/use_pack.ts
+++ b/x-pack/plugins/osquery/public/packs/use_pack.ts
@@ -6,10 +6,8 @@
  */
 
 import { useQuery } from 'react-query';
-
-import type { GetOnePackagePolicyResponse } from '@kbn/fleet-plugin/common';
 import { useKibana } from '../common/lib/kibana';
-import type { OsqueryManagerPackagePolicy } from '../../common/types';
+import type { PackItem } from './types';
 
 interface UsePack {
   packId: string;
@@ -19,12 +17,13 @@ interface UsePack {
 export const usePack = ({ packId, skip = false }: UsePack) => {
   const { http } = useKibana().services;
 
-  return useQuery<
-    Omit<GetOnePackagePolicyResponse, 'item'> & { item: OsqueryManagerPackagePolicy },
-    unknown,
-    OsqueryManagerPackagePolicy
-  >(['pack', { packId }], () => http.get(`/internal/osquery/packs/${packId}`), {
-    keepPreviousData: true,
-    enabled: !skip || !packId,
-  });
+  return useQuery<{ data: PackItem }, unknown, PackItem>(
+    ['pack', { packId }],
+    () => http.get(`/api/osquery/packs/${packId}`),
+    {
+      select: (response) => response?.data,
+      keepPreviousData: true,
+      enabled: !skip || !packId,
+    }
+  );
 };
diff --git a/x-pack/plugins/osquery/public/packs/use_pack_query_errors.ts b/x-pack/plugins/osquery/public/packs/use_pack_query_errors.ts
index 1f77b5b6f947b..dd31356171aed 100644
--- a/x-pack/plugins/osquery/public/packs/use_pack_query_errors.ts
+++ b/x-pack/plugins/osquery/public/packs/use_pack_query_errors.ts
@@ -11,6 +11,7 @@ import type { DataView } from '@kbn/data-plugin/common';
 import { SortDirection } from '@kbn/data-plugin/common';
 
 import { useKibana } from '../common/lib/kibana';
+import { useLogsDataView } from '../common/hooks/use_logs_data_view';
 
 interface UsePackQueryErrorsProps {
   actionId: string;
@@ -22,10 +23,10 @@ interface UsePackQueryErrorsProps {
 export const usePackQueryErrors = ({
   actionId,
   interval,
-  logsDataView,
   skip = false,
 }: UsePackQueryErrorsProps) => {
   const data = useKibana().services.data;
+  const { data: logsDataView } = useLogsDataView();
 
   return useQuery(
     ['scheduledQueryErrors', { actionId, interval }],
diff --git a/x-pack/plugins/osquery/public/packs/use_pack_query_last_results.ts b/x-pack/plugins/osquery/public/packs/use_pack_query_last_results.ts
index b25a8f403fcae..5dd8746898e24 100644
--- a/x-pack/plugins/osquery/public/packs/use_pack_query_last_results.ts
+++ b/x-pack/plugins/osquery/public/packs/use_pack_query_last_results.ts
@@ -8,25 +8,28 @@
 import { useQuery } from 'react-query';
 import moment from 'moment-timezone';
 import { lastValueFrom } from 'rxjs';
-import type { DataView } from '@kbn/data-plugin/common';
 import { SortDirection } from '@kbn/data-plugin/common';
 import { useKibana } from '../common/lib/kibana';
+import { useLogsDataView } from '../common/hooks/use_logs_data_view';
 
 interface UsePackQueryLastResultsProps {
-  actionId: string;
+  actionId?: string;
   agentIds?: string[];
-  interval: number;
-  logsDataView?: DataView;
+  interval?: number;
   skip?: boolean;
+  startDate?: string;
+  endDate?: string;
 }
 
 export const usePackQueryLastResults = ({
   actionId,
   interval,
-  logsDataView,
+  startDate,
+  endDate,
   skip = false,
 }: UsePackQueryLastResultsProps) => {
   const data = useKibana().services.data;
+  const { data: logsDataView } = useLogsDataView();
 
   return useQuery(
     ['scheduledQueryLastResults', { actionId }],
@@ -63,8 +66,10 @@ export const usePackQueryLastResults = ({
                 {
                   range: {
                     '@timestamp': {
-                      gte: moment(timestamp).subtract(interval, 'seconds').format(),
-                      lte: moment(timestamp).format(),
+                      gte: startDate
+                        ? moment(startDate).format()
+                        : moment(timestamp).subtract(interval, 'seconds').format(),
+                      lte: moment(endDate || timestamp).format(),
                     },
                   },
                 },
@@ -82,12 +87,12 @@ export const usePackQueryLastResults = ({
         aggsSearchSource.setField('aggs', {
           unique_agents: { cardinality: { field: 'agent.id' } },
         });
-        const aggsResponse = await aggsSearchSource.fetch$().toPromise();
+        const aggsResponse = await lastValueFrom(aggsSearchSource.fetch$());
 
         return {
           '@timestamp': lastResultsResponse.rawResponse?.hits?.hits[0]?.fields?.['@timestamp'],
           // @ts-expect-error update types
-          uniqueAgentsCount: aggsResponse.rawResponse.aggregations?.unique_agents?.value,
+          uniqueAgentsCount: aggsResponse?.rawResponse.aggregations?.unique_agents?.value,
           docCount: aggsResponse?.rawResponse?.hits?.total,
         };
       }
@@ -96,7 +101,7 @@ export const usePackQueryLastResults = ({
     },
     {
       keepPreviousData: true,
-      enabled: !!(!skip && actionId && interval && logsDataView),
+      enabled: !!(!skip && actionId && logsDataView),
       refetchOnReconnect: false,
       refetchOnWindowFocus: false,
     }
diff --git a/x-pack/plugins/osquery/public/packs/use_packs.ts b/x-pack/plugins/osquery/public/packs/use_packs.ts
index e66d6acf6799a..27c7dc9250783 100644
--- a/x-pack/plugins/osquery/public/packs/use_packs.ts
+++ b/x-pack/plugins/osquery/public/packs/use_packs.ts
@@ -5,26 +5,31 @@
  * 2.0.
  */
 
+import type { SavedObjectsFindResponsePublic } from '@kbn/core/public';
 import { useQuery } from 'react-query';
 
 import { useKibana } from '../common/lib/kibana';
 import { PACKS_ID } from './constants';
+import type { PackSavedObject } from './types';
 
 export const usePacks = ({
   isLive = false,
   pageIndex = 0,
-  pageSize = 10000,
+  pageSize = 100,
   sortField = 'updated_at',
-  sortDirection = 'desc',
+  sortOrder = 'desc',
 }) => {
   const { http } = useKibana().services;
 
-  return useQuery(
-    [PACKS_ID, { pageIndex, pageSize, sortField, sortDirection }],
-    async () =>
-      // eslint-disable-next-line @typescript-eslint/no-explicit-any
-      http.get<any>('/internal/osquery/packs', {
-        query: { pageIndex, pageSize, sortField, sortDirection },
+  return useQuery<
+    Omit<SavedObjectsFindResponsePublic, 'savedObjects'> & {
+      data: PackSavedObject[];
+    }
+  >(
+    [PACKS_ID, { pageIndex, pageSize, sortField, sortOrder }],
+    () =>
+      http.get('/api/osquery/packs', {
+        query: { pageIndex, pageSize, sortField, sortOrder },
       }),
     {
       keepPreviousData: true,
diff --git a/x-pack/plugins/osquery/public/packs/use_update_pack.ts b/x-pack/plugins/osquery/public/packs/use_update_pack.ts
index 8f7fbedad9288..1075078dd0e98 100644
--- a/x-pack/plugins/osquery/public/packs/use_update_pack.ts
+++ b/x-pack/plugins/osquery/public/packs/use_update_pack.ts
@@ -5,6 +5,7 @@
  * 2.0.
  */
 
+import type { UseMutationOptions } from 'react-query';
 import { useMutation, useQueryClient } from 'react-query';
 import { i18n } from '@kbn/i18n';
 
@@ -13,12 +14,15 @@ import { PLUGIN_ID } from '../../common';
 import { pagePathGetters } from '../common/page_paths';
 import { PACKS_ID } from './constants';
 import { useErrorToast } from '../common/hooks/use_error_toast';
-import type { IQueryPayload } from './types';
+import type { PackSavedObject } from './types';
 
 interface UseUpdatePackProps {
   withRedirect?: boolean;
-  // eslint-disable-next-line @typescript-eslint/no-explicit-any
-  options?: any;
+  options?: UseMutationOptions<
+    { data: PackSavedObject },
+    { body: { message: string; error: string } },
+    Partial<PackSavedObject['attributes']> & { id: string }
+  >;
 }
 
 export const useUpdatePack = ({ withRedirect, options }: UseUpdatePackProps) => {
@@ -30,18 +34,20 @@ export const useUpdatePack = ({ withRedirect, options }: UseUpdatePackProps) =>
   } = useKibana().services;
   const setErrorToast = useErrorToast();
 
-  return useMutation(
-    // @ts-expect-error update types
+  return useMutation<
+    { data: PackSavedObject },
+    { body: { message: string; error: string } },
+    Partial<PackSavedObject['attributes']> & { id: string }
+  >(
     ({ id, ...payload }) =>
-      http.put<IQueryPayload>(`/internal/osquery/packs/${id}`, {
+      http.put(`/api/osquery/packs/${id}`, {
         body: JSON.stringify(payload),
       }),
     {
       onError: (error) => {
-        // @ts-expect-error update types
-        setErrorToast(error, { title: error.body.error, toastMessage: error.body.message });
+        setErrorToast(error, { title: error?.body?.error, toastMessage: error?.body?.message });
       },
-      onSuccess: (payload) => {
+      onSuccess: (response) => {
         queryClient.invalidateQueries(PACKS_ID);
         if (withRedirect) {
           navigateToApp(PLUGIN_ID, { path: pagePathGetters.packs() });
@@ -51,7 +57,7 @@ export const useUpdatePack = ({ withRedirect, options }: UseUpdatePackProps) =>
           i18n.translate('xpack.osquery.updatePack.successToastMessageText', {
             defaultMessage: 'Successfully updated "{packName}" pack',
             values: {
-              packName: payload.attributes?.name ?? '',
+              packName: response?.data?.attributes?.name ?? '',
             },
           })
         );
diff --git a/x-pack/plugins/osquery/public/results/results_table.tsx b/x-pack/plugins/osquery/public/results/results_table.tsx
index 2abbefe7e4396..a00818ae4857d 100644
--- a/x-pack/plugins/osquery/public/results/results_table.tsx
+++ b/x-pack/plugins/osquery/public/results/results_table.tsx
@@ -17,10 +17,10 @@ import {
   EuiCallOut,
   EuiCode,
   EuiDataGrid,
+  EuiPanel,
   EuiLink,
   EuiLoadingContent,
   EuiProgress,
-  EuiSpacer,
   EuiIconTip,
 } from '@elastic/eui';
 import { i18n } from '@kbn/i18n';
@@ -41,7 +41,6 @@ import {
 } from '../packs/pack_queries_status_table';
 import { useActionResultsPrivileges } from '../action_results/use_action_privileges';
 import { OSQUERY_INTEGRATION_NAME } from '../../common';
-import { useActionDetails } from '../actions/use_action_details';
 
 const DataContext = createContext<ResultEdges>([]);
 
@@ -49,6 +48,7 @@ interface ResultsTableComponentProps {
   actionId: string;
   selectedAgent?: string;
   agentIds?: string[];
+  ecsMapping?: Record<string, string>;
   endDate?: string;
   startDate?: string;
   addToTimeline?: (payload: { query: [string, string]; isIcon?: true }) => React.ReactElement;
@@ -57,13 +57,13 @@ interface ResultsTableComponentProps {
 const ResultsTableComponent: React.FC<ResultsTableComponentProps> = ({
   actionId,
   agentIds,
+  ecsMapping,
   startDate,
   endDate,
   addToTimeline,
 }) => {
   const [isLive, setIsLive] = useState(true);
   const { data: hasActionResultsPrivileges } = useActionResultsPrivileges();
-  const { data: actionDetails } = useActionDetails({ actionId });
 
   const {
     // @ts-expect-error update types
@@ -130,10 +130,7 @@ const ResultsTableComponent: React.FC<ResultsTableComponentProps> = ({
     [visibleColumns, setVisibleColumns]
   );
 
-  const ecsMappingColumns = useMemo(
-    () => keys(get('actionDetails._source.data.ecs_mapping', actionDetails) || {}),
-    [actionDetails]
-  );
+  const ecsMappingColumns = useMemo(() => keys(ecsMapping || {}), [ecsMapping]);
 
   const renderCellValue: EuiDataGridProps['renderCellValue'] = useMemo(
     () =>
@@ -185,9 +182,8 @@ const ResultsTableComponent: React.FC<ResultsTableComponentProps> = ({
     [onChangeItemsPerPage, onChangePage, pagination]
   );
 
-  const ecsMapping = useMemo(() => {
-    const mapping = get('actionDetails._source.data.ecs_mapping', actionDetails);
-    if (!mapping) return;
+  const ecsMappingConfig = useMemo(() => {
+    if (!ecsMapping) return;
 
     return reduce(
       (acc, [key, value]) => {
@@ -200,14 +196,14 @@ const ResultsTableComponent: React.FC<ResultsTableComponentProps> = ({
         return acc;
       },
       {},
-      Object.entries(mapping)
+      Object.entries(ecsMapping)
     );
-  }, [actionDetails]);
+  }, [ecsMapping]);
 
   const getHeaderDisplay = useCallback(
     (columnName: string) => {
       // @ts-expect-error update types
-      if (ecsMapping && ecsMapping[columnName]) {
+      if (ecsMappingConfig && ecsMappingConfig[columnName]) {
         return (
           <>
             {columnName}{' '}
@@ -223,7 +219,7 @@ const ResultsTableComponent: React.FC<ResultsTableComponentProps> = ({
                   <ul>
                     {
                       // @ts-expect-error update types
-                      ecsMapping[columnName].map((fieldName) => (
+                      ecsMappingConfig[columnName].map((fieldName) => (
                         <li key={fieldName}>{fieldName}</li>
                       ))
                     }
@@ -236,7 +232,7 @@ const ResultsTableComponent: React.FC<ResultsTableComponentProps> = ({
         );
       }
     },
-    [ecsMapping]
+    [ecsMappingConfig]
   );
 
   useEffect(() => {
@@ -365,8 +361,8 @@ const ResultsTableComponent: React.FC<ResultsTableComponentProps> = ({
 
         return !!(
           aggregations.totalResponded !== agentIds?.length ||
-          allResultsData?.totalCount !== aggregations?.totalRowCount ||
-          (allResultsData?.totalCount && !allResultsData?.edges.length)
+          allResultsData?.total !== aggregations?.totalRowCount ||
+          (allResultsData?.total && !allResultsData?.edges.length)
         );
       }),
     [
@@ -374,7 +370,7 @@ const ResultsTableComponent: React.FC<ResultsTableComponentProps> = ({
       aggregations.totalResponded,
       aggregations?.totalRowCount,
       allResultsData?.edges.length,
-      allResultsData?.totalCount,
+      allResultsData?.total,
       expired,
     ]
   );
@@ -415,10 +411,9 @@ const ResultsTableComponent: React.FC<ResultsTableComponentProps> = ({
       {isLive && <EuiProgress color="primary" size="xs" />}
 
       {!allResultsData?.edges.length ? (
-        <>
+        <EuiPanel hasShadow={false}>
           <EuiCallOut title={generateEmptyDataMessage(aggregations.totalResponded)} />
-          <EuiSpacer />
-        </>
+        </EuiPanel>
       ) : (
         <DataContext.Provider value={allResultsData?.edges}>
           <EuiDataGrid
@@ -426,7 +421,7 @@ const ResultsTableComponent: React.FC<ResultsTableComponentProps> = ({
             aria-label="Osquery results"
             columns={columns}
             columnVisibility={columnVisibility}
-            rowCount={allResultsData?.totalCount ?? 0}
+            rowCount={allResultsData?.total ?? 0}
             renderCellValue={renderCellValue}
             leadingControlColumns={leadingControlColumns}
             sorting={tableSorting}
diff --git a/x-pack/plugins/osquery/public/results/use_all_results.ts b/x-pack/plugins/osquery/public/results/use_all_results.ts
index cb6889a086e3a..94a80fb09734a 100644
--- a/x-pack/plugins/osquery/public/results/use_all_results.ts
+++ b/x-pack/plugins/osquery/public/results/use_all_results.ts
@@ -18,7 +18,6 @@ import {
 import { useKibana } from '../common/lib/kibana';
 import type {
   ResultEdges,
-  PageInfoPaginated,
   ResultsRequestOptions,
   ResultsStrategyResponse,
   Direction,
@@ -33,7 +32,6 @@ export interface ResultsArgs {
   id: string;
   inspect: InspectResponse;
   isInspected: boolean;
-  pageInfo: PageInfoPaginated;
   totalCount: number;
 }
 
@@ -77,7 +75,7 @@ export const useAllResults = ({
         )
       );
 
-      if (!responseData?.edges?.length && responseData.totalCount) {
+      if (!responseData?.edges?.length && responseData.total) {
         throw new Error('Empty edges while positive totalCount');
       }
 
diff --git a/x-pack/plugins/osquery/public/routes/live_queries/details/index.tsx b/x-pack/plugins/osquery/public/routes/live_queries/details/index.tsx
index 3a65ad18d21a0..bcc069da7359f 100644
--- a/x-pack/plugins/osquery/public/routes/live_queries/details/index.tsx
+++ b/x-pack/plugins/osquery/public/routes/live_queries/details/index.tsx
@@ -5,31 +5,23 @@
  * 2.0.
  */
 
-import { get } from 'lodash';
-import {
-  EuiButtonEmpty,
-  EuiFlexGroup,
-  EuiFlexItem,
-  EuiCodeBlock,
-  EuiSpacer,
-  EuiText,
-} from '@elastic/eui';
+import { EuiButtonEmpty, EuiFlexGroup, EuiFlexItem, EuiText } from '@elastic/eui';
 import { FormattedMessage } from '@kbn/i18n-react';
-import React, { useMemo } from 'react';
+import React, { useLayoutEffect, useMemo, useState } from 'react';
 import { useParams } from 'react-router-dom';
 
 import { useRouterNavigate } from '../../../common/lib/kibana';
 import { WithHeaderLayout } from '../../../components/layouts';
-import { useActionDetails } from '../../../actions/use_action_details';
-import { ResultTabs } from '../../saved_queries/edit/tabs';
+import { useLiveQueryDetails } from '../../../actions/use_live_query_details';
 import { useBreadcrumbs } from '../../../common/hooks/use_breadcrumbs';
+import { PackQueriesStatusTable } from '../../../live_queries/form/pack_queries_status_table';
 
 const LiveQueryDetailsPageComponent = () => {
   const { actionId } = useParams<{ actionId: string }>();
   useBreadcrumbs('live_query_details', { liveQueryId: actionId });
   const liveQueryListProps = useRouterNavigate('live_queries');
-
-  const { data } = useActionDetails({ actionId });
+  const [isLive, setIsLive] = useState(false);
+  const { data } = useLiveQueryDetails({ actionId, isLive });
 
   const LeftColumn = useMemo(
     () => (
@@ -57,17 +49,18 @@ const LiveQueryDetailsPageComponent = () => {
     [liveQueryListProps]
   );
 
+  useLayoutEffect(() => {
+    setIsLive(() => !(data?.status === 'completed'));
+  }, [data?.status]);
+
   return (
     <WithHeaderLayout leftColumn={LeftColumn} rightColumnGrow={false}>
-      <EuiCodeBlock language="sql" fontSize="m" paddingSize="m">
-        {data?.actionDetails._source?.data?.query}
-      </EuiCodeBlock>
-      <EuiSpacer />
-      <ResultTabs
+      <PackQueriesStatusTable
         actionId={actionId}
-        agentIds={data?.actionDetails?.fields?.agents}
-        startDate={get(data, ['actionDetails', 'fields', '@timestamp', '0'])}
-        endDate={get(data, 'actionDetails.fields.expiration[0]')}
+        data={data?.queries}
+        startDate={data?.['@timestamp']}
+        expirationDate={data?.expiration}
+        agentIds={data?.agents}
       />
     </WithHeaderLayout>
   );
diff --git a/x-pack/plugins/osquery/public/routes/packs/details/index.tsx b/x-pack/plugins/osquery/public/routes/packs/details/index.tsx
index cf114005258f3..4d9e287facc6e 100644
--- a/x-pack/plugins/osquery/public/routes/packs/details/index.tsx
+++ b/x-pack/plugins/osquery/public/routes/packs/details/index.tsx
@@ -43,7 +43,7 @@ const PackDetailsPageComponent = () => {
 
   const { data } = usePack({ packId });
   const { data: agentIds } = useAgentPolicyAgentIds({
-    agentPolicyId: data?.policy_id,
+    agentPolicyId: data?.policy_ids?.[0],
     skip: !data,
   });
 
@@ -51,7 +51,6 @@ const PackDetailsPageComponent = () => {
 
   const queriesArray = useMemo(
     () =>
-      // @ts-expect-error update types
       (data?.queries && Object.entries(data.queries).map(([id, query]) => ({ ...query, id }))) ??
       [],
     [data]
@@ -108,10 +107,7 @@ const PackDetailsPageComponent = () => {
               />
             </EuiDescriptionListTitle>
             <EuiDescriptionListDescription className="eui-textNoWrap">
-              {
-                // @ts-expect-error update types
-                <AgentPoliciesPopover agentPolicyIds={data?.policy_ids} />
-              }
+              <AgentPoliciesPopover agentPolicyIds={data?.policy_ids} />
             </EuiDescriptionListDescription>
           </EuiDescriptionList>
         </EuiFlexItem>
@@ -133,7 +129,6 @@ const PackDetailsPageComponent = () => {
         </EuiFlexItem>
       </EuiFlexGroup>
     ),
-    // @ts-expect-error update types
     [data?.policy_ids, editQueryLinkProps, permissions]
   );
 
diff --git a/x-pack/plugins/osquery/public/routes/saved_queries/edit/form.tsx b/x-pack/plugins/osquery/public/routes/saved_queries/edit/form.tsx
index 75969fd8f5dd1..f5ab2308d1720 100644
--- a/x-pack/plugins/osquery/public/routes/saved_queries/edit/form.tsx
+++ b/x-pack/plugins/osquery/public/routes/saved_queries/edit/form.tsx
@@ -16,14 +16,15 @@ import {
 import React from 'react';
 import { FormattedMessage } from '@kbn/i18n-react';
 
+import type { PackQueryFormData } from '../../../packs/queries/use_pack_query_form';
 import { useRouterNavigate } from '../../../common/lib/kibana';
 import { Form } from '../../../shared_imports';
 import { SavedQueryForm } from '../../../saved_queries/form';
 import { useSavedQueryForm } from '../../../saved_queries/form/use_saved_query_form';
 
 interface EditSavedQueryFormProps {
-  defaultValue?: unknown;
-  handleSubmit: () => Promise<void>;
+  defaultValue?: PackQueryFormData;
+  handleSubmit: (payload: unknown) => Promise<void>;
   viewMode?: boolean;
 }
 
diff --git a/x-pack/plugins/osquery/public/routes/saved_queries/edit/index.tsx b/x-pack/plugins/osquery/public/routes/saved_queries/edit/index.tsx
index cb7a95b4271e7..0dbf921997ede 100644
--- a/x-pack/plugins/osquery/public/routes/saved_queries/edit/index.tsx
+++ b/x-pack/plugins/osquery/public/routes/saved_queries/edit/index.tsx
@@ -44,7 +44,7 @@ const EditSavedQueryPageComponent = () => {
   useBreadcrumbs('saved_query_edit', { savedQueryName: savedQueryDetails?.attributes?.id ?? '' });
 
   const elasticPrebuiltQuery = useMemo(
-    () => savedQueryDetails?.attributes?.prebuilt,
+    () => !!savedQueryDetails?.attributes?.prebuilt,
     [savedQueryDetails]
   );
   const viewMode = useMemo(
@@ -129,6 +129,13 @@ const EditSavedQueryPageComponent = () => {
     [handleDeleteClick]
   );
 
+  const handleSubmit = useCallback(
+    async (payload) => {
+      await updateSavedQueryMutation.mutateAsync(payload);
+    },
+    [updateSavedQueryMutation]
+  );
+
   if (isLoading) return null;
 
   return (
@@ -140,7 +147,7 @@ const EditSavedQueryPageComponent = () => {
       {!isLoading && !isEmpty(savedQueryDetails) && (
         <EditSavedQueryForm
           defaultValue={savedQueryDetails?.attributes}
-          handleSubmit={updateSavedQueryMutation.mutateAsync}
+          handleSubmit={handleSubmit}
           viewMode={viewMode}
         />
       )}
diff --git a/x-pack/plugins/osquery/public/routes/saved_queries/edit/tabs.tsx b/x-pack/plugins/osquery/public/routes/saved_queries/edit/tabs.tsx
index 76e8bfd9dd029..094d1380eb30c 100644
--- a/x-pack/plugins/osquery/public/routes/saved_queries/edit/tabs.tsx
+++ b/x-pack/plugins/osquery/public/routes/saved_queries/edit/tabs.tsx
@@ -5,17 +5,18 @@
  * 2.0.
  */
 
-import { EuiTabbedContent, EuiSpacer } from '@elastic/eui';
+import { EuiTabbedContent, EuiNotificationBadge } from '@elastic/eui';
 import React, { useMemo } from 'react';
 
 import { ResultsTable } from '../../../results/results_table';
 import { ActionResultsSummary } from '../../../action_results/action_results_summary';
-import { ActionAgentsStatus } from '../../../action_results/action_agents_status';
 
 interface ResultTabsProps {
   actionId: string;
   agentIds?: string[];
   startDate?: string;
+  ecsMapping?: Record<string, string>;
+  failedAgentsCount?: number;
   endDate?: string;
   addToTimeline?: (payload: { query: [string, string]; isIcon?: true }) => React.ReactElement;
 }
@@ -23,7 +24,9 @@ interface ResultTabsProps {
 const ResultTabsComponent: React.FC<ResultTabsProps> = ({
   actionId,
   agentIds,
+  ecsMapping,
   endDate,
+  failedAgentsCount,
   startDate,
   addToTimeline,
 }) => {
@@ -33,47 +36,41 @@ const ResultTabsComponent: React.FC<ResultTabsProps> = ({
         id: 'results',
         name: 'Results',
         content: (
-          <>
-            <EuiSpacer />
-            <ResultsTable
-              actionId={actionId}
-              agentIds={agentIds}
-              startDate={startDate}
-              endDate={endDate}
-              addToTimeline={addToTimeline}
-            />
-          </>
+          <ResultsTable
+            actionId={actionId}
+            agentIds={agentIds}
+            ecsMapping={ecsMapping}
+            startDate={startDate}
+            endDate={endDate}
+            addToTimeline={addToTimeline}
+          />
         ),
       },
       {
         id: 'status',
         name: 'Status',
         content: (
-          <>
-            <EuiSpacer />
-            <ActionResultsSummary
-              actionId={actionId}
-              agentIds={agentIds}
-              expirationDate={endDate}
-            />
-          </>
+          <ActionResultsSummary actionId={actionId} agentIds={agentIds} expirationDate={endDate} />
         ),
+        append: failedAgentsCount ? (
+          <EuiNotificationBadge className="eui-alignCenter" size="m">
+            {failedAgentsCount}
+          </EuiNotificationBadge>
+        ) : null,
       },
     ],
-    [actionId, agentIds, endDate, startDate, addToTimeline]
+    [actionId, agentIds, ecsMapping, startDate, endDate, addToTimeline, failedAgentsCount]
   );
 
   return (
-    <>
-      <ActionAgentsStatus actionId={actionId} agentIds={agentIds} expirationDate={endDate} />
-      <EuiSpacer size="s" />
-      <EuiTabbedContent
-        tabs={tabs}
-        initialSelectedTab={tabs[0]}
-        autoFocus="selected"
-        expand={false}
-      />
-    </>
+    <EuiTabbedContent
+      // TODO: extend the EuiTabbedContent component to support EuiTabs props
+      // bottomBorder={false}
+      tabs={tabs}
+      initialSelectedTab={tabs[0]}
+      autoFocus="selected"
+      expand={false}
+    />
   );
 };
 
diff --git a/x-pack/plugins/osquery/public/routes/saved_queries/list/index.tsx b/x-pack/plugins/osquery/public/routes/saved_queries/list/index.tsx
index 19f5dbc997a9e..86426d432701c 100644
--- a/x-pack/plugins/osquery/public/routes/saved_queries/list/index.tsx
+++ b/x-pack/plugins/osquery/public/routes/saved_queries/list/index.tsx
@@ -22,18 +22,21 @@ import { FormattedMessage } from '@kbn/i18n-react';
 import { useHistory } from 'react-router-dom';
 
 import type { SavedObject } from '@kbn/core/public';
+import { Direction } from '../../../../common/search_strategy';
 import type { ECSMapping } from '../../../../common/schemas/common';
 import { WithHeaderLayout } from '../../../components/layouts';
 import { useBreadcrumbs } from '../../../common/hooks/use_breadcrumbs';
 import { useKibana, useRouterNavigate } from '../../../common/lib/kibana';
 import { useSavedQueries } from '../../../saved_queries/use_saved_queries';
 
-type SavedQuerySO = SavedObject<{
+export type SavedQuerySO = SavedObject<{
   name: string;
   id: string;
+  description?: string;
   query: string;
   ecs_mapping: ECSMapping;
   updated_at: string;
+  prebuilt?: boolean;
 }>;
 
 interface PlayButtonProps {
@@ -114,7 +117,7 @@ const SavedQueriesPageComponent = () => {
   const [pageIndex, setPageIndex] = useState(0);
   const [pageSize, setPageSize] = useState(20);
   const [sortField, setSortField] = useState('attributes.updated_at');
-  const [sortDirection, setSortDirection] = useState('desc');
+  const [sortDirection, setSortDirection] = useState<Direction>(Direction.desc);
 
   const { data } = useSavedQueries({ isLive: true });
 
@@ -269,13 +272,12 @@ const SavedQueriesPageComponent = () => {
 
   return (
     <WithHeaderLayout leftColumn={LeftColumn} rightColumn={RightColumn} rightColumnGrow={false}>
-      {data?.saved_objects && (
+      {data?.data && (
         <EuiInMemoryTable
-          items={data?.saved_objects}
+          items={data?.data}
           itemId="id"
           columns={columns}
           pagination={pagination}
-          // @ts-expect-error update types
           sorting={sorting}
           onChange={onTableChange}
           rowHeader="id"
diff --git a/x-pack/plugins/osquery/public/routes/saved_queries/new/form.tsx b/x-pack/plugins/osquery/public/routes/saved_queries/new/form.tsx
index 414cfaabf7f83..4dc26c5aaedf4 100644
--- a/x-pack/plugins/osquery/public/routes/saved_queries/new/form.tsx
+++ b/x-pack/plugins/osquery/public/routes/saved_queries/new/form.tsx
@@ -16,14 +16,15 @@ import {
 import React from 'react';
 import { FormattedMessage } from '@kbn/i18n-react';
 
+import type { PackQueryFormData } from '../../../packs/queries/use_pack_query_form';
 import { useRouterNavigate } from '../../../common/lib/kibana';
 import { Form } from '../../../shared_imports';
 import { SavedQueryForm } from '../../../saved_queries/form';
 import { useSavedQueryForm } from '../../../saved_queries/form/use_saved_query_form';
 
 interface NewSavedQueryFormProps {
-  defaultValue?: unknown;
-  handleSubmit: () => Promise<void>;
+  defaultValue?: PackQueryFormData;
+  handleSubmit: (payload: unknown) => Promise<void>;
 }
 
 const NewSavedQueryFormComponent: React.FC<NewSavedQueryFormProps> = ({
diff --git a/x-pack/plugins/osquery/public/routes/saved_queries/new/index.tsx b/x-pack/plugins/osquery/public/routes/saved_queries/new/index.tsx
index 8bee69aba74cf..4c8d2fa5d3a9c 100644
--- a/x-pack/plugins/osquery/public/routes/saved_queries/new/index.tsx
+++ b/x-pack/plugins/osquery/public/routes/saved_queries/new/index.tsx
@@ -6,7 +6,7 @@
  */
 
 import { EuiButtonEmpty, EuiFlexGroup, EuiFlexItem, EuiText } from '@elastic/eui';
-import React, { useMemo } from 'react';
+import React, { useCallback, useMemo } from 'react';
 import { FormattedMessage } from '@kbn/i18n-react';
 
 import { useRouterNavigate } from '../../../common/lib/kibana';
@@ -47,9 +47,16 @@ const NewSavedQueryPageComponent = () => {
     [savedQueryListProps]
   );
 
+  const handleSubmit = useCallback(
+    async (payload) => {
+      await mutateAsync(payload);
+    },
+    [mutateAsync]
+  );
+
   return (
     <WithHeaderLayout leftColumn={LeftColumn}>
-      <NewSavedQueryForm handleSubmit={mutateAsync} />
+      <NewSavedQueryForm handleSubmit={handleSubmit} />
     </WithHeaderLayout>
   );
 };
diff --git a/x-pack/plugins/osquery/public/saved_queries/form/use_saved_query_form.tsx b/x-pack/plugins/osquery/public/saved_queries/form/use_saved_query_form.tsx
index cfa9b0c714827..92849b57f7122 100644
--- a/x-pack/plugins/osquery/public/saved_queries/form/use_saved_query_form.tsx
+++ b/x-pack/plugins/osquery/public/saved_queries/form/use_saved_query_form.tsx
@@ -13,35 +13,41 @@ import { useMemo } from 'react';
 import { convertECSMappingToObject } from '../../../common/schemas/common/utils';
 import { useForm } from '../../shared_imports';
 import { createFormSchema } from '../../packs/queries/schema';
-import type { PackFormData } from '../../packs/queries/use_pack_query_form';
+import type {
+  PackQueryECSMapping,
+  PackQueryFormData,
+} from '../../packs/queries/use_pack_query_form';
 import { useSavedQueries } from '../use_saved_queries';
 
 const SAVED_QUERY_FORM_ID = 'savedQueryForm';
 
+interface ReturnFormData {
+  id?: string;
+  description?: string;
+  query: string;
+  interval?: number;
+  platform?: string;
+  version?: string[];
+  ecs_mapping?: PackQueryECSMapping[] | undefined;
+}
+
 interface UseSavedQueryFormProps {
-  defaultValue?: unknown;
+  defaultValue?: PackQueryFormData;
   handleSubmit: (payload: unknown) => Promise<void>;
 }
 
 export const useSavedQueryForm = ({ defaultValue, handleSubmit }: UseSavedQueryFormProps) => {
   const { data } = useSavedQueries({});
-  const ids: string[] = useMemo<string[]>(
-    () => map(data?.saved_objects, 'attributes.id') ?? [],
-    [data]
-  );
+  const ids: string[] = useMemo<string[]>(() => map(data, 'attributes.id') ?? [], [data]);
   const idSet = useMemo<Set<string>>(() => {
     const res = new Set<string>(ids);
-    // @ts-expect-error update types
     if (defaultValue && defaultValue.id) res.delete(defaultValue.id);
 
     return res;
   }, [ids, defaultValue]);
-  const formSchema = useMemo<ReturnType<typeof createFormSchema>>(
-    () => createFormSchema(idSet),
-    [idSet]
-  );
+  const formSchema = useMemo(() => createFormSchema(idSet), [idSet]);
 
-  return useForm({
+  return useForm<PackQueryFormData, ReturnFormData>({
     id: SAVED_QUERY_FORM_ID + uuid.v4(),
     schema: formSchema,
     onSubmit: async (formData, isValid) => {
@@ -52,8 +58,8 @@ export const useSavedQueryForm = ({ defaultValue, handleSubmit }: UseSavedQueryF
         } catch (e) {}
       }
     },
-    // @ts-expect-error update types
     defaultValue,
+    // @ts-expect-error update types
     serializer: (payload) =>
       produce(payload, (draft) => {
         if (isArray(draft.version)) {
@@ -61,12 +67,12 @@ export const useSavedQueryForm = ({ defaultValue, handleSubmit }: UseSavedQueryF
             // @ts-expect-error update types
             draft.version = '';
           } else {
+            // @ts-expect-error update types
             draft.version = draft.version[0];
           }
         }
 
         if (isEmpty(payload.ecs_mapping)) {
-          // @ts-expect-error update types
           delete draft.ecs_mapping;
         } else {
           // @ts-expect-error update types
@@ -78,9 +84,8 @@ export const useSavedQueryForm = ({ defaultValue, handleSubmit }: UseSavedQueryF
 
         return draft;
       }),
-    // @ts-expect-error update types
     deserializer: (payload) => {
-      if (!payload) return {} as PackFormData;
+      if (!payload) return {} as ReturnFormData;
 
       return {
         id: payload.id,
@@ -89,16 +94,15 @@ export const useSavedQueryForm = ({ defaultValue, handleSubmit }: UseSavedQueryF
         interval: payload.interval ?? 3600,
         platform: payload.platform,
         version: payload.version ? [payload.version] : [],
-        ecs_mapping:
-          (!isEmpty(payload.ecs_mapping) &&
-            map(payload.ecs_mapping, (value, key) => ({
+        ecs_mapping: (!isEmpty(payload.ecs_mapping)
+          ? map(payload.ecs_mapping, (value, key: string) => ({
               key,
               result: {
                 type: Object.keys(value)[0],
                 value: Object.values(value)[0],
               },
-            }))) ??
-          [],
+            }))
+          : ([] as PackQueryECSMapping[])) as PackQueryECSMapping[],
       };
     },
   });
diff --git a/x-pack/plugins/osquery/public/saved_queries/saved_queries_dropdown.tsx b/x-pack/plugins/osquery/public/saved_queries/saved_queries_dropdown.tsx
index 9b15b193d8803..c70bad1a617c1 100644
--- a/x-pack/plugins/osquery/public/saved_queries/saved_queries_dropdown.tsx
+++ b/x-pack/plugins/osquery/public/saved_queries/saved_queries_dropdown.tsx
@@ -8,13 +8,13 @@
 import { find } from 'lodash/fp';
 import { EuiCodeBlock, EuiFormRow, EuiComboBox, EuiTextColor } from '@elastic/eui';
 import React, { useCallback, useEffect, useMemo, useState } from 'react';
-import type { SimpleSavedObject } from '@kbn/core/public';
 import styled from 'styled-components';
 import { QUERIES_DROPDOWN_LABEL, QUERIES_DROPDOWN_SEARCH_FIELD_LABEL } from './constants';
 import { OsquerySchemaLink } from '../components/osquery_schema_link';
 
 import { useSavedQueries } from './use_saved_queries';
 import { useFormData } from '../shared_imports';
+import type { SavedQuerySO } from '../routes/saved_queries/list';
 
 const TextTruncate = styled.div`
   overflow: hidden;
@@ -31,23 +31,17 @@ interface SavedQueriesDropdownProps {
   disabled?: boolean;
   onChange: (
     value:
-      | SimpleSavedObject<{
-          id: string;
-          description?: string | undefined;
-          query: string;
-        }>['attributes']
+      | (Pick<SavedQuerySO['attributes'], 'id' | 'description' | 'query' | 'ecs_mapping'> & {
+          savedQueryId: string;
+        })
       | null
   ) => void;
 }
 
 interface SelectedOption {
   label: string;
-  value: {
+  value: Pick<SavedQuerySO['attributes'], 'id' | 'description' | 'query' | 'ecs_mapping'> & {
     savedQueryId: string;
-    id: string;
-    description: string;
-    query: string;
-    ecs_mapping: Record<string, unknown>;
   };
 }
 
@@ -63,8 +57,7 @@ const SavedQueriesDropdownComponent: React.FC<SavedQueriesDropdownProps> = ({
 
   const queryOptions = useMemo(
     () =>
-      // @ts-expect-error update types
-      data?.saved_objects?.map((savedQuery) => ({
+      data?.data?.map((savedQuery) => ({
         label: savedQuery.attributes.id ?? '',
         value: {
           savedQueryId: savedQuery.id,
@@ -74,7 +67,7 @@ const SavedQueriesDropdownComponent: React.FC<SavedQueriesDropdownProps> = ({
           ecs_mapping: savedQuery.attributes.ecs_mapping,
         },
       })) ?? [],
-    [data?.saved_objects]
+    [data]
   );
 
   const handleSavedQueryChange = useCallback(
@@ -88,7 +81,7 @@ const SavedQueriesDropdownComponent: React.FC<SavedQueriesDropdownProps> = ({
 
       const selectedSavedQuery = find(
         ['attributes.id', newSelectedOptions[0].value.id],
-        data?.saved_objects
+        data?.data
       );
 
       if (selectedSavedQuery) {
@@ -97,7 +90,7 @@ const SavedQueriesDropdownComponent: React.FC<SavedQueriesDropdownProps> = ({
 
       setSelectedOptions(newSelectedOptions);
     },
-    [data?.saved_objects, onChange]
+    [data, onChange]
   );
 
   const renderOption = useCallback(
diff --git a/x-pack/plugins/osquery/public/saved_queries/saved_query_flyout.tsx b/x-pack/plugins/osquery/public/saved_queries/saved_query_flyout.tsx
index 0aed6a95e26ba..1e92294a5f1b4 100644
--- a/x-pack/plugins/osquery/public/saved_queries/saved_query_flyout.tsx
+++ b/x-pack/plugins/osquery/public/saved_queries/saved_query_flyout.tsx
@@ -24,9 +24,10 @@ import { Form } from '../shared_imports';
 import { useSavedQueryForm } from './form/use_saved_query_form';
 import { SavedQueryForm } from './form';
 import { useCreateSavedQuery } from './use_create_saved_query';
+import type { PackQueryFormData } from '../packs/queries/use_pack_query_form';
 
 interface AddQueryFlyoutProps {
-  defaultValue: unknown;
+  defaultValue: PackQueryFormData;
   onClose: () => void;
   isExternal?: boolean;
 }
@@ -41,7 +42,9 @@ const SavedQueryFlyoutComponent: React.FC<AddQueryFlyoutProps> = ({
   const createSavedQueryMutation = useCreateSavedQuery({ withRedirect: false });
 
   const handleSubmit = useCallback(
-    (payload) => createSavedQueryMutation.mutateAsync(payload).then(() => onClose()),
+    async (payload) => {
+      await createSavedQueryMutation.mutateAsync(payload).then(() => onClose());
+    },
     [createSavedQueryMutation, onClose]
   );
 
diff --git a/x-pack/plugins/osquery/public/saved_queries/use_create_saved_query.ts b/x-pack/plugins/osquery/public/saved_queries/use_create_saved_query.ts
index ecbaf8d08f71a..7081fda6e4484 100644
--- a/x-pack/plugins/osquery/public/saved_queries/use_create_saved_query.ts
+++ b/x-pack/plugins/osquery/public/saved_queries/use_create_saved_query.ts
@@ -13,6 +13,7 @@ import { PLUGIN_ID } from '../../common';
 import { pagePathGetters } from '../common/page_paths';
 import { SAVED_QUERIES_ID } from './constants';
 import { useErrorToast } from '../common/hooks/use_error_toast';
+import type { SavedQuerySO } from '../routes/saved_queries/list';
 
 interface UseCreateSavedQueryProps {
   withRedirect?: boolean;
@@ -27,20 +28,19 @@ export const useCreateSavedQuery = ({ withRedirect }: UseCreateSavedQueryProps)
   } = useKibana().services;
   const setErrorToast = useErrorToast();
 
-  return useMutation(
+  return useMutation<{ data: SavedQuerySO }, { body: { error: string; message: string } }>(
     (payload) =>
-      // eslint-disable-next-line @typescript-eslint/no-explicit-any
-      http.post<any>('/internal/osquery/saved_query', {
+      http.post('/api/osquery/saved_queries', {
         body: JSON.stringify(payload),
       }),
     {
-      onError: (error: { body: { error: string; message: string } }) => {
+      onError: (error) => {
         setErrorToast(error, {
           title: error.body.error,
           toastMessage: error.body.message,
         });
       },
-      onSuccess: (payload) => {
+      onSuccess: (response) => {
         queryClient.invalidateQueries(SAVED_QUERIES_ID);
         if (withRedirect) {
           navigateToApp(PLUGIN_ID, { path: pagePathGetters.saved_queries() });
@@ -50,7 +50,7 @@ export const useCreateSavedQuery = ({ withRedirect }: UseCreateSavedQueryProps)
           i18n.translate('xpack.osquery.newSavedQuery.successToastMessageText', {
             defaultMessage: 'Successfully saved "{savedQueryId}" query',
             values: {
-              savedQueryId: payload.attributes?.id ?? '',
+              savedQueryId: response.data.attributes?.id ?? '',
             },
           })
         );
diff --git a/x-pack/plugins/osquery/public/saved_queries/use_delete_saved_query.ts b/x-pack/plugins/osquery/public/saved_queries/use_delete_saved_query.ts
index de03b834f5e6a..e882a9ba2f1ea 100644
--- a/x-pack/plugins/osquery/public/saved_queries/use_delete_saved_query.ts
+++ b/x-pack/plugins/osquery/public/saved_queries/use_delete_saved_query.ts
@@ -27,7 +27,7 @@ export const useDeleteSavedQuery = ({ savedQueryId }: UseDeleteSavedQueryProps)
   } = useKibana().services;
   const setErrorToast = useErrorToast();
 
-  return useMutation(() => http.delete(`/internal/osquery/saved_query/${savedQueryId}`), {
+  return useMutation(() => http.delete(`/api/osquery/saved_queries/${savedQueryId}`), {
     onError: (error: { body: { error: string; message: string } }) => {
       setErrorToast(error, {
         title: error.body.error,
diff --git a/x-pack/plugins/osquery/public/saved_queries/use_saved_queries.ts b/x-pack/plugins/osquery/public/saved_queries/use_saved_queries.ts
index 9de40c759c2cf..acc08d5a2ceb6 100644
--- a/x-pack/plugins/osquery/public/saved_queries/use_saved_queries.ts
+++ b/x-pack/plugins/osquery/public/saved_queries/use_saved_queries.ts
@@ -7,31 +7,37 @@
 
 import { useQuery } from 'react-query';
 
+import type { SavedObjectsFindResponsePublic } from '@kbn/core/public';
 import { useKibana } from '../common/lib/kibana';
 import { useErrorToast } from '../common/hooks/use_error_toast';
 import { SAVED_QUERIES_ID } from './constants';
+import type { SavedQuerySO } from '../routes/saved_queries/list';
 
 export const useSavedQueries = ({
   isLive = false,
   pageIndex = 0,
   pageSize = 10000,
   sortField = 'updated_at',
-  sortDirection = 'desc',
+  sortOrder = 'desc',
 }) => {
   const { http } = useKibana().services;
   const setErrorToast = useErrorToast();
 
-  return useQuery(
-    [SAVED_QUERIES_ID, { pageIndex, pageSize, sortField, sortDirection }],
+  return useQuery<
+    Omit<SavedObjectsFindResponsePublic, 'savedObjects'> & {
+      data: SavedQuerySO[];
+    },
+    { body: { error: string; message: string } }
+  >(
+    [SAVED_QUERIES_ID, { pageIndex, pageSize, sortField, sortOrder }],
     () =>
-      // eslint-disable-next-line @typescript-eslint/no-explicit-any
-      http.get<any>('/internal/osquery/saved_query', {
-        query: { pageIndex, pageSize, sortField, sortDirection },
+      http.get('/api/osquery/saved_queries', {
+        query: { page: pageIndex + 1, pageSize, sort: sortField, sortOrder },
       }),
     {
       keepPreviousData: true,
       refetchInterval: isLive ? 10000 : false,
-      onError: (error: { body: { error: string; message: string } }) => {
+      onError: (error) => {
         setErrorToast(error, {
           title: error.body.error,
           toastMessage: error.body.message,
diff --git a/x-pack/plugins/osquery/public/saved_queries/use_saved_query.ts b/x-pack/plugins/osquery/public/saved_queries/use_saved_query.ts
index f05f38b8259ce..f146910f35c14 100644
--- a/x-pack/plugins/osquery/public/saved_queries/use_saved_query.ts
+++ b/x-pack/plugins/osquery/public/saved_queries/use_saved_query.ts
@@ -12,6 +12,7 @@ import { useKibana } from '../common/lib/kibana';
 import { pagePathGetters } from '../common/page_paths';
 import { useErrorToast } from '../common/hooks/use_error_toast';
 import { SAVED_QUERY_ID } from './constants';
+import type { SavedQuerySO } from '../routes/saved_queries/list';
 
 interface UseSavedQueryProps {
   savedQueryId: string;
@@ -24,13 +25,22 @@ export const useSavedQuery = ({ savedQueryId }: UseSavedQueryProps) => {
   } = useKibana().services;
   const setErrorToast = useErrorToast();
 
-  return useQuery(
+  return useQuery<
+    { data: SavedQuerySO } & {
+      error?: {
+        error: string;
+        message: string;
+      };
+    },
+    { body: { error: string; message: string } },
+    SavedQuerySO
+  >(
     [SAVED_QUERY_ID, { savedQueryId }],
-    // eslint-disable-next-line @typescript-eslint/no-explicit-any
-    () => http.get<any>(`/internal/osquery/saved_query/${savedQueryId}`),
+    () => http.get(`/api/osquery/saved_queries/${savedQueryId}`),
     {
       keepPreviousData: true,
       refetchOnWindowFocus: false,
+      select: (response) => response.data,
       onSuccess: (data) => {
         if (data.error) {
           setErrorToast(data.error, {
diff --git a/x-pack/plugins/osquery/public/saved_queries/use_update_saved_query.ts b/x-pack/plugins/osquery/public/saved_queries/use_update_saved_query.ts
index e31fb2d2f121f..95eb446e147bd 100644
--- a/x-pack/plugins/osquery/public/saved_queries/use_update_saved_query.ts
+++ b/x-pack/plugins/osquery/public/saved_queries/use_update_saved_query.ts
@@ -13,6 +13,7 @@ import { PLUGIN_ID } from '../../common';
 import { pagePathGetters } from '../common/page_paths';
 import { SAVED_QUERIES_ID, SAVED_QUERY_ID } from './constants';
 import { useErrorToast } from '../common/hooks/use_error_toast';
+import type { SavedQuerySO } from '../routes/saved_queries/list';
 
 interface UseUpdateSavedQueryProps {
   savedQueryId: string;
@@ -29,8 +30,7 @@ export const useUpdateSavedQuery = ({ savedQueryId }: UseUpdateSavedQueryProps)
 
   return useMutation(
     (payload) =>
-      // eslint-disable-next-line @typescript-eslint/no-explicit-any
-      http.put<any>(`/internal/osquery/saved_query/${savedQueryId}`, {
+      http.put(`/api/osquery/saved_queries/${savedQueryId}`, {
         body: JSON.stringify(payload),
       }),
     {
@@ -40,7 +40,7 @@ export const useUpdateSavedQuery = ({ savedQueryId }: UseUpdateSavedQueryProps)
           toastMessage: error.body.message,
         });
       },
-      onSuccess: (payload) => {
+      onSuccess: (payload: SavedQuerySO) => {
         queryClient.invalidateQueries(SAVED_QUERIES_ID);
         queryClient.invalidateQueries([SAVED_QUERY_ID, { savedQueryId }]);
         navigateToApp(PLUGIN_ID, { path: pagePathGetters.saved_queries() });
diff --git a/x-pack/plugins/osquery/public/shared_components/osquery_action/use_is_osquery_available.ts b/x-pack/plugins/osquery/public/shared_components/osquery_action/use_is_osquery_available.ts
index 452d1f4b24567..49b5d551f2000 100644
--- a/x-pack/plugins/osquery/public/shared_components/osquery_action/use_is_osquery_available.ts
+++ b/x-pack/plugins/osquery/public/shared_components/osquery_action/use_is_osquery_available.ts
@@ -6,8 +6,8 @@
  */
 
 import { useMemo } from 'react';
-import { find } from 'lodash';
-import type { AgentStatus } from '@kbn/fleet-plugin/common';
+import { find, isString } from 'lodash';
+import type { AgentStatus, PackagePolicy } from '@kbn/fleet-plugin/common';
 import { useAgentDetails } from '../../agents/use_agent_details';
 import { useAgentPolicy } from '../../agent_policies';
 import { OSQUERY_INTEGRATION_NAME } from '../../../common';
@@ -48,12 +48,12 @@ export const useIsOsqueryAvailable = (agentId?: string): IIsOsqueryAvailable =>
   const osqueryAvailable = useMemo(() => {
     if (policyError) return false;
 
-    const osqueryPackageInstalled = find(agentPolicyData?.package_policies, [
-      'package.name',
-      OSQUERY_INTEGRATION_NAME,
-    ]);
+    const osqueryPackageInstalled = find<PackagePolicy | string>(
+      agentPolicyData?.package_policies,
+      ['package.name', OSQUERY_INTEGRATION_NAME]
+    );
 
-    return osqueryPackageInstalled?.enabled;
+    return !isString(osqueryPackageInstalled) ? !!osqueryPackageInstalled?.enabled : false;
   }, [agentPolicyData?.package_policies, policyError]);
 
   return { osqueryAvailable, agentFetched, isLoading, policyFetched, policyLoading, agentData };
diff --git a/x-pack/plugins/osquery/public/shared_imports.ts b/x-pack/plugins/osquery/public/shared_imports.ts
index f8d57d0a11b5e..eef2814bae0e3 100644
--- a/x-pack/plugins/osquery/public/shared_imports.ts
+++ b/x-pack/plugins/osquery/public/shared_imports.ts
@@ -40,6 +40,7 @@ export {
   ToggleField,
   SelectField,
   JsonEditorField,
+  SuperSelectField,
 } from '@kbn/es-ui-shared-plugin/static/forms/components';
 export { fieldValidators } from '@kbn/es-ui-shared-plugin/static/forms/helpers';
 export type { ERROR_CODE } from '@kbn/es-ui-shared-plugin/static/forms/helpers/field_validators/types';
diff --git a/x-pack/plugins/osquery/server/common/types.ts b/x-pack/plugins/osquery/server/common/types.ts
index e7f1cf4e15320..28aeaaa0f2852 100644
--- a/x-pack/plugins/osquery/server/common/types.ts
+++ b/x-pack/plugins/osquery/server/common/types.ts
@@ -20,8 +20,9 @@ export interface PackSavedObjectAttributes {
   queries: Array<{
     id: string;
     name: string;
+    query: string;
     interval: number;
-    ecs_mapping: Record<string, unknown>;
+    ecs_mapping?: Record<string, unknown>;
   }>;
   version?: number;
   enabled: boolean | undefined;
@@ -29,6 +30,7 @@ export interface PackSavedObjectAttributes {
   created_by: string | undefined;
   updated_at: string;
   updated_by: string | undefined;
+  policy_ids?: string[];
 }
 
 export type PackSavedObject = SavedObject<PackSavedObjectAttributes>;
diff --git a/x-pack/plugins/osquery/server/create_data_views/index.ts b/x-pack/plugins/osquery/server/create_data_views/index.ts
new file mode 100644
index 0000000000000..8d1b41c2beb1b
--- /dev/null
+++ b/x-pack/plugins/osquery/server/create_data_views/index.ts
@@ -0,0 +1,19 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { DataViewsService } from '@kbn/data-views-plugin/common';
+
+export const createDataViews = async (dataViewsService: DataViewsService) => {
+  const dataView = (await dataViewsService.find('logs-osquery_manager.result*', 1))[0];
+  if (!dataView) {
+    await dataViewsService.createAndSave({
+      title: 'logs-osquery_manager.result*',
+      timeFieldName: '@timestamp',
+      namespaces: ['*'],
+    });
+  }
+};
diff --git a/x-pack/plugins/osquery/server/create_indices/action_responses_mapping.ts b/x-pack/plugins/osquery/server/create_indices/action_responses_mapping.ts
new file mode 100644
index 0000000000000..30ab1917ee3c9
--- /dev/null
+++ b/x-pack/plugins/osquery/server/create_indices/action_responses_mapping.ts
@@ -0,0 +1,96 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import type { MappingTypeMapping } from '@elastic/elasticsearch/lib/api/types';
+
+export const actionResponsesMapping: MappingTypeMapping = {
+  properties: {
+    '@timestamp': {
+      type: 'date',
+    },
+    action_data: {
+      properties: {
+        ecs_mapping: {
+          type: 'object',
+          enabled: false,
+        },
+        id: {
+          type: 'keyword',
+          ignore_above: 1024,
+        },
+        platform: {
+          type: 'keyword',
+          ignore_above: 1024,
+        },
+        query: {
+          type: 'keyword',
+          ignore_above: 1024,
+        },
+        saved_query_id: {
+          type: 'keyword',
+          ignore_above: 1024,
+        },
+        version: {
+          type: 'keyword',
+          ignore_above: 1024,
+        },
+      },
+    },
+    action_id: {
+      type: 'keyword',
+      ignore_above: 1024,
+    },
+    action_input_type: {
+      type: 'keyword',
+      ignore_above: 1024,
+    },
+    action_response: {
+      properties: {
+        osquery: {
+          properties: {
+            count: {
+              type: 'long',
+            },
+          },
+        },
+      },
+    },
+    agent_id: {
+      type: 'keyword',
+      ignore_above: 1024,
+    },
+    completed_at: {
+      type: 'date',
+    },
+    count: {
+      type: 'long',
+    },
+    error: {
+      type: 'text',
+      fields: {
+        keyword: {
+          type: 'keyword',
+          ignore_above: 1024,
+        },
+      },
+    },
+    event: {
+      properties: {
+        agent_id_status: {
+          type: 'keyword',
+          ignore_above: 1024,
+        },
+        ingested: {
+          type: 'date',
+          format: 'strict_date_time_no_millis||strict_date_optional_time||epoch_millis',
+        },
+      },
+    },
+    started_at: {
+      type: 'date',
+    },
+  },
+};
diff --git a/x-pack/plugins/osquery/server/create_indices/actions_mapping.ts b/x-pack/plugins/osquery/server/create_indices/actions_mapping.ts
new file mode 100644
index 0000000000000..c39f9e4a30b8a
--- /dev/null
+++ b/x-pack/plugins/osquery/server/create_indices/actions_mapping.ts
@@ -0,0 +1,115 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import type { MappingTypeMapping } from '@elastic/elasticsearch/lib/api/types';
+
+export const actionsMapping: MappingTypeMapping = {
+  properties: {
+    '@timestamp': {
+      type: 'date',
+    },
+    action_id: {
+      type: 'keyword',
+      ignore_above: 1024,
+    },
+    agent_ids: {
+      type: 'keyword',
+      ignore_above: 1024,
+    },
+    agents: {
+      type: 'keyword',
+      ignore_above: 1024,
+    },
+    data: {
+      properties: {
+        query: {
+          type: 'keyword',
+          ignore_above: 1024,
+        },
+      },
+    },
+    event: {
+      properties: {
+        agent_id_status: {
+          type: 'keyword',
+          ignore_above: 1024,
+        },
+        ingested: {
+          type: 'date',
+          format: 'strict_date_time_no_millis||strict_date_optional_time||epoch_millis',
+        },
+      },
+    },
+    expiration: {
+      type: 'date',
+    },
+    input_type: {
+      type: 'keyword',
+      ignore_above: 1024,
+    },
+    type: {
+      type: 'keyword',
+      ignore_above: 1024,
+    },
+    user_id: {
+      type: 'keyword',
+      ignore_above: 1024,
+    },
+    metadata: {
+      type: 'object',
+      enabled: false,
+    },
+    pack_id: {
+      type: 'keyword',
+      ignore_above: 1024,
+    },
+    pack_name: {
+      type: 'keyword',
+      ignore_above: 1024,
+    },
+    pack_prebuilt: {
+      type: 'boolean',
+    },
+    queries: {
+      properties: {
+        action_id: {
+          type: 'keyword',
+          ignore_above: 1024,
+        },
+        agents: {
+          type: 'keyword',
+          ignore_above: 1024,
+        },
+        ecs_mapping: {
+          type: 'object',
+          enabled: false,
+        },
+        id: {
+          type: 'keyword',
+          ignore_above: 1024,
+        },
+        platform: {
+          type: 'keyword',
+          ignore_above: 1024,
+        },
+        query: {
+          type: 'text',
+        },
+        saved_query_id: {
+          type: 'keyword',
+          ignore_above: 1024,
+        },
+        saved_query_prebuilt: {
+          type: 'boolean',
+        },
+        version: {
+          type: 'keyword',
+          ignore_above: 1024,
+        },
+      },
+    },
+  },
+};
diff --git a/x-pack/plugins/osquery/server/create_indices/create_transforms_indices.ts b/x-pack/plugins/osquery/server/create_indices/create_transforms_indices.ts
new file mode 100644
index 0000000000000..790510d6099ae
--- /dev/null
+++ b/x-pack/plugins/osquery/server/create_indices/create_transforms_indices.ts
@@ -0,0 +1,67 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import { transformError } from '@kbn/securitysolution-es-utils';
+import type { MappingTypeMapping } from '@elastic/elasticsearch/lib/api/types';
+import type { ElasticsearchClient, Logger } from '@kbn/core/server';
+import { actionsMapping } from './actions_mapping';
+import { actionResponsesMapping } from './action_responses_mapping';
+
+export const ACTIONS_INDEX_NAME = 'osquery_manager.actions';
+export const ACTIONS_INDEX_DEFAULT_NS = '.logs-' + ACTIONS_INDEX_NAME + '-default';
+
+export const ACTION_RESPONSES_INDEX_NAME = 'osquery_manager.action.responses';
+export const ACTION_RESPONSES_INDEX_DEFAULT_NS =
+  '.logs-' + ACTION_RESPONSES_INDEX_NAME + '-default';
+
+export const initializeTransformsIndices = async (esClient: ElasticsearchClient, logger: Logger) =>
+  Promise.all([
+    createIndexIfNotExists(
+      esClient,
+      ACTIONS_INDEX_NAME,
+      ACTIONS_INDEX_DEFAULT_NS,
+      actionsMapping,
+      logger
+    ),
+    createIndexIfNotExists(
+      esClient,
+      ACTION_RESPONSES_INDEX_NAME,
+      ACTION_RESPONSES_INDEX_DEFAULT_NS,
+      actionResponsesMapping,
+      logger
+    ),
+  ]);
+
+export const createIndexIfNotExists = async (
+  esClient: ElasticsearchClient,
+  indexTemplateName: string,
+  indexPattern: string,
+  mappings: MappingTypeMapping,
+  logger: Logger
+) => {
+  try {
+    const isLatestIndexExists = await esClient.indices.exists({
+      index: indexPattern,
+    });
+
+    if (!isLatestIndexExists) {
+      await esClient.indices.putIndexTemplate({
+        name: indexTemplateName,
+        index_patterns: indexPattern,
+        template: { mappings },
+        priority: 500,
+      });
+      await esClient.indices.create({
+        index: indexPattern,
+        mappings,
+      });
+    }
+  } catch (err) {
+    const error = transformError(err);
+    logger.error(`Failed to create the index template: ${indexTemplateName}`);
+    logger.error(error.message);
+  }
+};
diff --git a/x-pack/plugins/osquery/server/create_transforms/action_responses_transform.ts b/x-pack/plugins/osquery/server/create_transforms/action_responses_transform.ts
new file mode 100644
index 0000000000000..4d58260b71d92
--- /dev/null
+++ b/x-pack/plugins/osquery/server/create_transforms/action_responses_transform.ts
@@ -0,0 +1,47 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { TransformPutTransformRequest } from '@elastic/elasticsearch/lib/api/types';
+import { AGENT_ACTIONS_INDEX } from '@kbn/fleet-plugin/common';
+import { ACTION_RESPONSES_INDEX } from '../../common/constants';
+
+export const actionResponsesTransform: TransformPutTransformRequest = {
+  transform_id: 'osquery_manager.action_responses-default-0.0.1',
+  description: 'Latest osquery_manager action responses',
+  source: {
+    index: [`${AGENT_ACTIONS_INDEX}*`],
+    query: {
+      bool: {
+        should: [
+          {
+            match_phrase: {
+              action_input_type: 'osquery',
+            },
+          },
+        ],
+        minimum_should_match: 1,
+      },
+    },
+  },
+  dest: {
+    index: `${ACTION_RESPONSES_INDEX}-default`,
+  },
+  sync: {
+    time: {
+      field: '@timestamp',
+      delay: '1s',
+    },
+  },
+  latest: {
+    unique_key: ['@timestamp', 'action_id', 'agent_id'],
+    sort: '@timestamp',
+  },
+  frequency: '1s',
+  _meta: {
+    managed: 'true',
+  },
+};
diff --git a/x-pack/plugins/osquery/server/create_transforms/create_transforms.test.ts b/x-pack/plugins/osquery/server/create_transforms/create_transforms.test.ts
new file mode 100644
index 0000000000000..a7e6b53a184a2
--- /dev/null
+++ b/x-pack/plugins/osquery/server/create_transforms/create_transforms.test.ts
@@ -0,0 +1,128 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { elasticsearchClientMock } from '@kbn/core-elasticsearch-client-server-mocks';
+import { loggingSystemMock } from '@kbn/core/server/mocks';
+import { createTransformIfNotExists, startTransformIfNotStarted } from './create_transforms';
+import { actionResponsesTransform } from './action_responses_transform';
+
+const mockEsClient = elasticsearchClientMock.createClusterClient().asScoped().asInternalUser;
+
+describe('createTransformIfNotExist', () => {
+  let logger: ReturnType<typeof loggingSystemMock.createLogger>;
+
+  beforeEach(() => {
+    logger = loggingSystemMock.createLogger();
+    jest.resetAllMocks();
+  });
+
+  it('expect not to create if already exists', async () => {
+    mockEsClient.transform.getTransform.mockResolvedValue({ transforms: [], count: 1 });
+    await createTransformIfNotExists(mockEsClient, actionResponsesTransform, logger);
+    expect(mockEsClient.transform.getTransform).toHaveBeenCalledTimes(1);
+    expect(mockEsClient.transform.getTransform).toHaveBeenCalledWith({
+      transform_id: actionResponsesTransform.transform_id,
+    });
+    expect(mockEsClient.transform.putTransform).toHaveBeenCalledTimes(0);
+  });
+
+  it('expect to create if does not already exist', async () => {
+    mockEsClient.transform.getTransform.mockRejectedValue({ statusCode: 404 });
+    await createTransformIfNotExists(mockEsClient, actionResponsesTransform, logger);
+    expect(mockEsClient.transform.getTransform).toHaveBeenCalledTimes(1);
+    expect(mockEsClient.transform.getTransform).toHaveBeenCalledWith({
+      transform_id: actionResponsesTransform.transform_id,
+    });
+    expect(mockEsClient.transform.putTransform).toHaveBeenCalledTimes(1);
+    expect(mockEsClient.transform.putTransform).toHaveBeenCalledWith(actionResponsesTransform);
+  });
+
+  it('expect not to create if get error is not 404', async () => {
+    mockEsClient.transform.getTransform.mockRejectedValue({ statusCode: 400 });
+    await createTransformIfNotExists(mockEsClient, actionResponsesTransform, logger);
+    expect(mockEsClient.transform.getTransform).toHaveBeenCalledTimes(1);
+    expect(mockEsClient.transform.putTransform).toHaveBeenCalledTimes(0);
+  });
+});
+
+function getTransformWithState(state: string) {
+  return {
+    state,
+    checkpointing: { last: { checkpoint: 1 } },
+    id: '',
+    stats: {
+      documents_indexed: 0,
+      documents_processed: 0,
+      exponential_avg_checkpoint_duration_ms: 0,
+      exponential_avg_documents_indexed: 0,
+      exponential_avg_documents_processed: 0,
+      index_failures: 0,
+      index_time_in_ms: 0,
+      index_total: 0,
+      pages_processed: 0,
+      processing_time_in_ms: 0,
+      processing_total: 0,
+      search_failures: 0,
+      search_time_in_ms: 0,
+      search_total: 0,
+      trigger_count: 0,
+    },
+  };
+}
+
+describe('startTransformIfNotStarted', () => {
+  let logger: ReturnType<typeof loggingSystemMock.createLogger>;
+
+  beforeEach(() => {
+    logger = loggingSystemMock.createLogger();
+    jest.resetAllMocks();
+  });
+
+  ['failed', 'stopping', 'started', 'aborting', 'indexing'].forEach((state) =>
+    it(`expect not to start if state is ${state}`, async () => {
+      mockEsClient.transform.getTransformStats.mockResolvedValue({
+        transforms: [getTransformWithState(state)],
+        count: 1,
+      });
+      await startTransformIfNotStarted(mockEsClient, actionResponsesTransform.transform_id, logger);
+      expect(mockEsClient.transform.getTransformStats).toHaveBeenCalledTimes(1);
+      expect(mockEsClient.transform.getTransformStats).toHaveBeenCalledWith({
+        transform_id: actionResponsesTransform.transform_id,
+      });
+      expect(mockEsClient.transform.startTransform).toHaveBeenCalledTimes(0);
+    })
+  );
+
+  it('expect not to start if transform not found', async () => {
+    mockEsClient.transform.getTransformStats.mockResolvedValue({
+      transforms: [],
+      count: 0,
+    });
+    await startTransformIfNotStarted(mockEsClient, actionResponsesTransform.transform_id, logger);
+    expect(mockEsClient.transform.getTransformStats).toHaveBeenCalledTimes(1);
+    expect(mockEsClient.transform.getTransformStats).toHaveBeenCalledWith({
+      transform_id: actionResponsesTransform.transform_id,
+    });
+    expect(mockEsClient.transform.startTransform).toHaveBeenCalledTimes(0);
+  });
+
+  it('expect to start if state is stopped', async () => {
+    mockEsClient.transform.getTransformStats.mockResolvedValue({
+      transforms: [getTransformWithState('stopped')],
+      count: 1,
+    });
+    await startTransformIfNotStarted(mockEsClient, actionResponsesTransform.transform_id, logger);
+    expect(mockEsClient.transform.getTransformStats).toHaveBeenCalledTimes(1);
+    expect(mockEsClient.transform.getTransformStats).toHaveBeenCalledWith({
+      transform_id: actionResponsesTransform.transform_id,
+    });
+    expect(mockEsClient.transform.startTransform).toHaveBeenCalledTimes(1);
+    expect(mockEsClient.transform.startTransform).toHaveBeenCalledWith({
+      transform_id: actionResponsesTransform.transform_id,
+    });
+  });
+});
diff --git a/x-pack/plugins/osquery/server/create_transforms/create_transforms.ts b/x-pack/plugins/osquery/server/create_transforms/create_transforms.ts
new file mode 100644
index 0000000000000..b3c1b74967721
--- /dev/null
+++ b/x-pack/plugins/osquery/server/create_transforms/create_transforms.ts
@@ -0,0 +1,108 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import { transformError } from '@kbn/securitysolution-es-utils';
+import type { TransformPutTransformRequest } from '@elastic/elasticsearch/lib/api/types';
+import type { ElasticsearchClient, Logger } from '@kbn/core/server';
+import { actionResponsesTransform } from './action_responses_transform';
+
+// TODO: Move transforms to integration package
+export const initializeTransforms = async (
+  esClient: ElasticsearchClient,
+  logger: Logger
+): Promise<void> => {
+  await Promise.all([initializeTransform(esClient, actionResponsesTransform, logger)]);
+};
+
+export const initializeTransform = async (
+  esClient: ElasticsearchClient,
+  transform: TransformPutTransformRequest,
+  logger: Logger
+) =>
+  createTransformIfNotExists(esClient, transform, logger).then((succeeded) => {
+    if (succeeded) {
+      startTransformIfNotStarted(esClient, transform.transform_id, logger);
+    }
+  });
+
+/**
+ * Checks if a transform exists, And if not creates it
+ *
+ * @param transform - the transform to create. If a transform with the same transform_id already exists, nothing is created or updated.
+ *
+ * @return true if the transform exits or created, false otherwise.
+ */
+export const createTransformIfNotExists = async (
+  esClient: ElasticsearchClient,
+  transform: TransformPutTransformRequest,
+  logger: Logger
+) => {
+  try {
+    await esClient.transform.getTransform({
+      transform_id: transform.transform_id,
+    });
+
+    return true;
+  } catch (existErr) {
+    const existError = transformError(existErr);
+    if (existError.statusCode === 404) {
+      try {
+        await esClient.transform.putTransform(transform);
+
+        return true;
+      } catch (createErr) {
+        const createError = transformError(createErr);
+        logger.error(
+          `Failed to create transform ${transform.transform_id}: ${createError.message}`
+        );
+      }
+    } else {
+      logger.error(
+        `Failed to check if transform ${transform.transform_id} exists: ${existError.message}`
+      );
+    }
+  }
+
+  return false;
+};
+
+export const startTransformIfNotStarted = async (
+  esClient: ElasticsearchClient,
+  transformId: string,
+  logger: Logger
+) => {
+  try {
+    const transformStats = await esClient.transform.getTransformStats({
+      transform_id: transformId,
+    });
+    if (transformStats.count <= 0) {
+      logger.error(`Failed starting transform ${transformId}: couldn't find transform`);
+
+      return;
+    }
+
+    const fetchedTransformStats = transformStats.transforms[0];
+    if (fetchedTransformStats.state === 'stopped') {
+      try {
+        return await esClient.transform.startTransform({ transform_id: transformId });
+      } catch (startErr) {
+        const startError = transformError(startErr);
+        logger.error(`Failed starting transform ${transformId}: ${startError.message}`);
+      }
+    } else if (
+      fetchedTransformStats.state === 'stopping' ||
+      fetchedTransformStats.state === 'aborting' ||
+      fetchedTransformStats.state === 'failed'
+    ) {
+      logger.error(
+        `Not starting transform ${transformId} since it's state is: ${fetchedTransformStats.state}`
+      );
+    }
+  } catch (statsErr) {
+    const statsError = transformError(statsErr);
+    logger.error(`Failed to check if transform ${transformId} is started: ${statsError.message}`);
+  }
+};
diff --git a/x-pack/plugins/osquery/server/lib/parse_agent_groups.ts b/x-pack/plugins/osquery/server/lib/parse_agent_groups.ts
index ec028a6c4dbd9..ab82b629f59ea 100644
--- a/x-pack/plugins/osquery/server/lib/parse_agent_groups.ts
+++ b/x-pack/plugins/osquery/server/lib/parse_agent_groups.ts
@@ -12,10 +12,10 @@ import { OSQUERY_INTEGRATION_NAME } from '../../common';
 import type { OsqueryAppContext } from './osquery_app_context_services';
 
 export interface AgentSelection {
-  agents: string[];
-  allAgentsSelected: boolean;
-  platformsSelected: string[];
-  policiesSelected: string[];
+  agents?: string[];
+  allAgentsSelected?: boolean;
+  platformsSelected?: string[];
+  policiesSelected?: string[];
 }
 
 const PER_PAGE = 9000;
@@ -41,7 +41,12 @@ export const parseAgentSelection = async (
 ) => {
   const selectedAgents: Set<string> = new Set();
   const addAgent = selectedAgents.add.bind(selectedAgents);
-  const { allAgentsSelected, platformsSelected, policiesSelected, agents } = agentSelection;
+  const {
+    allAgentsSelected = false,
+    platformsSelected = [],
+    policiesSelected = [],
+    agents = [],
+  } = agentSelection;
   const agentService = context.service.getAgentService()?.asInternalUser;
   const packagePolicyService = context.service.getPackagePolicyService();
   const kueryFragments = [];
diff --git a/x-pack/plugins/osquery/server/lib/telemetry/constants.ts b/x-pack/plugins/osquery/server/lib/telemetry/constants.ts
index 69ef5cc601dbe..dc6fac7a55f02 100644
--- a/x-pack/plugins/osquery/server/lib/telemetry/constants.ts
+++ b/x-pack/plugins/osquery/server/lib/telemetry/constants.ts
@@ -9,6 +9,7 @@ export const TELEMETRY_MAX_BUFFER_SIZE = 100;
 
 export const MAX_PACK_TELEMETRY_BATCH = 100;
 
+export const TELEMETRY_CHANNEL_CONFIGS = 'osquery-configs';
+export const TELEMETRY_CHANNEL_LIVE_QUERIES = 'osquery-live-queries-test';
 export const TELEMETRY_CHANNEL_PACKS = 'osquery-packs';
-
 export const TELEMETRY_CHANNEL_SAVED_QUERIES = 'osquery-saved-queries';
diff --git a/x-pack/plugins/osquery/server/lib/telemetry/helpers.ts b/x-pack/plugins/osquery/server/lib/telemetry/helpers.ts
index 97db8541e4004..93f410fc2da64 100644
--- a/x-pack/plugins/osquery/server/lib/telemetry/helpers.ts
+++ b/x-pack/plugins/osquery/server/lib/telemetry/helpers.ts
@@ -7,9 +7,31 @@
 
 import moment from 'moment';
 import type { SavedObjectsFindResponse } from '@kbn/core/server';
-import { copyAllowlistedFields, packEventFields, savedQueryEventFields } from './filters';
+import type { PackagePolicy } from '@kbn/fleet-plugin/common';
 import type { ESClusterInfo, ESLicense, ListTemplate, TelemetryEvent } from './types';
 
+/**
+ * Constructs the configs telemetry schema from a collection of config saved objects
+ */
+export const templateConfigs = (
+  configsData: PackagePolicy[],
+  clusterInfo: ESClusterInfo,
+  licenseInfo: ESLicense | undefined
+) =>
+  configsData.map((item) => {
+    const template: ListTemplate = {
+      '@timestamp': moment().toISOString(),
+      cluster_uuid: clusterInfo.cluster_uuid,
+      cluster_name: clusterInfo.cluster_name,
+      license_id: licenseInfo?.uid,
+    };
+
+    return {
+      ...template,
+      ...item,
+    };
+  });
+
 /**
  * Constructs the packs telemetry schema from a collection of packs saved objects
  */
@@ -26,16 +48,10 @@ export const templatePacks = (
       license_id: licenseInfo?.uid,
     };
 
-    // cast exception list type to a TelemetryEvent for allowlist filtering
-    const filteredPackItem = copyAllowlistedFields(
-      packEventFields,
-      item.attributes as unknown as TelemetryEvent
-    );
-
     return {
       ...template,
       id: item.id,
-      ...filteredPackItem,
+      ...(item.attributes as TelemetryEvent),
     };
   });
 
@@ -55,16 +71,10 @@ export const templateSavedQueries = (
       license_id: licenseInfo?.uid,
     };
 
-    // cast exception list type to a TelemetryEvent for allowlist filtering
-    const filteredSavedQueryItem = copyAllowlistedFields(
-      savedQueryEventFields,
-      item.attributes as unknown as TelemetryEvent
-    );
-
     return {
       ...template,
       id: item.id,
-      ...filteredSavedQueryItem,
+      ...(item.attributes as TelemetryEvent),
     };
   });
 
diff --git a/x-pack/plugins/osquery/server/lib/telemetry/receiver.ts b/x-pack/plugins/osquery/server/lib/telemetry/receiver.ts
index a8b4315ec1d23..5ed224e0e40b8 100644
--- a/x-pack/plugins/osquery/server/lib/telemetry/receiver.ts
+++ b/x-pack/plugins/osquery/server/lib/telemetry/receiver.ts
@@ -12,7 +12,13 @@ import type {
   SavedObjectsClientContract,
 } from '@kbn/core/server';
 
-import type { AgentClient, AgentPolicyServiceInterface } from '@kbn/fleet-plugin/server';
+import type {
+  AgentClient,
+  AgentPolicyServiceInterface,
+  PackagePolicyServiceInterface,
+} from '@kbn/fleet-plugin/server';
+import { PACKAGE_POLICY_SAVED_OBJECT_TYPE } from '@kbn/fleet-plugin/common';
+import { OSQUERY_INTEGRATION_NAME } from '../../../common';
 import { packSavedObjectType, savedQuerySavedObjectType } from '../../../common/types';
 import type { ESLicense, ESClusterInfo } from './types';
 import type { OsqueryAppContextService } from '../osquery_app_context_services';
@@ -21,6 +27,7 @@ export class TelemetryReceiver {
   private readonly logger: Logger;
   private agentClient?: AgentClient;
   private agentPolicyService?: AgentPolicyServiceInterface;
+  private packagePolicyService?: PackagePolicyServiceInterface;
   private esClient?: ElasticsearchClient;
   private soClient?: SavedObjectsClientContract;
   private clusterInfo?: ESClusterInfo;
@@ -30,12 +37,13 @@ export class TelemetryReceiver {
     this.logger = logger.get('telemetry_events');
   }
 
-  public async start(core?: CoreStart, osqueryContextService?: OsqueryAppContextService) {
+  public async start(core: CoreStart, osqueryContextService?: OsqueryAppContextService) {
     this.agentClient = osqueryContextService?.getAgentService()?.asInternalUser;
     this.agentPolicyService = osqueryContextService?.getAgentPolicyService();
-    this.esClient = core?.elasticsearch.client.asInternalUser;
+    this.packagePolicyService = osqueryContextService?.getPackagePolicyService();
+    this.esClient = core.elasticsearch.client.asInternalUser;
     this.soClient =
-      core?.savedObjects.createInternalRepository() as unknown as SavedObjectsClientContract;
+      core.savedObjects.createInternalRepository() as unknown as SavedObjectsClientContract;
     this.clusterInfo = await this.fetchClusterInfo();
   }
 
@@ -44,7 +52,7 @@ export class TelemetryReceiver {
   }
 
   public async fetchPacks() {
-    return await this.soClient?.find({
+    return this.soClient?.find({
       type: packSavedObjectType,
       page: 1,
       perPage: this.max_records,
@@ -54,7 +62,7 @@ export class TelemetryReceiver {
   }
 
   public async fetchSavedQueries() {
-    return await this.soClient?.find({
+    return this.soClient?.find({
       type: savedQuerySavedObjectType,
       page: 1,
       perPage: this.max_records,
@@ -63,8 +71,20 @@ export class TelemetryReceiver {
     });
   }
 
+  public async fetchConfigs() {
+    if (this.soClient) {
+      return this.packagePolicyService?.list(this.soClient, {
+        kuery: `${PACKAGE_POLICY_SAVED_OBJECT_TYPE}.package.name:${OSQUERY_INTEGRATION_NAME}`,
+        perPage: 1000,
+        page: 1,
+      });
+    }
+
+    throw Error('elasticsearch client is unavailable: cannot retrieve fleet policy responses');
+  }
+
   public async fetchFleetAgents() {
-    if (this.esClient === undefined || this.esClient === null) {
+    if (this.esClient === undefined || this.soClient === null) {
       throw Error('elasticsearch client is unavailable: cannot retrieve fleet policy responses');
     }
 
@@ -100,15 +120,15 @@ export class TelemetryReceiver {
     }
 
     try {
-      const ret = (await this.esClient.transport.request({
+      const ret = await this.esClient.transport.request<{ license: ESLicense }>({
         method: 'GET',
         path: '/_license',
         querystring: {
           local: true,
         },
-      })) as { license: ESLicense };
+      });
 
-      return (await ret).license;
+      return ret.license;
     } catch (err) {
       this.logger.debug(`failed retrieving license: ${err}`);
 
diff --git a/x-pack/plugins/osquery/server/lib/telemetry/tasks/configs.ts b/x-pack/plugins/osquery/server/lib/telemetry/tasks/configs.ts
new file mode 100644
index 0000000000000..fe67033031224
--- /dev/null
+++ b/x-pack/plugins/osquery/server/lib/telemetry/tasks/configs.ts
@@ -0,0 +1,57 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { Logger } from '@kbn/core/server';
+import { TELEMETRY_CHANNEL_CONFIGS } from '../constants';
+import { templateConfigs } from '../helpers';
+import type { TelemetryEventsSender } from '../sender';
+import type { TelemetryReceiver } from '../receiver';
+import type { ESClusterInfo, ESLicense } from '../types';
+
+export function createTelemetryConfigsTaskConfig() {
+  return {
+    type: 'osquery:telemetry-configs',
+    title: 'Osquery Configs Telemetry',
+    interval: '5m',
+    timeout: '10m',
+    version: '1.0.0',
+    runTask: async (
+      taskId: string,
+      logger: Logger,
+      receiver: TelemetryReceiver,
+      sender: TelemetryEventsSender
+    ) => {
+      const [clusterInfoPromise, licenseInfoPromise] = await Promise.allSettled([
+        receiver.fetchClusterInfo(),
+        receiver.fetchLicenseInfo(),
+      ]);
+
+      const clusterInfo =
+        clusterInfoPromise.status === 'fulfilled'
+          ? clusterInfoPromise.value
+          : ({} as ESClusterInfo);
+      const licenseInfo =
+        licenseInfoPromise.status === 'fulfilled'
+          ? licenseInfoPromise.value
+          : ({} as ESLicense | undefined);
+
+      const configsResponse = await receiver.fetchConfigs();
+
+      if (!configsResponse?.total) {
+        logger.debug('no configs found');
+
+        return 0;
+      }
+
+      const configsJson = templateConfigs(configsResponse?.items, clusterInfo, licenseInfo);
+
+      sender.sendOnDemand(TELEMETRY_CHANNEL_CONFIGS, configsJson);
+
+      return configsResponse.total;
+    },
+  };
+}
diff --git a/x-pack/plugins/osquery/server/lib/telemetry/tasks/index.ts b/x-pack/plugins/osquery/server/lib/telemetry/tasks/index.ts
index 6ca7814daf401..49c7fb056b6b9 100644
--- a/x-pack/plugins/osquery/server/lib/telemetry/tasks/index.ts
+++ b/x-pack/plugins/osquery/server/lib/telemetry/tasks/index.ts
@@ -8,7 +8,12 @@
 import type { OsqueryTelemetryTaskConfig } from '../task';
 import { createTelemetryPacksTaskConfig } from './packs';
 import { createTelemetrySavedQueriesTaskConfig } from './saved_queries';
+import { createTelemetryConfigsTaskConfig } from './configs';
 
 export function createTelemetryTaskConfigs(): OsqueryTelemetryTaskConfig[] {
-  return [createTelemetryPacksTaskConfig(), createTelemetrySavedQueriesTaskConfig()];
+  return [
+    createTelemetryPacksTaskConfig(),
+    createTelemetrySavedQueriesTaskConfig(),
+    createTelemetryConfigsTaskConfig(),
+  ];
 }
diff --git a/x-pack/plugins/osquery/server/plugin.ts b/x-pack/plugins/osquery/server/plugin.ts
index fd5ae2eca6005..f21680c0a4c7b 100644
--- a/x-pack/plugins/osquery/server/plugin.ts
+++ b/x-pack/plugins/osquery/server/plugin.ts
@@ -13,8 +13,11 @@ import type {
   Plugin,
   Logger,
 } from '@kbn/core/server';
-import { SavedObjectsClient, DEFAULT_APP_CATEGORIES } from '@kbn/core/server';
+import { DEFAULT_APP_CATEGORIES, SavedObjectsClient } from '@kbn/core/server';
 import type { UsageCounter } from '@kbn/usage-collection-plugin/server';
+import type { PackagePolicy } from '@kbn/fleet-plugin/common';
+import type { DataRequestHandlerContext } from '@kbn/data-plugin/server';
+import type { DataViewsService } from '@kbn/data-views-plugin/common';
 
 import { createConfig } from './create_config';
 import type { OsqueryPluginSetup, OsqueryPluginStart, SetupPlugins, StartPlugins } from './types';
@@ -30,10 +33,13 @@ import {
   packAssetSavedObjectType,
   savedQuerySavedObjectType,
 } from '../common/types';
-import { PLUGIN_ID } from '../common';
+import { OSQUERY_INTEGRATION_NAME, PLUGIN_ID } from '../common';
 import { getPackagePolicyDeleteCallback } from './lib/fleet_integration';
 import { TelemetryEventsSender } from './lib/telemetry/sender';
 import { TelemetryReceiver } from './lib/telemetry/receiver';
+import { initializeTransformsIndices } from './create_indices/create_transforms_indices';
+import { initializeTransforms } from './create_transforms/create_transforms';
+import { createDataViews } from './create_data_views';
 
 const registerFeatures = (features: SetupPlugins['features']) => {
   features.registerKibanaFeature({
@@ -214,7 +220,7 @@ export class OsqueryPlugin implements Plugin<OsqueryPluginSetup, OsqueryPluginSt
 
     registerFeatures(plugins.features);
 
-    const router = core.http.createRouter();
+    const router = core.http.createRouter<DataRequestHandlerContext>();
 
     const osqueryContext: OsqueryAppContext = {
       logFactory: this.context.logger,
@@ -234,12 +240,14 @@ export class OsqueryPlugin implements Plugin<OsqueryPluginSetup, OsqueryPluginSt
 
     this.telemetryUsageCounter = plugins.usageCollection?.createUsageCounter(PLUGIN_ID);
 
-    defineRoutes(router, osqueryContext);
-
-    core.getStartServices().then(([, depsStart]) => {
-      const osquerySearchStrategy = osquerySearchStrategyProvider(depsStart.data);
+    core.getStartServices().then(([{ elasticsearch }, depsStart]) => {
+      const osquerySearchStrategy = osquerySearchStrategyProvider(
+        depsStart.data,
+        elasticsearch.client
+      );
 
       plugins.data.search.registerSearchStrategy('osquerySearchStrategy', osquerySearchStrategy);
+      defineRoutes(router, osqueryContext);
     });
 
     this.telemetryEventsSender.setup(
@@ -273,11 +281,39 @@ export class OsqueryPlugin implements Plugin<OsqueryPluginSetup, OsqueryPluginSt
       this.telemetryReceiver
     );
 
-    if (registerIngestCallback) {
+    plugins.fleet?.fleetSetupCompleted().then(async () => {
+      const packageInfo = await plugins.fleet?.packageService.asInternalUser.getInstallation(
+        OSQUERY_INTEGRATION_NAME
+      );
       const client = new SavedObjectsClient(core.savedObjects.createInternalRepository());
 
-      registerIngestCallback('postPackagePolicyDelete', getPackagePolicyDeleteCallback(client));
-    }
+      const dataViewsService = await plugins.dataViews.dataViewsServiceFactory(
+        client,
+        core.elasticsearch.client.asInternalUser,
+        undefined,
+        true
+      );
+
+      // If package is installed we want to make sure all needed assets are installed
+      if (packageInfo) {
+        await this.initialize(core, dataViewsService);
+      }
+
+      if (registerIngestCallback) {
+        registerIngestCallback(
+          'packagePolicyPostCreate',
+          async (packagePolicy: PackagePolicy): Promise<PackagePolicy> => {
+            if (packagePolicy.package?.name === OSQUERY_INTEGRATION_NAME) {
+              await this.initialize(core, dataViewsService);
+            }
+
+            return packagePolicy;
+          }
+        );
+
+        registerIngestCallback('postPackagePolicyDelete', getPackagePolicyDeleteCallback(client));
+      }
+    });
 
     return {};
   }
@@ -287,4 +323,11 @@ export class OsqueryPlugin implements Plugin<OsqueryPluginSetup, OsqueryPluginSt
     this.telemetryEventsSender.stop();
     this.osqueryAppContextService.stop();
   }
+
+  async initialize(core: CoreStart, dataViewsService: DataViewsService): Promise<void> {
+    this.logger.debug('initialize');
+    await initializeTransformsIndices(core.elasticsearch.client.asInternalUser, this.logger);
+    await initializeTransforms(core.elasticsearch.client.asInternalUser, this.logger);
+    await createDataViews(dataViewsService);
+  }
 }
diff --git a/x-pack/plugins/osquery/server/routes/action/create_action_route.ts b/x-pack/plugins/osquery/server/routes/action/create_action_route.ts
deleted file mode 100644
index 8534c29144822..0000000000000
--- a/x-pack/plugins/osquery/server/routes/action/create_action_route.ts
+++ /dev/null
@@ -1,123 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { pickBy, isEmpty } from 'lodash';
-import uuid from 'uuid';
-import moment from 'moment-timezone';
-
-import type { IRouter } from '@kbn/core/server';
-import type { OsqueryAppContext } from '../../lib/osquery_app_context_services';
-
-import type { AgentSelection } from '../../lib/parse_agent_groups';
-import { parseAgentSelection } from '../../lib/parse_agent_groups';
-import { buildRouteValidation } from '../../utils/build_validation/route_validation';
-import type { CreateActionRequestBodySchema } from '../../../common/schemas/routes/action/create_action_request_body_schema';
-import { createActionRequestBodySchema } from '../../../common/schemas/routes/action/create_action_request_body_schema';
-
-import { incrementCount } from '../usage';
-import { getInternalSavedObjectsClient } from '../../usage/collector';
-import { savedQuerySavedObjectType } from '../../../common/types';
-
-export const createActionRoute = (router: IRouter, osqueryContext: OsqueryAppContext) => {
-  router.post(
-    {
-      path: '/internal/osquery/action',
-      validate: {
-        body: buildRouteValidation<
-          typeof createActionRequestBodySchema,
-          CreateActionRequestBodySchema
-        >(createActionRequestBodySchema),
-      },
-    },
-    async (context, request, response) => {
-      const coreContext = await context.core;
-      const esClient = coreContext.elasticsearch.client.asInternalUser;
-      const soClient = coreContext.savedObjects.client;
-      const internalSavedObjectsClient = await getInternalSavedObjectsClient(
-        osqueryContext.getStartServices
-      );
-      const [coreStartServices] = await osqueryContext.getStartServices();
-      let savedQueryId = request.body.saved_query_id;
-
-      const {
-        osquery: { writeLiveQueries, runSavedQueries },
-      } = await coreStartServices.capabilities.resolveCapabilities(request);
-
-      const isInvalid = !(writeLiveQueries || (runSavedQueries && request.body.saved_query_id));
-
-      if (isInvalid) {
-        return response.forbidden();
-      }
-
-      if (request.body.saved_query_id && runSavedQueries) {
-        const savedQueries = await soClient.find({
-          type: savedQuerySavedObjectType,
-        });
-        const actualSavedQuery = savedQueries.saved_objects.find(
-          (savedQuery) => savedQuery.id === request.body.saved_query_id
-        );
-
-        if (actualSavedQuery) {
-          savedQueryId = actualSavedQuery.id;
-        }
-      }
-
-      const { agentSelection } = request.body as { agentSelection: AgentSelection };
-      const selectedAgents = await parseAgentSelection(
-        internalSavedObjectsClient,
-        osqueryContext,
-        agentSelection
-      );
-      incrementCount(internalSavedObjectsClient, 'live_query');
-      if (!selectedAgents.length) {
-        incrementCount(internalSavedObjectsClient, 'live_query', 'errors');
-
-        return response.badRequest({ body: new Error('No agents found for selection') });
-      }
-
-      try {
-        const currentUser = await osqueryContext.security.authc.getCurrentUser(request)?.username;
-        const action = {
-          action_id: uuid.v4(),
-          '@timestamp': moment().toISOString(),
-          expiration: moment().add(5, 'minutes').toISOString(),
-          type: 'INPUT_ACTION',
-          input_type: 'osquery',
-          agents: selectedAgents,
-          user_id: currentUser,
-          data: pickBy(
-            {
-              id: uuid.v4(),
-              query: request.body.query,
-              saved_query_id: savedQueryId,
-              ecs_mapping: request.body.ecs_mapping,
-            },
-            (value) => !isEmpty(value)
-          ),
-        };
-        const actionResponse = await esClient.index({
-          index: '.fleet-actions',
-          body: action,
-        });
-
-        return response.ok({
-          body: {
-            response: actionResponse,
-            actions: [action],
-          },
-        });
-      } catch (error) {
-        incrementCount(internalSavedObjectsClient, 'live_query', 'errors');
-
-        return response.customError({
-          statusCode: 500,
-          body: new Error(`Error occurred while processing ${error}`),
-        });
-      }
-    }
-  );
-};
diff --git a/x-pack/plugins/osquery/server/routes/action/index.ts b/x-pack/plugins/osquery/server/routes/action/index.ts
deleted file mode 100644
index 81b873d2f0456..0000000000000
--- a/x-pack/plugins/osquery/server/routes/action/index.ts
+++ /dev/null
@@ -1,14 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import type { IRouter } from '@kbn/core/server';
-import { createActionRoute } from './create_action_route';
-import type { OsqueryAppContext } from '../../lib/osquery_app_context_services';
-
-export const initActionRoutes = (router: IRouter, context: OsqueryAppContext) => {
-  createActionRoute(router, context);
-};
diff --git a/x-pack/plugins/osquery/server/routes/index.ts b/x-pack/plugins/osquery/server/routes/index.ts
index fb2ea12043ecd..ca6b3239bb3da 100644
--- a/x-pack/plugins/osquery/server/routes/index.ts
+++ b/x-pack/plugins/osquery/server/routes/index.ts
@@ -6,7 +6,8 @@
  */
 
 import type { IRouter } from '@kbn/core/server';
-import { initActionRoutes } from './action';
+import type { DataRequestHandlerContext } from '@kbn/data-plugin/server';
+import { initLiveQueryRoutes } from './live_query';
 import type { OsqueryAppContext } from '../lib/osquery_app_context_services';
 import { initSavedQueryRoutes } from './saved_query';
 import { initStatusRoutes } from './status';
@@ -15,8 +16,11 @@ import { initPackRoutes } from './pack';
 import { initPrivilegesCheckRoutes } from './privileges_check';
 import { initAssetRoutes } from './asset';
 
-export const defineRoutes = (router: IRouter, context: OsqueryAppContext) => {
-  initActionRoutes(router, context);
+export const defineRoutes = (
+  router: IRouter<DataRequestHandlerContext>,
+  context: OsqueryAppContext
+) => {
+  initLiveQueryRoutes(router, context);
   initStatusRoutes(router, context);
   initPackRoutes(router, context);
   initFleetWrapperRoutes(router, context);
diff --git a/x-pack/plugins/osquery/server/routes/live_query/create_live_query_route.ts b/x-pack/plugins/osquery/server/routes/live_query/create_live_query_route.ts
new file mode 100644
index 0000000000000..07f9b31270822
--- /dev/null
+++ b/x-pack/plugins/osquery/server/routes/live_query/create_live_query_route.ts
@@ -0,0 +1,199 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { some, flatten, map, pick, pickBy, isEmpty } from 'lodash';
+import uuid from 'uuid';
+import moment from 'moment-timezone';
+
+import type { IRouter } from '@kbn/core/server';
+import { AGENT_ACTIONS_INDEX } from '@kbn/fleet-plugin/common';
+import type { OsqueryAppContext } from '../../lib/osquery_app_context_services';
+
+import { parseAgentSelection } from '../../lib/parse_agent_groups';
+import { buildRouteValidation } from '../../utils/build_validation/route_validation';
+import type { CreateLiveQueryRequestBodySchema } from '../../../common/schemas/routes/live_query';
+import { createLiveQueryRequestBodySchema } from '../../../common/schemas/routes/live_query';
+
+import { getInternalSavedObjectsClient } from '../../usage/collector';
+import { packSavedObjectType, savedQuerySavedObjectType } from '../../../common/types';
+import { ACTIONS_INDEX } from '../../../common/constants';
+import { convertSOQueriesToPack } from '../pack/utils';
+import type { PackSavedObjectAttributes } from '../../common/types';
+import { TELEMETRY_CHANNEL_LIVE_QUERIES } from '../../lib/telemetry/constants';
+import { isSavedQueryPrebuilt } from '../saved_query/utils';
+
+export const createLiveQueryRoute = (router: IRouter, osqueryContext: OsqueryAppContext) => {
+  router.post(
+    {
+      path: '/api/osquery/live_queries',
+      validate: {
+        body: buildRouteValidation<
+          typeof createLiveQueryRequestBodySchema,
+          CreateLiveQueryRequestBodySchema
+        >(createLiveQueryRequestBodySchema),
+      },
+    },
+    async (context, request, response) => {
+      const coreContext = await context.core;
+      const esClient = coreContext.elasticsearch.client.asInternalUser;
+      const soClient = coreContext.savedObjects.client;
+      const internalSavedObjectsClient = await getInternalSavedObjectsClient(
+        osqueryContext.getStartServices
+      );
+      const [coreStartServices] = await osqueryContext.getStartServices();
+      let savedQueryId = request.body.saved_query_id;
+
+      const {
+        osquery: { writeLiveQueries, runSavedQueries },
+      } = await coreStartServices.capabilities.resolveCapabilities(request);
+
+      const isInvalid = !(writeLiveQueries || (runSavedQueries && request.body.saved_query_id));
+
+      if (isInvalid) {
+        return response.forbidden();
+      }
+
+      if (request.body.saved_query_id && runSavedQueries) {
+        const savedQueries = await soClient.find({
+          type: savedQuerySavedObjectType,
+        });
+        const actualSavedQuery = savedQueries.saved_objects.find(
+          (savedQuery) => savedQuery.id === request.body.saved_query_id
+        );
+
+        if (actualSavedQuery) {
+          savedQueryId = actualSavedQuery.id;
+        }
+      }
+
+      // eslint-disable-next-line @typescript-eslint/naming-convention
+      const { agent_all, agent_ids, agent_platforms, agent_policy_ids } = request.body;
+      const selectedAgents = await parseAgentSelection(internalSavedObjectsClient, osqueryContext, {
+        agents: agent_ids,
+        allAgentsSelected: !!agent_all,
+        platformsSelected: agent_platforms,
+        policiesSelected: agent_policy_ids,
+      });
+      if (!selectedAgents.length) {
+        return response.badRequest({ body: new Error('No agents found for selection') });
+      }
+
+      try {
+        const currentUser = await osqueryContext.security.authc.getCurrentUser(request)?.username;
+
+        let packSO;
+
+        if (request.body.pack_id) {
+          packSO = await soClient.get<PackSavedObjectAttributes>(
+            packSavedObjectType,
+            request.body.pack_id
+          );
+        }
+
+        const osqueryAction = {
+          action_id: uuid.v4(),
+          '@timestamp': moment().toISOString(),
+          expiration: moment().add(5, 'minutes').toISOString(),
+          type: 'INPUT_ACTION',
+          input_type: 'osquery',
+          alert_ids: request.body.alert_ids,
+          event_ids: request.body.event_ids,
+          case_ids: request.body.case_ids,
+          agent_ids: request.body.agent_ids,
+          agent_all: request.body.agent_all,
+          agent_platforms: request.body.agent_platforms,
+          agent_policy_ids: request.body.agent_policy_ids,
+          agents: selectedAgents,
+          user_id: currentUser,
+          metadata: request.body.metadata,
+          pack_id: request.body.pack_id,
+          pack_name: packSO?.attributes?.name,
+          pack_prebuilt: request.body.pack_id
+            ? !!some(packSO?.references, ['type', 'osquery-pack-asset'])
+            : undefined,
+          queries: packSO
+            ? map(convertSOQueriesToPack(packSO.attributes.queries), (packQuery, packQueryId) =>
+                pickBy(
+                  {
+                    action_id: uuid.v4(),
+                    id: packQueryId,
+                    query: packQuery.query,
+                    ecs_mapping: packQuery.ecs_mapping,
+                    version: packQuery.version,
+                    platform: packQuery.platform,
+                    agents: selectedAgents,
+                  },
+                  (value) => !isEmpty(value)
+                )
+              )
+            : [
+                pickBy(
+                  {
+                    action_id: uuid.v4(),
+                    id: uuid.v4(),
+                    query: request.body.query,
+                    saved_query_id: savedQueryId,
+                    saved_query_prebuilt: savedQueryId
+                      ? await isSavedQueryPrebuilt(osqueryContext, savedQueryId)
+                      : undefined,
+                    ecs_mapping: request.body.ecs_mapping,
+                    agents: selectedAgents,
+                  },
+                  (value) => !isEmpty(value)
+                ),
+              ],
+        };
+
+        const fleetActions = map(osqueryAction.queries, (query) => ({
+          action_id: query.action_id,
+          '@timestamp': moment().toISOString(),
+          expiration: moment().add(5, 'minutes').toISOString(),
+          type: 'INPUT_ACTION',
+          input_type: 'osquery',
+          agents: query.agents,
+          user_id: currentUser,
+          data: pick(query, ['id', 'query', 'ecs_mapping', 'version', 'platform']),
+        }));
+
+        await esClient.bulk({
+          refresh: 'wait_for',
+          body: flatten(
+            fleetActions.map((action) => [{ index: { _index: AGENT_ACTIONS_INDEX } }, action])
+          ),
+        });
+
+        const actionsComponentTemplateExists = await esClient.indices.exists({
+          index: `${ACTIONS_INDEX}*`,
+        });
+
+        if (actionsComponentTemplateExists) {
+          await esClient.bulk({
+            refresh: 'wait_for',
+            body: [{ index: { _index: `${ACTIONS_INDEX}-default` } }, osqueryAction],
+          });
+        }
+
+        const telemetryOptIn = await osqueryContext.telemetryEventsSender.isTelemetryOptedIn();
+
+        if (telemetryOptIn) {
+          osqueryContext.telemetryEventsSender.sendOnDemand(TELEMETRY_CHANNEL_LIVE_QUERIES, [
+            osqueryAction,
+          ]);
+        }
+
+        return response.ok({
+          body: { data: osqueryAction },
+        });
+      } catch (error) {
+        return response.customError({
+          statusCode: 500,
+          body: new Error(`Error occurred while processing ${error}`),
+        });
+      }
+    }
+  );
+};
diff --git a/x-pack/plugins/osquery/server/routes/live_query/get_live_query_details_route.ts b/x-pack/plugins/osquery/server/routes/live_query/get_live_query_details_route.ts
new file mode 100644
index 0000000000000..71da29d04c416
--- /dev/null
+++ b/x-pack/plugins/osquery/server/routes/live_query/get_live_query_details_route.ts
@@ -0,0 +1,133 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { schema } from '@kbn/config-schema';
+import type { IRouter } from '@kbn/core/server';
+import { every, map, mapKeys, pick, reduce } from 'lodash';
+import type { Observable } from 'rxjs';
+import { lastValueFrom, zip } from 'rxjs';
+import type { DataRequestHandlerContext } from '@kbn/data-plugin/server';
+import { PLUGIN_ID } from '../../../common';
+import { getActionResponses } from './utils';
+
+import type {
+  ActionDetailsRequestOptions,
+  ActionDetailsStrategyResponse,
+} from '../../../common/search_strategy';
+import { OsqueryQueries } from '../../../common/search_strategy';
+
+export const getLiveQueryDetailsRoute = (router: IRouter<DataRequestHandlerContext>) => {
+  router.get(
+    {
+      path: '/api/osquery/live_queries/{id}',
+      validate: {
+        params: schema.object(
+          {
+            id: schema.string(),
+          },
+          { unknowns: 'allow' }
+        ),
+        query: schema.object({}, { unknowns: 'allow' }),
+      },
+      options: { tags: [`access:${PLUGIN_ID}-read`] },
+    },
+    async (context, request, response) => {
+      const abortSignal = getRequestAbortedSignal(request.events.aborted$);
+
+      try {
+        const search = await context.search;
+        const { actionDetails } = await lastValueFrom(
+          search.search<ActionDetailsRequestOptions, ActionDetailsStrategyResponse>(
+            {
+              actionId: request.params.id,
+              filterQuery: request.query,
+              factoryQueryType: OsqueryQueries.actionDetails,
+            },
+            { abortSignal, strategy: 'osquerySearchStrategy' }
+          )
+        );
+
+        const queries = actionDetails?._source?.queries;
+        const expirationDate = actionDetails?.fields?.expiration[0];
+
+        const expired = !expirationDate ? true : new Date(expirationDate) < new Date();
+
+        const responseData = await lastValueFrom(
+          zip(
+            ...map(queries, (query) =>
+              getActionResponses(search, query.action_id, query.agents?.length ?? 0)
+            )
+          )
+        );
+
+        const isCompleted = expired || (responseData && every(responseData, ['pending', 0]));
+        const agentByActionIdStatusMap = mapKeys(responseData, 'action_id');
+
+        return response.ok({
+          body: {
+            data: {
+              ...pick(
+                actionDetails._source,
+                'action_id',
+                'expiration',
+                '@timestamp',
+                'agent_selection',
+                'agents',
+                'user_id',
+                'pack_id',
+                'pack_name',
+                'prebuilt_pack'
+              ),
+              queries: reduce<
+                {
+                  action_id: string;
+                  id: string;
+                  query: string;
+                  agents: string[];
+                  ecs_mapping?: unknown;
+                  version?: string;
+                  platform?: string;
+                  saved_query_id?: string;
+                },
+                Array<Record<string, unknown>>
+              >(
+                actionDetails._source?.queries,
+                (acc, query) => {
+                  const agentStatus = agentByActionIdStatusMap[query.action_id];
+
+                  acc.push({
+                    ...query,
+                    ...agentStatus,
+                    status: isCompleted || agentStatus?.pending === 0 ? 'completed' : 'running',
+                  });
+
+                  return acc;
+                },
+                [] as Array<Record<string, unknown>>
+              ),
+              status: isCompleted ? 'completed' : 'running',
+            },
+          },
+        });
+      } catch (e) {
+        return response.customError({
+          statusCode: e.statusCode ?? 500,
+          body: {
+            message: e.message,
+          },
+        });
+      }
+    }
+  );
+};
+
+function getRequestAbortedSignal(aborted$: Observable<void>): AbortSignal {
+  const controller = new AbortController();
+  aborted$.subscribe(() => controller.abort());
+
+  return controller.signal;
+}
diff --git a/x-pack/plugins/osquery/server/routes/live_query/get_live_query_results_route.ts b/x-pack/plugins/osquery/server/routes/live_query/get_live_query_results_route.ts
new file mode 100644
index 0000000000000..7fefcd40e9c68
--- /dev/null
+++ b/x-pack/plugins/osquery/server/routes/live_query/get_live_query_results_route.ts
@@ -0,0 +1,115 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { schema } from '@kbn/config-schema';
+import type { IRouter } from '@kbn/core/server';
+import { map } from 'lodash';
+import type { Observable } from 'rxjs';
+import { lastValueFrom, zip } from 'rxjs';
+import type { DataRequestHandlerContext } from '@kbn/data-plugin/server';
+import { PLUGIN_ID } from '../../../common';
+import type {
+  ActionDetailsRequestOptions,
+  ActionDetailsStrategyResponse,
+} from '../../../common/search_strategy';
+import { OsqueryQueries } from '../../../common/search_strategy';
+import { createFilter, generateTablePaginationOptions } from '../../../common/utils/build_query';
+import { getActionResponses } from './utils';
+
+export const getLiveQueryResultsRoute = (router: IRouter<DataRequestHandlerContext>) => {
+  router.get(
+    {
+      path: '/api/osquery/live_queries/{id}/results/{actionId}',
+      validate: {
+        query: schema.object(
+          {
+            filterQuery: schema.maybe(schema.string()),
+            pageIndex: schema.maybe(schema.number()),
+            pageSize: schema.maybe(schema.number()),
+            sortField: schema.maybe(schema.string()),
+            sortOrder: schema.maybe(schema.string()),
+          },
+          { unknowns: 'allow' }
+        ),
+        params: schema.object(
+          {
+            id: schema.string(),
+            actionId: schema.string(),
+          },
+          { unknowns: 'allow' }
+        ),
+      },
+      options: { tags: [`access:${PLUGIN_ID}-read`] },
+    },
+    async (context, request, response) => {
+      const abortSignal = getRequestAbortedSignal(request.events.aborted$);
+
+      try {
+        const search = await context.search;
+        const { actionDetails } = await lastValueFrom(
+          search.search<ActionDetailsRequestOptions, ActionDetailsStrategyResponse>(
+            {
+              actionId: request.params.id,
+              filterQuery: createFilter(request.query.filterQuery),
+              factoryQueryType: OsqueryQueries.actionDetails,
+            },
+            { abortSignal, strategy: 'osquerySearchStrategy' }
+          )
+        );
+
+        const queries = actionDetails?._source?.queries;
+
+        await lastValueFrom(
+          zip(
+            ...map(queries, (query) =>
+              getActionResponses(search, query.action_id, query.agents?.length ?? 0)
+            )
+          )
+        );
+
+        const res = await lastValueFrom(
+          search.search<{}>(
+            {
+              actionId: request.params.actionId,
+              factoryQueryType: OsqueryQueries.results,
+              filterQuery: createFilter(request.query.filterQuery),
+              pagination: generateTablePaginationOptions(
+                request.query.pageIndex ?? 0,
+                request.query.pageSize ?? 100
+              ),
+              sort: [
+                {
+                  direction: request.query.sortOrder ?? 'desc',
+                  field: request.query.sortField ?? '@timestamp',
+                },
+              ],
+            },
+            { abortSignal, strategy: 'osquerySearchStrategy' }
+          )
+        );
+
+        return response.ok({
+          body: { data: res },
+        });
+      } catch (e) {
+        return response.customError({
+          statusCode: e.statusCode ?? 500,
+          body: {
+            message: e.message,
+          },
+        });
+      }
+    }
+  );
+};
+
+function getRequestAbortedSignal(aborted$: Observable<void>): AbortSignal {
+  const controller = new AbortController();
+  aborted$.subscribe(() => controller.abort());
+
+  return controller.signal;
+}
diff --git a/x-pack/plugins/osquery/server/routes/live_query/index.ts b/x-pack/plugins/osquery/server/routes/live_query/index.ts
new file mode 100644
index 0000000000000..2433b78170202
--- /dev/null
+++ b/x-pack/plugins/osquery/server/routes/live_query/index.ts
@@ -0,0 +1,22 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { IRouter } from '@kbn/core/server';
+import type { DataRequestHandlerContext } from '@kbn/data-plugin/server';
+import { createLiveQueryRoute } from './create_live_query_route';
+import type { OsqueryAppContext } from '../../lib/osquery_app_context_services';
+import { getLiveQueryDetailsRoute } from './get_live_query_details_route';
+import { getLiveQueryResultsRoute } from './get_live_query_results_route';
+
+export const initLiveQueryRoutes = (
+  router: IRouter<DataRequestHandlerContext>,
+  context: OsqueryAppContext
+) => {
+  createLiveQueryRoute(router, context);
+  getLiveQueryDetailsRoute(router);
+  getLiveQueryResultsRoute(router);
+};
diff --git a/x-pack/plugins/osquery/server/routes/live_query/utils.ts b/x-pack/plugins/osquery/server/routes/live_query/utils.ts
new file mode 100644
index 0000000000000..2dc599acfd089
--- /dev/null
+++ b/x-pack/plugins/osquery/server/routes/live_query/utils.ts
@@ -0,0 +1,88 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { Observable } from 'rxjs';
+import { of } from 'rxjs';
+import { mergeMap } from 'rxjs/operators';
+import type { IScopedSearchClient } from '@kbn/data-plugin/server';
+import type { estypes } from '@elastic/elasticsearch';
+import { generateTablePaginationOptions } from '../../../common/utils/build_query';
+import type {
+  ActionResultsRequestOptions,
+  ActionResultsStrategyResponse,
+} from '../../../common/search_strategy';
+import { Direction, OsqueryQueries } from '../../../common/search_strategy';
+
+export const getActionResponses = (
+  search: IScopedSearchClient,
+  actionId: string,
+  agentsCount: number
+): Observable<{
+  action_id: string;
+  docs: number;
+  failed: number;
+  pending: number;
+  responded: number;
+  successful: number;
+}> =>
+  search
+    .search<
+      ActionResultsRequestOptions,
+      ActionResultsStrategyResponse & {
+        rawResponse: {
+          aggregations: {
+            aggs: {
+              responses_by_action_id: estypes.AggregationsSingleBucketAggregateBase & {
+                rows_count: estypes.AggregationsSumAggregate;
+                responses: {
+                  buckets: Array<{
+                    key: string;
+                    doc_count: number;
+                  }>;
+                };
+              };
+            };
+          };
+        };
+      }
+    >(
+      {
+        actionId,
+        factoryQueryType: OsqueryQueries.actionResults,
+        filterQuery: '',
+        pagination: generateTablePaginationOptions(0, 1000),
+        sort: {
+          direction: Direction.desc,
+          field: '@timestamp',
+        },
+      },
+      {
+        strategy: 'osquerySearchStrategy',
+      }
+    )
+    .pipe(
+      mergeMap((val) => {
+        const responded =
+          val.rawResponse?.aggregations?.aggs.responses_by_action_id?.doc_count ?? 0;
+        const docs =
+          val.rawResponse?.aggregations?.aggs.responses_by_action_id?.rows_count?.value ?? 0;
+        const aggsBuckets =
+          val.rawResponse?.aggregations?.aggs.responses_by_action_id?.responses.buckets;
+        const successful = aggsBuckets?.find((bucket) => bucket.key === 'success')?.doc_count ?? 0;
+        const failed = aggsBuckets?.find((bucket) => bucket.key === 'error')?.doc_count ?? 0;
+        const pending = agentsCount - responded;
+
+        return of({
+          action_id: actionId,
+          docs,
+          failed,
+          pending,
+          responded,
+          successful,
+        });
+      })
+    );
diff --git a/x-pack/plugins/osquery/server/routes/pack/create_pack_route.ts b/x-pack/plugins/osquery/server/routes/pack/create_pack_route.ts
index 1c40530bcfd8e..dc13fda223da9 100644
--- a/x-pack/plugins/osquery/server/routes/pack/create_pack_route.ts
+++ b/x-pack/plugins/osquery/server/routes/pack/create_pack_route.ts
@@ -21,11 +21,12 @@ import { PLUGIN_ID } from '../../../common';
 import { packSavedObjectType } from '../../../common/types';
 import { convertPackQueriesToSO, convertSOQueriesToPack } from './utils';
 import { getInternalSavedObjectsClient } from '../../usage/collector';
+import type { PackSavedObjectAttributes } from '../../common/types';
 
 export const createPackRoute = (router: IRouter, osqueryContext: OsqueryAppContext) => {
   router.post(
     {
-      path: '/internal/osquery/packs',
+      path: '/api/osquery/packs',
       validate: {
         body: schema.object(
           {
@@ -104,7 +105,7 @@ export const createPackRoute = (router: IRouter, osqueryContext: OsqueryAppConte
           }))
         : [];
 
-      const packSO = await savedObjectsClient.create(
+      const packSO = await savedObjectsClient.create<PackSavedObjectAttributes>(
         packSavedObjectType,
         {
           name,
@@ -149,10 +150,13 @@ export const createPackRoute = (router: IRouter, osqueryContext: OsqueryAppConte
         );
       }
 
-      // @ts-expect-error update types
-      packSO.attributes.queries = queries;
+      set(packSO, 'attributes.queries', queries);
 
-      return response.ok({ body: packSO });
+      return response.ok({
+        body: {
+          data: packSO,
+        },
+      });
     }
   );
 };
diff --git a/x-pack/plugins/osquery/server/routes/pack/delete_pack_route.ts b/x-pack/plugins/osquery/server/routes/pack/delete_pack_route.ts
index c1d0b7c5ce967..cfcab5ad5b259 100644
--- a/x-pack/plugins/osquery/server/routes/pack/delete_pack_route.ts
+++ b/x-pack/plugins/osquery/server/routes/pack/delete_pack_route.ts
@@ -19,7 +19,7 @@ import type { OsqueryAppContext } from '../../lib/osquery_app_context_services';
 export const deletePackRoute = (router: IRouter, osqueryContext: OsqueryAppContext) => {
   router.delete(
     {
-      path: '/internal/osquery/packs/{id}',
+      path: '/api/osquery/packs/{id}',
       validate: {
         params: schema.object({
           id: schema.string(),
diff --git a/x-pack/plugins/osquery/server/routes/pack/find_pack_route.ts b/x-pack/plugins/osquery/server/routes/pack/find_pack_route.ts
index 800c5201539c5..07457597e9baf 100644
--- a/x-pack/plugins/osquery/server/routes/pack/find_pack_route.ts
+++ b/x-pack/plugins/osquery/server/routes/pack/find_pack_route.ts
@@ -5,28 +5,26 @@
  * 2.0.
  */
 
-import { filter, map } from 'lodash';
+import { filter, map, omit } from 'lodash';
 import { schema } from '@kbn/config-schema';
 
 import { AGENT_POLICY_SAVED_OBJECT_TYPE } from '@kbn/fleet-plugin/common';
 import type { IRouter } from '@kbn/core/server';
 import { packSavedObjectType } from '../../../common/types';
-import type { OsqueryAppContext } from '../../lib/osquery_app_context_services';
 import { PLUGIN_ID } from '../../../common';
 import type { PackSavedObjectAttributes } from '../../common/types';
 
-// eslint-disable-next-line @typescript-eslint/no-unused-vars
-export const findPackRoute = (router: IRouter, osqueryContext: OsqueryAppContext) => {
+export const findPackRoute = (router: IRouter) => {
   router.get(
     {
-      path: '/internal/osquery/packs',
+      path: '/api/osquery/packs',
       validate: {
         query: schema.object(
           {
-            pageIndex: schema.maybe(schema.string()),
+            page: schema.maybe(schema.number()),
             pageSize: schema.maybe(schema.number()),
-            sortField: schema.maybe(schema.string()),
-            sortOrder: schema.maybe(schema.string()),
+            sort: schema.maybe(schema.string()),
+            sortOrder: schema.maybe(schema.oneOf([schema.literal('asc'), schema.literal('desc')])),
           },
           { unknowns: 'allow' }
         ),
@@ -39,27 +37,29 @@ export const findPackRoute = (router: IRouter, osqueryContext: OsqueryAppContext
 
       const soClientResponse = await savedObjectsClient.find<PackSavedObjectAttributes>({
         type: packSavedObjectType,
-        page: parseInt(request.query.pageIndex ?? '0', 10) + 1,
+        page: request.query.page ?? 1,
         perPage: request.query.pageSize ?? 20,
-        sortField: request.query.sortField ?? 'updated_at',
-        // @ts-expect-error sortOrder type must be union of ['asc', 'desc']
+        sortField: request.query.sort ?? 'updated_at',
         sortOrder: request.query.sortOrder ?? 'desc',
       });
 
-      soClientResponse.saved_objects.map((pack) => {
+      const packSavedObjects = map(soClientResponse.saved_objects, (pack) => {
         const policyIds = map(
           filter(pack.references, ['type', AGENT_POLICY_SAVED_OBJECT_TYPE]),
           'id'
         );
 
-        // @ts-expect-error update types
-        pack.policy_ids = policyIds;
-
-        return pack;
+        return {
+          ...pack,
+          policy_ids: policyIds,
+        };
       });
 
       return response.ok({
-        body: soClientResponse,
+        body: {
+          ...omit(soClientResponse, 'saved_objects'),
+          data: packSavedObjects,
+        },
       });
     }
   );
diff --git a/x-pack/plugins/osquery/server/routes/pack/index.ts b/x-pack/plugins/osquery/server/routes/pack/index.ts
index 7656c954c10ae..d905f073a05a9 100644
--- a/x-pack/plugins/osquery/server/routes/pack/index.ts
+++ b/x-pack/plugins/osquery/server/routes/pack/index.ts
@@ -17,7 +17,7 @@ import { updatePackRoute } from './update_pack_route';
 export const initPackRoutes = (router: IRouter, context: OsqueryAppContext) => {
   createPackRoute(router, context);
   deletePackRoute(router, context);
-  findPackRoute(router, context);
-  readPackRoute(router, context);
+  findPackRoute(router);
+  readPackRoute(router);
   updatePackRoute(router, context);
 };
diff --git a/x-pack/plugins/osquery/server/routes/pack/read_pack_route.ts b/x-pack/plugins/osquery/server/routes/pack/read_pack_route.ts
index 63c605549f3a7..35790b2a61658 100644
--- a/x-pack/plugins/osquery/server/routes/pack/read_pack_route.ts
+++ b/x-pack/plugins/osquery/server/routes/pack/read_pack_route.ts
@@ -13,14 +13,12 @@ import type { PackSavedObjectAttributes } from '../../common/types';
 import { PLUGIN_ID } from '../../../common';
 
 import { packSavedObjectType } from '../../../common/types';
-import type { OsqueryAppContext } from '../../lib/osquery_app_context_services';
 import { convertSOQueriesToPack } from './utils';
 
-// eslint-disable-next-line @typescript-eslint/no-unused-vars
-export const readPackRoute = (router: IRouter, osqueryContext: OsqueryAppContext) => {
+export const readPackRoute = (router: IRouter) => {
   router.get(
     {
-      path: '/internal/osquery/packs/{id}',
+      path: '/api/osquery/packs/{id}',
       validate: {
         params: schema.object({
           id: schema.string(),
@@ -43,11 +41,13 @@ export const readPackRoute = (router: IRouter, osqueryContext: OsqueryAppContext
 
       return response.ok({
         body: {
-          ...rest,
-          ...attributes,
-          queries: convertSOQueriesToPack(attributes.queries),
-          policy_ids: policyIds,
-          read_only: attributes.version !== undefined && osqueryPackAssetReference,
+          data: {
+            ...rest,
+            ...attributes,
+            queries: convertSOQueriesToPack(attributes.queries),
+            policy_ids: policyIds,
+            read_only: attributes.version !== undefined && osqueryPackAssetReference,
+          },
         },
       });
     }
diff --git a/x-pack/plugins/osquery/server/routes/pack/update_pack_route.ts b/x-pack/plugins/osquery/server/routes/pack/update_pack_route.ts
index 3a22de6b9d615..0da8012eb4fc0 100644
--- a/x-pack/plugins/osquery/server/routes/pack/update_pack_route.ts
+++ b/x-pack/plugins/osquery/server/routes/pack/update_pack_route.ts
@@ -27,7 +27,7 @@ import type { PackSavedObjectAttributes } from '../../common/types';
 export const updatePackRoute = (router: IRouter, osqueryContext: OsqueryAppContext) => {
   router.put(
     {
-      path: '/internal/osquery/packs/{id}',
+      path: '/api/osquery/packs/{id}',
       validate: {
         params: schema.object(
           {
@@ -326,7 +326,7 @@ export const updatePackRoute = (router: IRouter, osqueryContext: OsqueryAppConte
         );
       }
 
-      return response.ok({ body: updatedPackSO });
+      return response.ok({ body: { data: updatedPackSO } });
     }
   );
 };
diff --git a/x-pack/plugins/osquery/server/routes/pack/utils.ts b/x-pack/plugins/osquery/server/routes/pack/utils.ts
index 84466a6ce4ad1..b4c1bdfa85373 100644
--- a/x-pack/plugins/osquery/server/routes/pack/utils.ts
+++ b/x-pack/plugins/osquery/server/routes/pack/utils.ts
@@ -13,18 +13,23 @@ import { convertECSMappingToArray, convertECSMappingToObject } from '../utils';
 export const convertPackQueriesToSO = (queries) =>
   reduce(
     queries,
-    (acc, value, key) => {
+    (acc, value, key: string) => {
       const ecsMapping = value.ecs_mapping && convertECSMappingToArray(value.ecs_mapping);
       acc.push({
         id: key,
-        ...pick(value, ['query', 'interval', 'platform', 'version']),
+        ...pick(value, ['name', 'query', 'interval', 'platform', 'version']),
         ...(ecsMapping ? { ecs_mapping: ecsMapping } : {}),
       });
 
       return acc;
     },
-    // eslint-disable-next-line @typescript-eslint/no-explicit-any
-    [] as Array<Record<string, any>>
+    [] as Array<{
+      id: string;
+      name: string;
+      query: string;
+      interval: number;
+      ecs_mapping?: Record<string, unknown>;
+    }>
   );
 
 // @ts-expect-error update types
diff --git a/x-pack/plugins/osquery/server/routes/saved_query/create_saved_query_route.ts b/x-pack/plugins/osquery/server/routes/saved_query/create_saved_query_route.ts
index d401c17cded4c..d3cb415988345 100644
--- a/x-pack/plugins/osquery/server/routes/saved_query/create_saved_query_route.ts
+++ b/x-pack/plugins/osquery/server/routes/saved_query/create_saved_query_route.ts
@@ -18,7 +18,7 @@ import { convertECSMappingToArray } from '../utils';
 export const createSavedQueryRoute = (router: IRouter, osqueryContext: OsqueryAppContext) => {
   router.post(
     {
-      path: '/internal/osquery/saved_query',
+      path: '/api/osquery/saved_queries',
       validate: {
         body: buildRouteValidation<
           typeof createSavedQueryRequestSchema,
@@ -66,13 +66,15 @@ export const createSavedQueryRoute = (router: IRouter, osqueryContext: OsqueryAp
       );
 
       return response.ok({
-        body: pickBy(
-          {
-            ...savedQuerySO,
-            ecs_mapping,
-          },
-          (value) => !isEmpty(value)
-        ),
+        body: {
+          data: pickBy(
+            {
+              ...savedQuerySO,
+              ecs_mapping,
+            },
+            (value) => !isEmpty(value)
+          ),
+        },
       });
     }
   );
diff --git a/x-pack/plugins/osquery/server/routes/saved_query/delete_saved_query_route.ts b/x-pack/plugins/osquery/server/routes/saved_query/delete_saved_query_route.ts
index 3016b15931893..0283e9f78a147 100644
--- a/x-pack/plugins/osquery/server/routes/saved_query/delete_saved_query_route.ts
+++ b/x-pack/plugins/osquery/server/routes/saved_query/delete_saved_query_route.ts
@@ -15,7 +15,7 @@ import { isSavedQueryPrebuilt } from './utils';
 export const deleteSavedQueryRoute = (router: IRouter, osqueryContext: OsqueryAppContext) => {
   router.delete(
     {
-      path: '/internal/osquery/saved_query/{id}',
+      path: '/api/osquery/saved_queries/{id}',
       validate: {
         params: schema.object({
           id: schema.string(),
diff --git a/x-pack/plugins/osquery/server/routes/saved_query/find_saved_query_route.ts b/x-pack/plugins/osquery/server/routes/saved_query/find_saved_query_route.ts
index d9b94136c6a6d..7da1ec609e472 100644
--- a/x-pack/plugins/osquery/server/routes/saved_query/find_saved_query_route.ts
+++ b/x-pack/plugins/osquery/server/routes/saved_query/find_saved_query_route.ts
@@ -8,6 +8,7 @@
 import { schema } from '@kbn/config-schema';
 import type { IRouter } from '@kbn/core/server';
 
+import { omit } from 'lodash';
 import type { OsqueryAppContext } from '../../lib/osquery_app_context_services';
 import { PLUGIN_ID } from '../../../common';
 import { savedQuerySavedObjectType } from '../../../common/types';
@@ -17,17 +18,14 @@ import { getInstalledSavedQueriesMap } from './utils';
 export const findSavedQueryRoute = (router: IRouter, osqueryContext: OsqueryAppContext) => {
   router.get(
     {
-      path: '/internal/osquery/saved_query',
+      path: '/api/osquery/saved_queries',
       validate: {
-        query: schema.object(
-          {
-            pageIndex: schema.maybe(schema.string()),
-            pageSize: schema.maybe(schema.number()),
-            sortField: schema.maybe(schema.string()),
-            sortOrder: schema.maybe(schema.string()),
-          },
-          { unknowns: 'allow' }
-        ),
+        query: schema.object({
+          page: schema.maybe(schema.number()),
+          pageSize: schema.maybe(schema.number()),
+          sort: schema.maybe(schema.string()),
+          sortOrder: schema.maybe(schema.oneOf([schema.literal('asc'), schema.literal('desc')])),
+        }),
       },
       options: { tags: [`access:${PLUGIN_ID}-readSavedQueries`] },
     },
@@ -40,11 +38,10 @@ export const findSavedQueryRoute = (router: IRouter, osqueryContext: OsqueryAppC
         prebuilt: boolean;
       }>({
         type: savedQuerySavedObjectType,
-        page: parseInt(request.query.pageIndex ?? '0', 10) + 1,
+        page: request.query.page ?? 1,
         perPage: request.query.pageSize,
-        sortField: request.query.sortField,
-        // @ts-expect-error update types
-        sortOrder: request.query.sortDirection ?? 'desc',
+        sortField: request.query.sort,
+        sortOrder: request.query.sortOrder ?? 'desc',
       });
 
       const prebuiltSavedQueriesMap = await getInstalledSavedQueriesMap(osqueryContext);
@@ -64,8 +61,8 @@ export const findSavedQueryRoute = (router: IRouter, osqueryContext: OsqueryAppC
 
       return response.ok({
         body: {
-          ...savedQueries,
-          saved_objects: savedObjects,
+          ...omit(savedQueries, 'saved_objects'),
+          data: savedObjects,
         },
       });
     }
diff --git a/x-pack/plugins/osquery/server/routes/saved_query/read_saved_query_route.ts b/x-pack/plugins/osquery/server/routes/saved_query/read_saved_query_route.ts
index adb56a1fe1160..7e2de59e284c1 100644
--- a/x-pack/plugins/osquery/server/routes/saved_query/read_saved_query_route.ts
+++ b/x-pack/plugins/osquery/server/routes/saved_query/read_saved_query_route.ts
@@ -16,7 +16,7 @@ import { convertECSMappingToObject } from '../utils';
 export const readSavedQueryRoute = (router: IRouter, osqueryContext: OsqueryAppContext) => {
   router.get(
     {
-      path: '/internal/osquery/saved_query/{id}',
+      path: '/api/osquery/saved_queries/{id}',
       validate: {
         params: schema.object({
           id: schema.string(),
@@ -43,7 +43,7 @@ export const readSavedQueryRoute = (router: IRouter, osqueryContext: OsqueryAppC
       savedQuery.attributes.prebuilt = await isSavedQueryPrebuilt(osqueryContext, savedQuery.id);
 
       return response.ok({
-        body: savedQuery,
+        body: { data: savedQuery },
       });
     }
   );
diff --git a/x-pack/plugins/osquery/server/routes/saved_query/update_saved_query_route.ts b/x-pack/plugins/osquery/server/routes/saved_query/update_saved_query_route.ts
index e53f92f449902..7b6ab0f2a897d 100644
--- a/x-pack/plugins/osquery/server/routes/saved_query/update_saved_query_route.ts
+++ b/x-pack/plugins/osquery/server/routes/saved_query/update_saved_query_route.ts
@@ -18,7 +18,7 @@ import { convertECSMappingToArray, convertECSMappingToObject } from '../utils';
 export const updateSavedQueryRoute = (router: IRouter, osqueryContext: OsqueryAppContext) => {
   router.put(
     {
-      path: '/internal/osquery/saved_query/{id}',
+      path: '/api/osquery/saved_queries/{id}',
       validate: {
         params: schema.object({
           id: schema.string(),
@@ -112,7 +112,7 @@ export const updateSavedQueryRoute = (router: IRouter, osqueryContext: OsqueryAp
       }
 
       return response.ok({
-        body: updatedSavedQuerySO,
+        body: { data: updatedSavedQuerySO },
       });
     }
   );
diff --git a/x-pack/plugins/osquery/server/routes/status/create_status_route.ts b/x-pack/plugins/osquery/server/routes/status/create_status_route.ts
index 1bb7436fa1b62..cfb5813fb1972 100644
--- a/x-pack/plugins/osquery/server/routes/status/create_status_route.ts
+++ b/x-pack/plugins/osquery/server/routes/status/create_status_route.ts
@@ -8,6 +8,7 @@
 import { produce } from 'immer';
 import { satisfies } from 'semver';
 import { filter, reduce, mapKeys, each, set, unset, uniq, map, has } from 'lodash';
+import type { PackagePolicyInputStream } from '@kbn/fleet-plugin/common';
 import {
   PACKAGE_POLICY_SAVED_OBJECT_TYPE,
   AGENT_POLICY_SAVED_OBJECT_TYPE,
@@ -58,10 +59,10 @@ export const createStatusRoute = (router: IRouter, osqueryContext: OsqueryAppCon
               const packagePolicyName = policy.name;
               const currentOsqueryManagerNamePacksCount = filter(
                 Object.keys(acc.packs),
-                (packName) => packName.startsWith('osquery_manager')
+                (packName) => packName.startsWith(OSQUERY_INTEGRATION_NAME)
               ).length;
 
-              const packName = packagePolicyName.startsWith('osquery_manager')
+              const packName = packagePolicyName.startsWith(OSQUERY_INTEGRATION_NAME)
                 ? `osquery_manager-1_${currentOsqueryManagerNamePacksCount + 1}`
                 : packagePolicyName;
 
@@ -69,10 +70,10 @@ export const createStatusRoute = (router: IRouter, osqueryContext: OsqueryAppCon
                 if (!acc.packs[packName]) {
                   acc.packs[packName] = {
                     policy_ids: [policy.policy_id],
-                    enabled: !packName.startsWith('osquery_manager'),
+                    enabled: !packName.startsWith(OSQUERY_INTEGRATION_NAME),
                     name: packName,
                     description: policy.description,
-                    queries: reduce(
+                    queries: reduce<PackagePolicyInputStream, Record<string, unknown>>(
                       policy.inputs[0].streams,
                       (queries, stream) => {
                         if (stream.compiled_stream?.id) {
@@ -82,11 +83,10 @@ export const createStatusRoute = (router: IRouter, osqueryContext: OsqueryAppCon
 
                         return queries;
                       },
-                      {} as Record<string, unknown>
+                      {}
                     ),
                   };
                 } else {
-                  // @ts-expect-error update types
                   acc.packs[packName].policy_ids.push(policy.policy_id);
                 }
               }
@@ -94,7 +94,16 @@ export const createStatusRoute = (router: IRouter, osqueryContext: OsqueryAppCon
               return acc;
             },
             {
-              packs: {} as Record<string, unknown>,
+              packs: {} as Record<
+                string,
+                {
+                  policy_ids: string[];
+                  enabled: boolean;
+                  name: string;
+                  description?: string;
+                  queries: Record<string, unknown>;
+                }
+              >,
               agentPolicyToPackage: {} as Record<string, string>,
               packagePoliciesToDelete: [] as string[],
             }
@@ -115,13 +124,9 @@ export const createStatusRoute = (router: IRouter, osqueryContext: OsqueryAppCon
               await internalSavedObjectsClient.create(
                 packSavedObjectType,
                 {
-                  // @ts-expect-error update types
                   name: packObject.name,
-                  // @ts-expect-error update types
                   description: packObject.description,
-                  // @ts-expect-error update types
                   queries: convertPackQueriesToSO(packObject.queries),
-                  // @ts-expect-error update types
                   enabled: packObject.enabled,
                   created_at: new Date().toISOString(),
                   created_by: 'system',
@@ -129,7 +134,6 @@ export const createStatusRoute = (router: IRouter, osqueryContext: OsqueryAppCon
                   updated_by: 'system',
                 },
                 {
-                  // @ts-expect-error update types
                   references: packObject.policy_ids.map((policyId: string) => ({
                     id: policyId,
                     name: agentPolicies[policyId].name,
@@ -152,7 +156,6 @@ export const createStatusRoute = (router: IRouter, osqueryContext: OsqueryAppCon
           await Promise.all(
             map(migrationObject.agentPolicyToPackage, async (value, key) => {
               const agentPacks = filter(migrationObject.packs, (pack) =>
-                // @ts-expect-error update types
                 pack.policy_ids.includes(key)
               );
               await packagePolicyService?.upgrade(internalSavedObjectsClient, esClient, [value]);
@@ -173,15 +176,13 @@ export const createStatusRoute = (router: IRouter, osqueryContext: OsqueryAppCon
 
                     set(draft, 'inputs[0]', {
                       enabled: true,
-                      policy_template: 'osquery_manager',
+                      policy_template: OSQUERY_INTEGRATION_NAME,
                       streams: [],
                       type: 'osquery',
                     });
 
                     each(agentPacks, (agentPack) => {
-                      // @ts-expect-error update types
                       set(draft, `inputs[0].config.osquery.value.packs.${agentPack.name}`, {
-                        // @ts-expect-error update types
                         queries: agentPack.queries,
                       });
                     });
diff --git a/x-pack/plugins/osquery/server/search_strategy/osquery/factory/actions/all/index.ts b/x-pack/plugins/osquery/server/search_strategy/osquery/factory/actions/all/index.ts
index 9aa614e7f13c2..41ed60a416225 100644
--- a/x-pack/plugins/osquery/server/search_strategy/osquery/factory/actions/all/index.ts
+++ b/x-pack/plugins/osquery/server/search_strategy/osquery/factory/actions/all/index.ts
@@ -28,7 +28,6 @@ export const allActions: OsqueryFactory<OsqueryQueries.actions> = {
     options: ActionsRequestOptions,
     response: IEsSearchResponse<object>
   ): Promise<ActionsStrategyResponse> => {
-    const { activePage } = options.pagination;
     const inspect = {
       dsl: [inspectStringifyObject(buildActionsQuery(options))],
     };
@@ -37,13 +36,6 @@ export const allActions: OsqueryFactory<OsqueryQueries.actions> = {
       ...response,
       inspect,
       edges: response.rawResponse.hits.hits,
-      // @ts-expect-error doesn't handle case when total TotalHits
-      totalCount: response.rawResponse.hits.total,
-      pageInfo: {
-        activePage: activePage ?? 0,
-        fakeTotalCount: 0,
-        showMorePagesIndicator: false,
-      },
     };
   },
 };
diff --git a/x-pack/plugins/osquery/server/search_strategy/osquery/factory/actions/all/query.all_actions.dsl.ts b/x-pack/plugins/osquery/server/search_strategy/osquery/factory/actions/all/query.all_actions.dsl.ts
index 923604c1d060a..db4f270ebd602 100644
--- a/x-pack/plugins/osquery/server/search_strategy/osquery/factory/actions/all/query.all_actions.dsl.ts
+++ b/x-pack/plugins/osquery/server/search_strategy/osquery/factory/actions/all/query.all_actions.dsl.ts
@@ -8,6 +8,8 @@
 import type * as estypes from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
 
 import type { ISearchRequestParams } from '@kbn/data-plugin/common';
+import { AGENT_ACTIONS_INDEX } from '@kbn/fleet-plugin/common';
+import { ACTIONS_INDEX } from '../../../../../../common/constants';
 import type { AgentsRequestOptions } from '../../../../../../common/search_strategy';
 // import { createQueryFilterClauses } from '../../../../../../common/utils/build_query';
 
@@ -16,12 +18,13 @@ export const buildActionsQuery = ({
   filterQuery,
   sort,
   pagination: { cursorStart, querySize },
+  componentTemplateExists,
 }: AgentsRequestOptions): ISearchRequestParams => {
   // const filter = [...createQueryFilterClauses(filterQuery)];
 
   const dslQuery = {
     allow_no_indices: true,
-    index: '.fleet-actions',
+    index: componentTemplateExists ? `${ACTIONS_INDEX}*` : AGENT_ACTIONS_INDEX,
     ignore_unavailable: true,
     body: {
       // query: { bool: { filter } },
diff --git a/x-pack/plugins/osquery/server/search_strategy/osquery/factory/actions/details/index.ts b/x-pack/plugins/osquery/server/search_strategy/osquery/factory/actions/details/index.ts
index 59f1d5f56da9a..a05aec4c6fdf1 100644
--- a/x-pack/plugins/osquery/server/search_strategy/osquery/factory/actions/details/index.ts
+++ b/x-pack/plugins/osquery/server/search_strategy/osquery/factory/actions/details/index.ts
@@ -5,8 +5,9 @@
  * 2.0.
  */
 
-import type { IEsSearchResponse } from '@kbn/data-plugin/common';
+import type { IEsSearchResponse } from '@kbn/data-plugin/server';
 import type {
+  ActionDetails,
   ActionDetailsStrategyResponse,
   ActionDetailsRequestOptions,
   OsqueryQueries,
@@ -20,7 +21,7 @@ export const actionDetails: OsqueryFactory<OsqueryQueries.actionDetails> = {
   buildDsl: (options: ActionDetailsRequestOptions) => buildActionDetailsQuery(options),
   parse: async (
     options: ActionDetailsRequestOptions,
-    response: IEsSearchResponse<unknown>
+    response: IEsSearchResponse<ActionDetails>
   ): Promise<ActionDetailsStrategyResponse> => {
     const inspect = {
       dsl: [inspectStringifyObject(buildActionDetailsQuery(options))],
diff --git a/x-pack/plugins/osquery/server/search_strategy/osquery/factory/actions/details/query.action_details.dsl.ts b/x-pack/plugins/osquery/server/search_strategy/osquery/factory/actions/details/query.action_details.dsl.ts
index fb18d1562a668..da5f0d216c686 100644
--- a/x-pack/plugins/osquery/server/search_strategy/osquery/factory/actions/details/query.action_details.dsl.ts
+++ b/x-pack/plugins/osquery/server/search_strategy/osquery/factory/actions/details/query.action_details.dsl.ts
@@ -6,12 +6,15 @@
  */
 
 import type { ISearchRequestParams } from '@kbn/data-plugin/common';
+import { AGENT_ACTIONS_INDEX } from '@kbn/fleet-plugin/common';
+import { ACTIONS_INDEX } from '../../../../../../common/constants';
 import type { ActionDetailsRequestOptions } from '../../../../../../common/search_strategy';
 import { createQueryFilterClauses } from '../../../../../../common/utils/build_query';
 
 export const buildActionDetailsQuery = ({
   actionId,
   filterQuery,
+  componentTemplateExists,
 }: ActionDetailsRequestOptions): ISearchRequestParams => {
   const filter = [
     ...createQueryFilterClauses(filterQuery),
@@ -24,7 +27,7 @@ export const buildActionDetailsQuery = ({
 
   const dslQuery = {
     allow_no_indices: true,
-    index: '.fleet-actions',
+    index: componentTemplateExists ? `${ACTIONS_INDEX}*` : AGENT_ACTIONS_INDEX,
     ignore_unavailable: true,
     body: {
       query: { bool: { filter } },
diff --git a/x-pack/plugins/osquery/server/search_strategy/osquery/factory/actions/results/index.ts b/x-pack/plugins/osquery/server/search_strategy/osquery/factory/actions/results/index.ts
index 48596c4ba440f..1ce6302b86ec9 100644
--- a/x-pack/plugins/osquery/server/search_strategy/osquery/factory/actions/results/index.ts
+++ b/x-pack/plugins/osquery/server/search_strategy/osquery/factory/actions/results/index.ts
@@ -5,11 +5,10 @@
  * 2.0.
  */
 
-import type { IEsSearchResponse } from '@kbn/data-plugin/common';
 import { DEFAULT_MAX_TABLE_QUERY_SIZE } from '../../../../../../common/constants';
 import type {
-  ActionResultsStrategyResponse,
   ActionResultsRequestOptions,
+  ActionResultsStrategyResponse,
   OsqueryQueries,
 } from '../../../../../../common/search_strategy/osquery';
 
@@ -25,11 +24,11 @@ export const actionResults: OsqueryFactory<OsqueryQueries.actionResults> = {
 
     return buildActionResultsQuery(options);
   },
+  // @ts-expect-error update types
   parse: async (
-    options: ActionResultsRequestOptions,
-    response: IEsSearchResponse<object>
+    options,
+    response: ActionResultsStrategyResponse
   ): Promise<ActionResultsStrategyResponse> => {
-    const { activePage } = options.pagination;
     const inspect = {
       dsl: [inspectStringifyObject(buildActionResultsQuery(options))],
     };
@@ -38,13 +37,6 @@ export const actionResults: OsqueryFactory<OsqueryQueries.actionResults> = {
       ...response,
       inspect,
       edges: response.rawResponse.hits.hits,
-      // @ts-expect-error doesn't handle case when total TotalHits
-      totalCount: response.rawResponse.hits.total,
-      pageInfo: {
-        activePage: activePage ?? 0,
-        fakeTotalCount: 0,
-        showMorePagesIndicator: false,
-      },
     };
   },
 };
diff --git a/x-pack/plugins/osquery/server/search_strategy/osquery/factory/actions/results/query.action_results.dsl.ts b/x-pack/plugins/osquery/server/search_strategy/osquery/factory/actions/results/query.action_results.dsl.ts
index 9b8b73fd6bc37..366342e954fad 100644
--- a/x-pack/plugins/osquery/server/search_strategy/osquery/factory/actions/results/query.action_results.dsl.ts
+++ b/x-pack/plugins/osquery/server/search_strategy/osquery/factory/actions/results/query.action_results.dsl.ts
@@ -6,6 +6,8 @@
  */
 
 import type { ISearchRequestParams } from '@kbn/data-plugin/common';
+import { AGENT_ACTIONS_RESULTS_INDEX } from '@kbn/fleet-plugin/common';
+import { ACTION_RESPONSES_INDEX } from '../../../../../../common/constants';
 import type { ActionResultsRequestOptions } from '../../../../../../common/search_strategy';
 import { createQueryFilterClauses } from '../../../../../../common/utils/build_query';
 
@@ -14,6 +16,7 @@ export const buildActionResultsQuery = ({
   filterQuery,
   // pagination: { activePage, querySize },
   sort,
+  componentTemplateExists,
 }: ActionResultsRequestOptions): ISearchRequestParams => {
   const filter = [
     ...createQueryFilterClauses(filterQuery),
@@ -26,7 +29,9 @@ export const buildActionResultsQuery = ({
 
   const dslQuery = {
     allow_no_indices: true,
-    index: '.fleet-actions-results*',
+    index: componentTemplateExists
+      ? `${ACTION_RESPONSES_INDEX}-default*`
+      : `${AGENT_ACTIONS_RESULTS_INDEX}*`,
     ignore_unavailable: true,
     body: {
       aggs: {
diff --git a/x-pack/plugins/osquery/server/search_strategy/osquery/factory/agents/index.ts b/x-pack/plugins/osquery/server/search_strategy/osquery/factory/agents/index.ts
index 0ffe2acacbc22..72bb97f1b8eaa 100644
--- a/x-pack/plugins/osquery/server/search_strategy/osquery/factory/agents/index.ts
+++ b/x-pack/plugins/osquery/server/search_strategy/osquery/factory/agents/index.ts
@@ -30,7 +30,6 @@ export const allAgents: OsqueryFactory<OsqueryQueries.agents> = {
     options: AgentsRequestOptions,
     response: IEsSearchResponse<Agent>
   ): Promise<AgentsStrategyResponse> => {
-    const { activePage } = options.pagination;
     const inspect = {
       dsl: [inspectStringifyObject(buildAgentsQuery(options))],
     };
@@ -42,13 +41,6 @@ export const allAgents: OsqueryFactory<OsqueryQueries.agents> = {
         _id: hit._id,
         ...hit._source,
       })) as Agent[],
-      // @ts-expect-error doesn't handle case when total TotalHits
-      totalCount: response.rawResponse.hits.total,
-      pageInfo: {
-        activePage: activePage ?? 0,
-        fakeTotalCount: 0,
-        showMorePagesIndicator: false,
-      },
     };
   },
 };
diff --git a/x-pack/plugins/osquery/server/search_strategy/osquery/factory/agents/query.all_agents.dsl.ts b/x-pack/plugins/osquery/server/search_strategy/osquery/factory/agents/query.all_agents.dsl.ts
index d48b3ddef3110..908c0cbdd32bf 100644
--- a/x-pack/plugins/osquery/server/search_strategy/osquery/factory/agents/query.all_agents.dsl.ts
+++ b/x-pack/plugins/osquery/server/search_strategy/osquery/factory/agents/query.all_agents.dsl.ts
@@ -6,6 +6,7 @@
  */
 
 import type { ISearchRequestParams } from '@kbn/data-plugin/common';
+import { AGENTS_INDEX } from '@kbn/fleet-plugin/common';
 import type { AgentsRequestOptions } from '../../../../../common/search_strategy';
 import { createQueryFilterClauses } from '../../../../../common/utils/build_query';
 
@@ -22,7 +23,7 @@ export const buildAgentsQuery = ({
 
   const dslQuery = {
     allow_no_indices: true,
-    index: '.fleet-agents',
+    index: AGENTS_INDEX,
     ignore_unavailable: true,
     body: {
       query: {
diff --git a/x-pack/plugins/osquery/server/search_strategy/osquery/factory/results/index.ts b/x-pack/plugins/osquery/server/search_strategy/osquery/factory/results/index.ts
index ca3f58f911546..23ea0a0211d84 100644
--- a/x-pack/plugins/osquery/server/search_strategy/osquery/factory/results/index.ts
+++ b/x-pack/plugins/osquery/server/search_strategy/osquery/factory/results/index.ts
@@ -28,7 +28,6 @@ export const allResults: OsqueryFactory<OsqueryQueries.results> = {
     options: ResultsRequestOptions,
     response: IEsSearchResponse<unknown>
   ): Promise<ResultsStrategyResponse> => {
-    const { activePage } = options.pagination;
     const inspect = {
       dsl: [inspectStringifyObject(buildResultsQuery(options))],
     };
@@ -37,13 +36,6 @@ export const allResults: OsqueryFactory<OsqueryQueries.results> = {
       ...response,
       inspect,
       edges: response.rawResponse.hits.hits,
-      // @ts-expect-error doesn't handle case when total TotalHits
-      totalCount: response.rawResponse.hits.total,
-      pageInfo: {
-        activePage: activePage ?? 0,
-        fakeTotalCount: 0,
-        showMorePagesIndicator: false,
-      },
     };
   },
 };
diff --git a/x-pack/plugins/osquery/server/search_strategy/osquery/index.ts b/x-pack/plugins/osquery/server/search_strategy/osquery/index.ts
index 5ca13d53ff204..3083e8c191786 100644
--- a/x-pack/plugins/osquery/server/search_strategy/osquery/index.ts
+++ b/x-pack/plugins/osquery/server/search_strategy/osquery/index.ts
@@ -5,10 +5,12 @@
  * 2.0.
  */
 
-import { map, mergeMap } from 'rxjs/operators';
+import { from, map, mergeMap } from 'rxjs';
 import type { ISearchStrategy, PluginStart } from '@kbn/data-plugin/server';
 import { shimHitsTotal } from '@kbn/data-plugin/server';
 import { ENHANCED_ES_SEARCH_STRATEGY } from '@kbn/data-plugin/common';
+import type { CoreStart } from '@kbn/core/server';
+import { ACTIONS_INDEX } from '../../../common/constants';
 import type {
   FactoryQueryTypes,
   StrategyResponseType,
@@ -18,7 +20,8 @@ import { osqueryFactory } from './factory';
 import type { OsqueryFactory } from './factory/types';
 
 export const osquerySearchStrategyProvider = <T extends FactoryQueryTypes>(
-  data: PluginStart
+  data: PluginStart,
+  esClient: CoreStart['elasticsearch']['client']
 ): ISearchStrategy<StrategyRequestType<T>, StrategyResponseType<T>> => {
   let es: typeof data.search.searchAsInternalUser;
 
@@ -29,31 +32,38 @@ export const osquerySearchStrategyProvider = <T extends FactoryQueryTypes>(
       }
 
       const queryFactory: OsqueryFactory<T> = osqueryFactory[request.factoryQueryType];
-      const dsl = queryFactory.buildDsl(request);
 
-      // use internal user for searching .fleet* indicies
-      es = dsl.index?.includes('fleet')
-        ? data.search.searchAsInternalUser
-        : data.search.getSearchStrategy(ENHANCED_ES_SEARCH_STRATEGY);
+      return from(
+        esClient.asInternalUser.indices.exists({
+          index: `${ACTIONS_INDEX}*`,
+        })
+      ).pipe(
+        mergeMap((exists) => {
+          const dsl = queryFactory.buildDsl({ ...request, componentTemplateExists: exists });
+          // use internal user for searching .fleet* indices
+          es =
+            dsl.index?.includes('fleet') || dsl.index?.includes('logs-osquery_manager.action')
+              ? data.search.searchAsInternalUser
+              : data.search.getSearchStrategy(ENHANCED_ES_SEARCH_STRATEGY);
 
-      return es
-        .search(
-          {
-            ...request,
-            params: dsl,
-          },
-          options,
-          deps
-        )
-        .pipe(
-          map((response) => ({
-            ...response,
-            ...{
-              rawResponse: shimHitsTotal(response.rawResponse),
+          return es.search(
+            {
+              ...request,
+              params: dsl,
             },
-          })),
-          mergeMap((esSearchRes) => queryFactory.parse(request, esSearchRes))
-        );
+            options,
+            deps
+          );
+        }),
+        map((response) => ({
+          ...response,
+          ...{
+            rawResponse: shimHitsTotal(response.rawResponse, options),
+          },
+          total: response.rawResponse.hits.total as number,
+        })),
+        mergeMap((esSearchRes) => queryFactory.parse(request, esSearchRes))
+      );
     },
     cancel: async (id, options, deps) => {
       if (es?.cancel) {
diff --git a/x-pack/plugins/osquery/server/types.ts b/x-pack/plugins/osquery/server/types.ts
index d3a95e61c8cdc..c838ca4502e94 100644
--- a/x-pack/plugins/osquery/server/types.ts
+++ b/x-pack/plugins/osquery/server/types.ts
@@ -19,6 +19,7 @@ import type {
   TaskManagerSetupContract as TaskManagerPluginSetup,
   TaskManagerStartContract as TaskManagerPluginStart,
 } from '@kbn/task-manager-plugin/server';
+import type { PluginStart as DataViewsPluginStart } from '@kbn/data-views-plugin/server';
 
 // eslint-disable-next-line @typescript-eslint/no-empty-interface
 export interface OsqueryPluginSetup {}
@@ -38,6 +39,7 @@ export interface SetupPlugins {
 export interface StartPlugins {
   actions: ActionsPlugin['start'];
   data: DataPluginStart;
+  dataViews: DataViewsPluginStart;
   fleet?: FleetStartContract;
   taskManager?: TaskManagerPluginStart;
   telemetry?: TelemetryPluginStart;
diff --git a/x-pack/plugins/osquery/server/usage/fetchers.ts b/x-pack/plugins/osquery/server/usage/fetchers.ts
index 7afb2a6615a20..fd4ba980d28a1 100644
--- a/x-pack/plugins/osquery/server/usage/fetchers.ts
+++ b/x-pack/plugins/osquery/server/usage/fetchers.ts
@@ -14,7 +14,11 @@ import type {
 import type { PackagePolicyServiceInterface } from '@kbn/fleet-plugin/server';
 import type { ElasticsearchClient, SavedObjectsClientContract } from '@kbn/core/server';
 import type { ListResult, PackagePolicy } from '@kbn/fleet-plugin/common';
-import { PACKAGE_POLICY_SAVED_OBJECT_TYPE } from '@kbn/fleet-plugin/common';
+import {
+  AGENTS_INDEX,
+  AGENT_ACTIONS_INDEX,
+  PACKAGE_POLICY_SAVED_OBJECT_TYPE,
+} from '@kbn/fleet-plugin/common';
 import { getRouteMetric } from '../routes/usage';
 import { OSQUERY_INTEGRATION_NAME } from '../../common';
 import { METRICS_INDICES } from './constants';
@@ -67,7 +71,7 @@ export async function getPolicyLevelUsage(
         },
       },
     },
-    index: '.fleet-agents',
+    index: AGENTS_INDEX,
     ignore_unavailable: true,
   });
   const policied = agentResponse.aggregations?.policied;
@@ -139,7 +143,7 @@ export async function getLiveQueryUsage(
         },
       },
     },
-    index: '.fleet-actions',
+    index: AGENT_ACTIONS_INDEX,
     ignore_unavailable: true,
   });
   const result: LiveQueryUsage = {
diff --git a/x-pack/plugins/translations/translations/fr-FR.json b/x-pack/plugins/translations/translations/fr-FR.json
index 91d192146b905..5157fbd18c845 100644
--- a/x-pack/plugins/translations/translations/fr-FR.json
+++ b/x-pack/plugins/translations/translations/fr-FR.json
@@ -22559,7 +22559,6 @@
     "xpack.osquery.liveQuery.permissionDeniedPromptBody": "Pour pouvoir consulter les résultats de requête, demandez à votre administrateur de mettre à jour votre rôle utilisateur de sorte à disposer des privilèges de {read} pour les index {logs}.",
     "xpack.osquery.liveQuery.permissionDeniedPromptTitle": "Autorisation refusée",
     "xpack.osquery.liveQuery.queryForm.largeQueryError": "La recherche est trop volumineuse ({maxLength} caractères maxi)",
-    "xpack.osquery.liveQueryActionResults.summary.agentsQueriedLabelText": "Recherche effectuée pour {count, plural, one {# agent} other {# agents}}",
     "xpack.osquery.liveQueryActionResults.summary.expiredLabelText": "Expiré",
     "xpack.osquery.liveQueryActionResults.summary.failedLabelText": "Échoué",
     "xpack.osquery.liveQueryActionResults.summary.pendingLabelText": "Pas encore répondu",
diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json
index 455bebbf84c0d..845c2a4c0c3b4 100644
--- a/x-pack/plugins/translations/translations/ja-JP.json
+++ b/x-pack/plugins/translations/translations/ja-JP.json
@@ -22640,7 +22640,6 @@
     "xpack.osquery.liveQuery.permissionDeniedPromptBody": "クエリ結果を表示するには、ユーザーロールを更新して、{logs}インデックスに対する{read}権限を付与するように、管理者に依頼してください。",
     "xpack.osquery.liveQuery.permissionDeniedPromptTitle": "パーミッションが拒否されました",
     "xpack.osquery.liveQuery.queryForm.largeQueryError": "クエリが大きすぎます（最大{maxLength}文字）",
-    "xpack.osquery.liveQueryActionResults.summary.agentsQueriedLabelText": "{count, plural, other  {#個のエージェント}}をクエリしました",
     "xpack.osquery.liveQueryActionResults.summary.expiredLabelText": "期限切れ",
     "xpack.osquery.liveQueryActionResults.summary.failedLabelText": "失敗",
     "xpack.osquery.liveQueryActionResults.summary.pendingLabelText": "未応答",
diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json
index 5b31d30036851..698f03f44f774 100644
--- a/x-pack/plugins/translations/translations/zh-CN.json
+++ b/x-pack/plugins/translations/translations/zh-CN.json
@@ -22665,7 +22665,6 @@
     "xpack.osquery.liveQuery.permissionDeniedPromptBody": "要查看查询结果，请要求管理员将您的角色更新为具有 {logs} 索引的索引 {read} 权限。",
     "xpack.osquery.liveQuery.permissionDeniedPromptTitle": "权限被拒绝",
     "xpack.osquery.liveQuery.queryForm.largeQueryError": "查询过大（最多 {maxLength} 个字符）",
-    "xpack.osquery.liveQueryActionResults.summary.agentsQueriedLabelText": "已查询 {count, plural, other {# 个代理}}",
     "xpack.osquery.liveQueryActionResults.summary.expiredLabelText": "已过期",
     "xpack.osquery.liveQueryActionResults.summary.failedLabelText": "失败",
     "xpack.osquery.liveQueryActionResults.summary.pendingLabelText": "尚未响应",
diff --git a/x-pack/test/api_integration/apis/osquery/packs.ts b/x-pack/test/api_integration/apis/osquery/packs.ts
index b04f9eaa7ebe2..840d5aecaeae0 100644
--- a/x-pack/test/api_integration/apis/osquery/packs.ts
+++ b/x-pack/test/api_integration/apis/osquery/packs.ts
@@ -110,17 +110,17 @@ export default function ({ getService }: FtrProviderContext) {
       packagePolicyId = packagePolicyResponse.body.item.id;
 
       const createPackResponse = await supertest
-        .post('/internal/osquery/packs')
+        .post('/api/osquery/packs')
         .set('kbn-xsrf', 'true')
         .send(getDefaultPack({ policyIds: [hostedPolicy.id] }));
 
-      packId = createPackResponse.body.id;
+      packId = createPackResponse.body.data.id;
       expect(createPackResponse.status).to.be(200);
 
-      const pack = await supertest.get('/internal/osquery/packs/' + packId).set('kbn-xsrf', 'true');
+      const pack = await supertest.get('/api/osquery/packs/' + packId).set('kbn-xsrf', 'true');
 
       expect(pack.status).to.be(200);
-      expect(pack.body.queries.testQuery.query).to.be(multiLineQuery);
+      expect(pack.body.data.queries.testQuery.query).to.be(multiLineQuery);
 
       const {
         body: {
@@ -135,15 +135,15 @@ export default function ({ getService }: FtrProviderContext) {
 
     it('update route should return 200 and multi line query, but single line query in packs config', async () => {
       const updatePackResponse = await supertest
-        .put('/internal/osquery/packs/' + packId)
+        .put('/api/osquery/packs/' + packId)
         .set('kbn-xsrf', 'true')
         .send(getDefaultPack({ policyIds: [hostedPolicy.id] }));
 
       expect(updatePackResponse.status).to.be(200);
-      expect(updatePackResponse.body.id).to.be(packId);
-      const pack = await supertest.get('/internal/osquery/packs/' + packId).set('kbn-xsrf', 'true');
+      expect(updatePackResponse.body.data.id).to.be(packId);
+      const pack = await supertest.get('/api/osquery/packs/' + packId).set('kbn-xsrf', 'true');
 
-      expect(pack.body.queries.testQuery.query).to.be(multiLineQuery);
+      expect(pack.body.data.queries.testQuery.query).to.be(multiLineQuery);
       const {
         body: {
           item: { inputs },

From 600523f0bf2f93f2d04bbb395f220c7121d280da Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Mon, 25 Jul 2022 10:18:22 +0300
Subject: [PATCH 02/12] Update dependency vega-lite to ^5.3.0 (#136145)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
---
 package.json |  2 +-
 yarn.lock    | 31 +++++++++----------------------
 2 files changed, 10 insertions(+), 23 deletions(-)

diff --git a/package.json b/package.json
index 2793164ab2a21..d85e7a64cdf46 100644
--- a/package.json
+++ b/package.json
@@ -525,7 +525,7 @@
     "uuid": "3.3.2",
     "vega": "^5.22.1",
     "vega-interpreter": "^1.0.4",
-    "vega-lite": "^5.2.0",
+    "vega-lite": "^5.3.0",
     "vega-schema-url-parser": "^2.2.0",
     "vega-spec-injector": "^0.0.2",
     "vega-tooltip": "^0.28.0",
diff --git a/yarn.lock b/yarn.lock
index f08fd0fc7a42e..5e69372bf198a 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -27682,7 +27682,7 @@ tsd@^0.20.0:
     path-exists "^4.0.0"
     read-pkg-up "^7.0.0"
 
-tslib@2.3.1, tslib@~2.3.1:
+tslib@2.3.1:
   version "2.3.1"
   resolved "https://registry.yarnpkg.com/tslib/-/tslib-2.3.1.tgz#e8a335add5ceae51aa261d32a490158ef042ef01"
   integrity sha512-77EbyPPpMz+FRFRuAFlWMtmgUWGe9UOG2Z25NqCwiIjRhOf5iKGuzSe5P2w1laq+FkRy4p+PCuVkJSGkzTEKVw==
@@ -27692,7 +27692,7 @@ tslib@^1, tslib@^1.0.0, tslib@^1.10.0, tslib@^1.8.1, tslib@^1.9.0, tslib@^1.9.3:
   resolved "https://registry.yarnpkg.com/tslib/-/tslib-1.13.0.tgz#c881e13cc7015894ed914862d276436fa9a47043"
   integrity sha512-i/6DQjL8Xf3be4K/E6Wgpekn5Qasl1usyw++dAA35Ue5orEn65VIxOA+YvNNl9HV3qv70T7CNwjODHZrLwvd1Q==
 
-tslib@^2.0.0, tslib@^2.0.1, tslib@^2.0.3, tslib@^2.1.0, tslib@^2.2.0, tslib@^2.3.1, tslib@^2.4.0:
+tslib@^2.0.0, tslib@^2.0.1, tslib@^2.0.3, tslib@^2.1.0, tslib@^2.2.0, tslib@^2.3.1, tslib@^2.4.0, tslib@~2.4.0:
   version "2.4.0"
   resolved "https://registry.yarnpkg.com/tslib/-/tslib-2.4.0.tgz#7cecaa7f073ce680a05847aa77be941098f36dc3"
   integrity sha512-d6xOpEDfsi2CZVlPQzGeux8XMwLT9hssAsaPYExaQMuYskwb+x1x7J371tWlbBdWHroy99KnVB6qIkUbs5X3UQ==
@@ -28688,10 +28688,10 @@ vega-label@~1.2.0:
     vega-scenegraph "^4.9.2"
     vega-util "^1.15.2"
 
-vega-lite@^5.2.0:
-  version "5.2.0"
-  resolved "https://registry.yarnpkg.com/vega-lite/-/vega-lite-5.2.0.tgz#bc3c5c70a38d9de8f3fb9644c7dd52f3b9f47a1b"
-  integrity sha512-Yxcg8MvYfxHcG6BbkaKT0oVCIMIcE19UvqIsEwBmyd/7h2nzW7oRnID81T8UrY7hpDrIr6wa2JADOT2dhGNErw==
+vega-lite@^5.3.0:
+  version "5.3.0"
+  resolved "https://registry.yarnpkg.com/vega-lite/-/vega-lite-5.3.0.tgz#b9b9ecd80e869e823e6848c67d0a8ad94954bdee"
+  integrity sha512-6giodZ/bJnWyLq6Gj4OyiDt7EndoGyC9f5xDQjo82yPpUiO4MuG9iiPMqR1SPKmG9/qPBf+klWQR0v/7Mgju0Q==
   dependencies:
     "@types/clone" "~2.1.1"
     array-flat-polyfill "^1.0.1"
@@ -28699,11 +28699,11 @@ vega-lite@^5.2.0:
     fast-deep-equal "~3.1.3"
     fast-json-stable-stringify "~2.1.0"
     json-stringify-pretty-compact "~3.0.0"
-    tslib "~2.3.1"
+    tslib "~2.4.0"
     vega-event-selector "~3.0.0"
     vega-expression "~5.0.0"
     vega-util "~1.17.0"
-    yargs "~17.2.1"
+    yargs "~17.5.1"
 
 vega-loader@^4.3.2, vega-loader@^4.4.0, vega-loader@~4.5.0:
   version "4.5.0"
@@ -29908,7 +29908,7 @@ yargs@^15.0.2, yargs@^15.3.1, yargs@^15.4.1:
     y18n "^4.0.0"
     yargs-parser "^18.1.2"
 
-yargs@^17.0.1, yargs@^17.2.1, yargs@^17.5.1:
+yargs@^17.0.1, yargs@^17.2.1, yargs@^17.5.1, yargs@~17.5.1:
   version "17.5.1"
   resolved "https://registry.yarnpkg.com/yargs/-/yargs-17.5.1.tgz#e109900cab6fcb7fd44b1d8249166feb0b36e58e"
   integrity sha512-t6YAJcxDkNX7NFYiVtKvWUz8l+PaKTLiL63mJYWR2GnHq2gjEWISzsLp9wg3aY36dY1j+gfIEL3pIF+XlJJfbA==
@@ -29953,19 +29953,6 @@ yargs@^7.1.0:
     y18n "^3.2.1"
     yargs-parser "5.0.0-security.0"
 
-yargs@~17.2.1:
-  version "17.2.1"
-  resolved "https://registry.yarnpkg.com/yargs/-/yargs-17.2.1.tgz#e2c95b9796a0e1f7f3bf4427863b42e0418191ea"
-  integrity sha512-XfR8du6ua4K6uLGm5S6fA+FIJom/MdJcFNVY8geLlp2v8GYbOXD4EB1tPNZsRn4vBzKGMgb5DRZMeWuFc2GO8Q==
-  dependencies:
-    cliui "^7.0.2"
-    escalade "^3.1.1"
-    get-caller-file "^2.0.5"
-    require-directory "^2.1.1"
-    string-width "^4.2.0"
-    y18n "^5.0.5"
-    yargs-parser "^20.2.2"
-
 yauzl@^2.10.0:
   version "2.10.0"
   resolved "https://registry.yarnpkg.com/yauzl/-/yauzl-2.10.0.tgz#c7eb17c93e112cb1086fa6d8e51fb0667b79a5f9"

From 1adaf53d25ec85d490febc0c847355290c59a45a Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Mon, 25 Jul 2022 00:21:44 -0700
Subject: [PATCH 03/12] Update dependency @elastic/charts to v47 (main)
 (#136984)

* Update dependency @elastic/charts to v47

* chore: fix typescript errors

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: nickofthyme <nicholas.partridge@elastic.co>
---
 package.json                                              | 2 +-
 .../public/components/tooltip/tooltip.test.tsx            | 1 +
 .../expression_xy/public/components/xy_chart.test.tsx     | 1 +
 yarn.lock                                                 | 8 ++++----
 4 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/package.json b/package.json
index d85e7a64cdf46..f680bfa092c0a 100644
--- a/package.json
+++ b/package.json
@@ -103,7 +103,7 @@
     "@elastic/apm-rum": "^5.12.0",
     "@elastic/apm-rum-react": "^1.4.2",
     "@elastic/apm-synthtrace": "link:bazel-bin/packages/elastic-apm-synthtrace",
-    "@elastic/charts": "46.13.0",
+    "@elastic/charts": "47.0.0",
     "@elastic/datemath": "5.0.3",
     "@elastic/elasticsearch": "npm:@elastic/elasticsearch-canary@8.3.0-canary.1",
     "@elastic/ems-client": "8.3.3",
diff --git a/src/plugins/chart_expressions/expression_xy/public/components/tooltip/tooltip.test.tsx b/src/plugins/chart_expressions/expression_xy/public/components/tooltip/tooltip.test.tsx
index 389c6c7571b24..26c1c7ff785a2 100644
--- a/src/plugins/chart_expressions/expression_xy/public/components/tooltip/tooltip.test.tsx
+++ b/src/plugins/chart_expressions/expression_xy/public/components/tooltip/tooltip.test.tsx
@@ -32,6 +32,7 @@ const getSeriesIdentifier = ({
   seriesSplitAccessors: Map<number | string, number | string>;
 }): XYChartSeriesIdentifier => ({
   specId: generateSeriesId({ layerId, xAccessor }, splitAccessors, yAccessor),
+  xAccessor: xAccessor ?? 'x',
   yAccessor: yAccessor ?? 'a',
   splitAccessors: seriesSplitAccessors,
   seriesKeys: [],
diff --git a/src/plugins/chart_expressions/expression_xy/public/components/xy_chart.test.tsx b/src/plugins/chart_expressions/expression_xy/public/components/xy_chart.test.tsx
index d09eedfaaf7b7..4de0f274697b0 100644
--- a/src/plugins/chart_expressions/expression_xy/public/components/xy_chart.test.tsx
+++ b/src/plugins/chart_expressions/expression_xy/public/components/xy_chart.test.tsx
@@ -1896,6 +1896,7 @@ describe('XYChart component', () => {
       seriesKeys: [],
       key: '',
       specId: 'a',
+      xAccessor: '',
       yAccessor: '',
       splitAccessors: new Map(),
     };
diff --git a/yarn.lock b/yarn.lock
index 5e69372bf198a..1e0e85a8235bd 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -1443,10 +1443,10 @@
   dependencies:
     object-hash "^1.3.0"
 
-"@elastic/charts@46.13.0":
-  version "46.13.0"
-  resolved "https://registry.yarnpkg.com/@elastic/charts/-/charts-46.13.0.tgz#6000de23944f264c8ac2bb0a8728fac1eb8c3b2f"
-  integrity sha512-v3qGpARn8stI5v6aSUaQE3tEYdZLmGgA//oU4BSLemmKUaBpaK5ZOYwjoBGdqzo52F7gqM7/O1QepdfxS/CBRw==
+"@elastic/charts@47.0.0":
+  version "47.0.0"
+  resolved "https://registry.yarnpkg.com/@elastic/charts/-/charts-47.0.0.tgz#031dcb82b6cc787df211356b81acf32f260b5cce"
+  integrity sha512-wyxO/GsnIGHX42PaZ3Xl2Wpo83eVhX3ZL0GSa7C8qiPt3HIJVviOcXR/6dC8ylP0XNjXa4NwVnhQZCn/+z7FOg==
   dependencies:
     "@popperjs/core" "^2.4.0"
     bezier-easing "^2.1.0"

From 1377ef2b3362693ca69bdf613ce809fb7f07d808 Mon Sep 17 00:00:00 2001
From: Boris Kirov <boris.kirov@elastic.co>
Date: Mon, 25 Jul 2022 09:24:23 +0200
Subject: [PATCH 04/12] added APM Settings in the global search list (#136830)

---
 x-pack/plugins/apm/public/plugin.ts | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/x-pack/plugins/apm/public/plugin.ts b/x-pack/plugins/apm/public/plugin.ts
index 69e35f1146536..abeff2b867ca6 100644
--- a/x-pack/plugins/apm/public/plugin.ts
+++ b/x-pack/plugins/apm/public/plugin.ts
@@ -123,6 +123,13 @@ const dependenciesTitle = i18n.translate(
   }
 );
 
+const apmSettingsTitle = i18n.translate(
+  'xpack.apm.navigation.apmSettingsTitle',
+  {
+    defaultMessage: 'Settings',
+  }
+);
+
 export class ApmPlugin implements Plugin<ApmPluginSetup, ApmPluginStart> {
   constructor(
     private readonly initializerContext: PluginInitializerContext<ConfigSchema>
@@ -303,6 +310,7 @@ export class ApmPlugin implements Plugin<ApmPluginSetup, ApmPluginStart> {
           title: dependenciesTitle,
           path: '/dependencies/inventory',
         },
+        { id: 'settings', title: apmSettingsTitle, path: '/settings' },
       ],
 
       async mount(appMountParameters: AppMountParameters<unknown>) {

From 8b21e25ecfc39896e2eb5bda8685b4c37793b54e Mon Sep 17 00:00:00 2001
From: Julian Gernun <julian.gernun@elastic.co>
Date: Mon, 25 Jul 2022 10:38:03 +0200
Subject: [PATCH 05/12] [RAM] Add the "updated at" feature in new alerts table
 (#136949)

* first commit

* fix and add test

* Update x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/toolbar/components/last_updated_at/translations.ts

Co-authored-by: Xavier Mouligneau <xavier.mouligneau@elastic.co>

* Update x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/toolbar/components/last_updated_at/translations.ts

Co-authored-by: Xavier Mouligneau <xavier.mouligneau@elastic.co>

Co-authored-by: Xavier Mouligneau <xavier.mouligneau@elastic.co>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
---
 .../alerts_table/alerts_table.test.tsx        | 29 +++++--
 .../sections/alerts_table/alerts_table.tsx    |  4 +-
 .../alerts_table/alerts_table_state.test.tsx  | 19 +++--
 .../alerts_table/alerts_table_state.tsx       | 13 ++-
 .../bulk_actions/bulk_actions.test.tsx        | 22 ++++--
 .../components/last_updated_at/index.tsx      | 79 +++++++++++++++++++
 .../last_updated_at/translations.ts           | 16 ++++
 .../toolbar/toolbar_visibility.tsx            | 23 +++++-
 .../triggers_actions_ui/public/types.ts       |  1 +
 9 files changed, 181 insertions(+), 25 deletions(-)
 create mode 100644 x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/toolbar/components/last_updated_at/index.tsx
 create mode 100644 x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/toolbar/components/last_updated_at/translations.ts

diff --git a/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/alerts_table.test.tsx b/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/alerts_table.test.tsx
index 3a7d693ce6375..acad34ac965f7 100644
--- a/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/alerts_table.test.tsx
+++ b/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/alerts_table.test.tsx
@@ -11,8 +11,9 @@ import userEvent from '@testing-library/user-event';
 import { EcsFieldsResponse } from '@kbn/rule-registry-plugin/common/search_strategy';
 
 import { AlertsTable } from './alerts_table';
-import { AlertsField } from '../../../types';
+import { AlertsField, AlertsTableProps } from '../../../types';
 import { EuiButtonIcon, EuiFlexItem } from '@elastic/eui';
+import { __IntlProvider as IntlProvider } from '@kbn/i18n-react';
 
 jest.mock('@kbn/data-plugin/public');
 
@@ -88,11 +89,18 @@ describe('AlertsTable', () => {
     useFetchAlertsData,
     visibleColumns: columns.map((c) => c.id),
     'data-test-subj': 'testTable',
+    updatedAt: Date.now(),
   };
 
+  const AlertsTableWithLocale: React.FunctionComponent<AlertsTableProps> = (props) => (
+    <IntlProvider locale="en">
+      <AlertsTable {...props} />
+    </IntlProvider>
+  );
+
   describe('Alerts table UI', () => {
     it('should support sorting', async () => {
-      const renderResult = render(<AlertsTable {...tableProps} />);
+      const renderResult = render(<AlertsTableWithLocale {...tableProps} />);
       userEvent.click(renderResult.container.querySelector('.euiDataGridHeaderCell__button')!);
       userEvent.click(renderResult.getByTestId(`dataGridHeaderCellActionGroup-${columns[0].id}`));
       userEvent.click(renderResult.getByTitle('Sort A-Z'));
@@ -102,14 +110,19 @@ describe('AlertsTable', () => {
     });
 
     it('should support pagination', async () => {
-      const renderResult = render(<AlertsTable {...tableProps} />);
+      const renderResult = render(<AlertsTableWithLocale {...tableProps} />);
       userEvent.click(renderResult.getByTestId('pagination-button-1'));
       expect(fetchAlertsData.onPageChange).toHaveBeenCalledWith({ pageIndex: 1, pageSize: 1 });
     });
 
+    it('should show when it was updated', () => {
+      const { getByTestId } = render(<AlertsTableWithLocale {...tableProps} />);
+      expect(getByTestId('toolbar-updated-at')).not.toBe(null);
+    });
+
     describe('leading control columns', () => {
       it('should return at least the flyout action control', async () => {
-        const wrapper = render(<AlertsTable {...tableProps} />);
+        const wrapper = render(<AlertsTableWithLocale {...tableProps} />);
         expect(wrapper.getByTestId('expandColumnHeaderLabel').textContent).toBe('Actions');
       });
 
@@ -125,7 +138,7 @@ describe('AlertsTable', () => {
             },
           ],
         };
-        const wrapper = render(<AlertsTable {...customTableProps} />);
+        const wrapper = render(<AlertsTableWithLocale {...customTableProps} />);
         expect(wrapper.queryByTestId('testHeader')).not.toBe(null);
         expect(wrapper.queryByTestId('testCell')).not.toBe(null);
       });
@@ -168,7 +181,7 @@ describe('AlertsTable', () => {
           },
         };
 
-        const { queryByTestId } = render(<AlertsTable {...customTableProps} />);
+        const { queryByTestId } = render(<AlertsTableWithLocale {...customTableProps} />);
         expect(queryByTestId('testActionColumn')).not.toBe(null);
         expect(queryByTestId('testActionColumn2')).not.toBe(null);
         expect(queryByTestId('expandColumnCellOpenFlyoutButton-0')).not.toBe(null);
@@ -211,7 +224,7 @@ describe('AlertsTable', () => {
           },
         };
 
-        const { queryByTestId } = render(<AlertsTable {...customTableProps} />);
+        const { queryByTestId } = render(<AlertsTableWithLocale {...customTableProps} />);
         expect(queryByTestId('testActionColumn')).not.toBe(null);
         expect(queryByTestId('testActionColumn2')).not.toBe(null);
         expect(queryByTestId('expandColumnCellOpenFlyoutButton-0')).toBe(null);
@@ -223,7 +236,7 @@ describe('AlertsTable', () => {
           showExpandToDetails: false,
         };
 
-        const { queryByTestId } = render(<AlertsTable {...customTableProps} />);
+        const { queryByTestId } = render(<AlertsTableWithLocale {...customTableProps} />);
         expect(queryByTestId('expandColumnHeaderLabel')).toBe(null);
         expect(queryByTestId('expandColumnCellOpenFlyoutButton')).toBe(null);
       });
diff --git a/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/alerts_table.tsx b/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/alerts_table.tsx
index 4bcc6afaa5a47..44429b472e60b 100644
--- a/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/alerts_table.tsx
+++ b/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/alerts_table.tsx
@@ -72,8 +72,10 @@ const AlertsTable: React.FunctionComponent<AlertsTableProps> = (props: AlertsTab
       alertsCount,
       rowSelection,
       alerts: alertsData.alerts,
+      updatedAt: props.updatedAt,
+      isLoading,
     });
-  }, [bulkActionsState, bulkActions, alertsCount, alertsData.alerts])();
+  }, [bulkActionsState, bulkActions, alertsCount, alertsData.alerts, props.updatedAt, isLoading])();
 
   const {
     pagination,
diff --git a/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/alerts_table_state.test.tsx b/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/alerts_table_state.test.tsx
index 267d467326fe5..3c1040a54b31e 100644
--- a/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/alerts_table_state.test.tsx
+++ b/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/alerts_table_state.test.tsx
@@ -19,9 +19,10 @@ import {
 } from '../../../types';
 import { PLUGIN_ID } from '../../../common/constants';
 import { TypeRegistry } from '../../type_registry';
-import AlertsTableState from './alerts_table_state';
+import AlertsTableState, { AlertsTableStateProps } from './alerts_table_state';
 import { useFetchAlerts } from './hooks/use_fetch_alerts';
 import { DefaultSort } from './hooks';
+import { __IntlProvider as IntlProvider } from '@kbn/i18n-react';
 
 jest.mock('./hooks/use_fetch_alerts');
 jest.mock('@kbn/kibana-utils-plugin/public');
@@ -103,6 +104,12 @@ hookUseFetchAlerts.mockImplementation(() => [
   },
 ]);
 
+const AlertsTableWithLocale: React.FunctionComponent<AlertsTableStateProps> = (props) => (
+  <IntlProvider locale="en">
+    <AlertsTableState {...props} />
+  </IntlProvider>
+);
+
 describe('AlertsTableState', () => {
   const tableProps = {
     alertsTableConfigurationRegistry: alertsTableConfigurationRegistryMock,
@@ -120,14 +127,14 @@ describe('AlertsTableState', () => {
 
   describe('Alerts table configuration registry', () => {
     it('should read the configuration from the registry', async () => {
-      render(<AlertsTableState {...tableProps} />);
+      render(<AlertsTableWithLocale {...tableProps} />);
       expect(hasMock).toHaveBeenCalledWith(PLUGIN_ID);
       expect(getMock).toHaveBeenCalledWith(PLUGIN_ID);
     });
 
     it('should render an empty error state when the plugin id owner is not registered', async () => {
       const props = { ...tableProps, configurationId: 'none' };
-      const result = render(<AlertsTableState {...props} />);
+      const result = render(<AlertsTableWithLocale {...props} />);
       expect(result.getByTestId('alertsTableNoConfiguration')).toBeTruthy();
     });
   });
@@ -137,7 +144,7 @@ describe('AlertsTableState', () => {
       hookUseFetchAlerts.mockClear();
     });
     it('should show a flyout when selecting an alert', async () => {
-      const wrapper = render(<AlertsTableState {...tableProps} />);
+      const wrapper = render(<AlertsTableWithLocale {...tableProps} />);
       userEvent.click(wrapper.queryByTestId('expandColumnCellOpenFlyoutButton-0')!);
 
       const result = await wrapper.findAllByTestId('alertsFlyout');
@@ -158,7 +165,7 @@ describe('AlertsTableState', () => {
 
     it('should refetch data if flyout pagination exceeds the current page', async () => {
       const wrapper = render(
-        <AlertsTableState
+        <AlertsTableWithLocale
           {...{
             ...tableProps,
             pageSize: 1,
@@ -210,7 +217,7 @@ describe('AlertsTableState', () => {
     });
 
     it('should render an empty screen if there are no alerts', async () => {
-      const result = render(<AlertsTableState {...tableProps} />);
+      const result = render(<AlertsTableWithLocale {...tableProps} />);
       expect(result.getByTestId('alertsStateTableEmptyState')).toBeTruthy();
     });
   });
diff --git a/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/alerts_table_state.tsx b/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/alerts_table_state.tsx
index e53cb6251fe9f..c48b170f262f7 100644
--- a/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/alerts_table_state.tsx
+++ b/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/alerts_table_state.tsx
@@ -149,7 +149,14 @@ const AlertsTableState = ({
 
   const [
     isLoading,
-    { alerts, isInitializing, getInspectQuery, refetch: refresh, totalAlerts: alertsCount },
+    {
+      alerts,
+      isInitializing,
+      getInspectQuery,
+      refetch: refresh,
+      totalAlerts: alertsCount,
+      updatedAt,
+    },
   ] = useFetchAlerts({
     fields: columns.map((col) => ({ field: col.id, include_unmapped: true })),
     featureIds,
@@ -215,6 +222,7 @@ const AlertsTableState = ({
       onSortChange,
       refresh,
       sort,
+      updatedAt,
     };
   }, [
     alerts,
@@ -228,6 +236,7 @@ const AlertsTableState = ({
     pagination.pageIndex,
     refresh,
     sort,
+    updatedAt,
   ]);
 
   const tableProps = useMemo(
@@ -246,6 +255,7 @@ const AlertsTableState = ({
       useFetchAlertsData,
       visibleColumns: storageAlertsTable.current.visibleColumns ?? [],
       'data-test-subj': 'internalAlertsState',
+      updatedAt,
     }),
     [
       alertsTableConfiguration,
@@ -254,6 +264,7 @@ const AlertsTableState = ({
       pagination.pageSize,
       showExpandToDetails,
       useFetchAlertsData,
+      updatedAt,
     ]
   );
 
diff --git a/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/bulk_actions/bulk_actions.test.tsx b/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/bulk_actions/bulk_actions.test.tsx
index 7bcd56a332d87..20a0d1a6bf087 100644
--- a/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/bulk_actions/bulk_actions.test.tsx
+++ b/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/bulk_actions/bulk_actions.test.tsx
@@ -14,6 +14,7 @@ import { BulkActionsContext } from './context';
 import { AlertsTable } from '../alerts_table';
 import { AlertsField, AlertsTableProps, BulkActionsState } from '../../../../types';
 import { bulkActionsReducer } from './reducer';
+import { __IntlProvider as IntlProvider } from '@kbn/i18n-react';
 
 jest.mock('@kbn/data-plugin/public');
 jest.mock('@kbn/kibana-react-plugin/public/ui_settings/use_ui_setting', () => ({
@@ -92,6 +93,7 @@ describe('AlertsTable.BulkActions', () => {
     useFetchAlertsData: () => alertsData,
     visibleColumns: columns.map((c) => c.id),
     'data-test-subj': 'testTable',
+    updatedAt: Date.now(),
   };
 
   const tablePropsWithBulkActions = {
@@ -127,22 +129,32 @@ describe('AlertsTable.BulkActions', () => {
     );
 
     return (
-      <BulkActionsContext.Provider value={initialBulkActionsState}>
-        <AlertsTable {...props} />
-      </BulkActionsContext.Provider>
+      <IntlProvider locale="en">
+        <BulkActionsContext.Provider value={initialBulkActionsState}>
+          <AlertsTable {...props} />
+        </BulkActionsContext.Provider>
+      </IntlProvider>
     );
   };
 
   describe('when the bulk action hook is not set', () => {
     it('should not show the bulk actions column', () => {
-      const { queryByTestId } = render(<AlertsTable {...tableProps} />);
+      const { queryByTestId } = render(
+        <IntlProvider locale="en">
+          <AlertsTable {...tableProps} />
+        </IntlProvider>
+      );
       expect(queryByTestId('bulk-actions-header')).toBeNull();
     });
   });
 
   describe('when the bulk action hook is set', () => {
     it('should show the bulk actions column', () => {
-      const { getByTestId } = render(<AlertsTable {...tablePropsWithBulkActions} />);
+      const { getByTestId } = render(
+        <IntlProvider locale="en">
+          <AlertsTable {...tablePropsWithBulkActions} />
+        </IntlProvider>
+      );
       expect(getByTestId('bulk-actions-header')).toBeDefined();
     });
 
diff --git a/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/toolbar/components/last_updated_at/index.tsx b/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/toolbar/components/last_updated_at/index.tsx
new file mode 100644
index 0000000000000..f2631b9fc0f26
--- /dev/null
+++ b/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/toolbar/components/last_updated_at/index.tsx
@@ -0,0 +1,79 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { EuiText, EuiToolTip } from '@elastic/eui';
+import { FormattedRelative } from '@kbn/i18n-react';
+import React, { useEffect, useMemo, useState } from 'react';
+
+import * as i18n from './translations';
+
+export interface LastUpdatedAtProps {
+  compact?: boolean;
+  updatedAt: number;
+  showUpdating?: boolean;
+}
+
+const Updated = React.memo<{ date: number; prefix: string; updatedAt: number }>(
+  ({ date, prefix, updatedAt }) => (
+    <>
+      {prefix}
+      {
+        <FormattedRelative
+          data-test-subj="last-updated-at-date"
+          key={`formatedRelative-${date}`}
+          value={new Date(updatedAt)}
+        />
+      }
+    </>
+  )
+);
+
+Updated.displayName = 'Updated';
+
+const prefix = ` ${i18n.UPDATED} `;
+
+export const LastUpdatedAt = React.memo<LastUpdatedAtProps>(
+  ({ compact = false, updatedAt, showUpdating = false }) => {
+    const [date, setDate] = useState(Date.now());
+
+    function tick() {
+      setDate(Date.now());
+    }
+
+    useEffect(() => {
+      const timerID = setInterval(() => tick(), 10000);
+      return () => {
+        clearInterval(timerID);
+      };
+    }, []);
+
+    const updateText = useMemo(() => {
+      if (showUpdating) {
+        return <span> {i18n.UPDATING}</span>;
+      }
+
+      if (!compact) {
+        return <Updated date={date} prefix={prefix} updatedAt={updatedAt} />;
+      }
+
+      return null;
+    }, [compact, date, showUpdating, updatedAt]);
+
+    return (
+      <EuiToolTip content={<Updated date={date} prefix={prefix} updatedAt={updatedAt} />}>
+        <EuiText color="subdued" size="xs" data-test-subj="toolbar-updated-at">
+          {updateText}
+        </EuiText>
+      </EuiToolTip>
+    );
+  }
+);
+
+LastUpdatedAt.displayName = 'LastUpdatedAt';
+
+// eslint-disable-next-line import/no-default-export
+export { LastUpdatedAt as default };
diff --git a/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/toolbar/components/last_updated_at/translations.ts b/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/toolbar/components/last_updated_at/translations.ts
new file mode 100644
index 0000000000000..ec68d475823b0
--- /dev/null
+++ b/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/toolbar/components/last_updated_at/translations.ts
@@ -0,0 +1,16 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { i18n } from '@kbn/i18n';
+
+export const UPDATING = i18n.translate('xpack.triggersActionsUI.alertsTable.lastUpdated.updating', {
+  defaultMessage: 'Updating...',
+});
+
+export const UPDATED = i18n.translate('xpack.triggersActionsUI.alertsTable.lastUpdated.updated', {
+  defaultMessage: 'Updated',
+});
diff --git a/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/toolbar/toolbar_visibility.tsx b/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/toolbar/toolbar_visibility.tsx
index ed6655c2abe07..df79c2723193b 100644
--- a/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/toolbar/toolbar_visibility.tsx
+++ b/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/toolbar/toolbar_visibility.tsx
@@ -9,31 +9,46 @@ import { EuiDataGridToolBarVisibilityOptions } from '@elastic/eui';
 import { EcsFieldsResponse } from '@kbn/rule-registry-plugin/common/search_strategy';
 import React, { lazy, Suspense } from 'react';
 import { BulkActionsConfig } from '../../../../types';
+import { LastUpdatedAt } from './components/last_updated_at';
 
 const BulkActionsToolbar = lazy(() => import('../bulk_actions/components/toolbar'));
 
+const getDefaultVisibility = (updatedAt: number) => {
+  return {
+    showColumnSelector: true,
+    showSortSelector: true,
+    additionalControls: {
+      right: <LastUpdatedAt updatedAt={updatedAt} />,
+    },
+  };
+};
+
 export const getToolbarVisibility = ({
   bulkActions,
   alertsCount,
   rowSelection,
   alerts,
+  isLoading,
+  updatedAt,
 }: {
   bulkActions: BulkActionsConfig[];
   alertsCount: number;
   rowSelection: Set<number>;
   alerts: EcsFieldsResponse[];
+  isLoading: boolean;
+  updatedAt: number;
 }): EuiDataGridToolBarVisibilityOptions => {
   const selectedRowsCount = rowSelection.size;
+  const defaultVisibility = getDefaultVisibility(updatedAt);
+
   if (selectedRowsCount === 0 || selectedRowsCount === undefined || bulkActions.length === 0)
-    return {
-      showColumnSelector: true,
-      showSortSelector: true,
-    };
+    return defaultVisibility;
 
   const options = {
     showColumnSelector: false,
     showSortSelector: false,
     additionalControls: {
+      ...defaultVisibility.additionalControls,
       left: {
         append: (
           <Suspense fallback={null}>
diff --git a/x-pack/plugins/triggers_actions_ui/public/types.ts b/x-pack/plugins/triggers_actions_ui/public/types.ts
index fc169d1679389..389683bc2d0d0 100644
--- a/x-pack/plugins/triggers_actions_ui/public/types.ts
+++ b/x-pack/plugins/triggers_actions_ui/public/types.ts
@@ -418,6 +418,7 @@ export interface AlertsTableProps {
   useFetchAlertsData: () => FetchAlertData;
   visibleColumns: string[];
   'data-test-subj': string;
+  updatedAt: number;
 }
 
 // TODO We need to create generic type between our plugin, right now we have different one because of the old alerts table

From 6e3f5850ff3e4395fd7683950c1a670cc9a45ecf Mon Sep 17 00:00:00 2001
From: Joe Reuter <johannes.reuter@elastic.co>
Date: Mon, 25 Jul 2022 10:38:54 +0200
Subject: [PATCH 06/12] stabilize legend filter click (#136925)

---
 test/functional/page_objects/visualize_chart_page.ts | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/test/functional/page_objects/visualize_chart_page.ts b/test/functional/page_objects/visualize_chart_page.ts
index bec2383629e7b..1caae58ad5af6 100644
--- a/test/functional/page_objects/visualize_chart_page.ts
+++ b/test/functional/page_objects/visualize_chart_page.ts
@@ -167,6 +167,8 @@ export class VisualizeChartPageObject extends FtrService {
   public async filterLegend(name: string, force = false) {
     await this.toggleLegend(force);
     await this.testSubjects.click(`legend-${name}`);
+    // wait for a short amount of time for popover to stabilize as there is no good way to check for that
+    await this.common.sleep(250);
     const filterIn = await this.testSubjects.find(`legend-${name}-filterIn`);
     await filterIn.click();
     await this.waitForVisualizationRenderingStabilized();

From 12259ce2813eed43faf02ac2fa851896474393a6 Mon Sep 17 00:00:00 2001
From: Julian Gernun <julian.gernun@elastic.co>
Date: Mon, 25 Jul 2022 11:12:48 +0200
Subject: [PATCH 07/12] Rule detail table with bulk actions (#136601)

* first commit

* remove not needed variable

* row action in o11y

* fix view in app for inventory rule when using the new alert table

* mistake

* review I

Co-authored-by: Xavier Mouligneau <xavier.mouligneau@elastic.co>
Co-authored-by: Maryam Saeidi <maryam.saeidi@elastic.co>
---
 .../alerting/metrics/alert_link.test.ts       | 119 +++++++++++++++++-
 .../common/alerting/metrics/alert_link.ts     |  56 +++++++--
 .../register_alerts_table_configuration.tsx   |   4 +
 .../alerts_table_t_grid.tsx                   |  99 ++++++++-------
 .../alerts_table_t_grid/get_row_actions.tsx   |  36 ++++++
 .../public/pages/rule_details/index.tsx       |  13 +-
 .../sections/alerts_table/alerts_table.tsx    |  26 ++--
 .../triggers_actions_ui/public/types.ts       |   5 +-
 8 files changed, 288 insertions(+), 70 deletions(-)
 create mode 100644 x-pack/plugins/observability/public/pages/alerts/containers/alerts_table_t_grid/get_row_actions.tsx

diff --git a/x-pack/plugins/infra/common/alerting/metrics/alert_link.test.ts b/x-pack/plugins/infra/common/alerting/metrics/alert_link.test.ts
index 80bac365d3562..5e0a9e38c1cf2 100644
--- a/x-pack/plugins/infra/common/alerting/metrics/alert_link.test.ts
+++ b/x-pack/plugins/infra/common/alerting/metrics/alert_link.test.ts
@@ -7,9 +7,70 @@
 
 import { ParsedTechnicalFields } from '@kbn/rule-registry-plugin/common/parse_technical_fields';
 import { ALERT_RULE_PARAMETERS, TIMESTAMP } from '@kbn/rule-data-utils';
-import { getInventoryViewInAppUrl } from './alert_link';
+import { getInventoryViewInAppUrl, flatAlertRuleParams } from './alert_link';
 
 describe('Inventory Threshold Rule', () => {
+  describe('flatAlertRuleParams', () => {
+    it('flat ALERT_RULE_PARAMETERS', () => {
+      expect(
+        flatAlertRuleParams(
+          {
+            sourceId: 'default',
+            criteria: [
+              {
+                comparator: '>',
+                timeSize: 1,
+                metric: 'cpu',
+                threshold: [5],
+                customMetric: {
+                  field: '',
+                  aggregation: 'avg',
+                  id: 'alert-custom-metric',
+                  type: 'custom',
+                },
+                timeUnit: 'm',
+              },
+            ],
+            nodeType: 'host',
+          },
+          ALERT_RULE_PARAMETERS
+        )
+      ).toMatchInlineSnapshot(`
+        Object {
+          "kibana.alert.rule.parameters.criteria.comparator": Array [
+            ">",
+          ],
+          "kibana.alert.rule.parameters.criteria.customMetric.aggregation": Array [
+            "avg",
+          ],
+          "kibana.alert.rule.parameters.criteria.customMetric.field": Array [
+            "",
+          ],
+          "kibana.alert.rule.parameters.criteria.customMetric.id": Array [
+            "alert-custom-metric",
+          ],
+          "kibana.alert.rule.parameters.criteria.customMetric.type": Array [
+            "custom",
+          ],
+          "kibana.alert.rule.parameters.criteria.metric": Array [
+            "cpu",
+          ],
+          "kibana.alert.rule.parameters.criteria.timeSize": Array [
+            1,
+          ],
+          "kibana.alert.rule.parameters.criteria.timeUnit": Array [
+            "m",
+          ],
+          "kibana.alert.rule.parameters.nodeType": Array [
+            "host",
+          ],
+          "kibana.alert.rule.parameters.sourceId": Array [
+            "default",
+          ],
+        }
+      `);
+    });
+  });
   describe('getInventoryViewInAppUrl', () => {
     it('should work with custom metrics', () => {
       const fields = {
@@ -36,5 +97,61 @@ describe('Inventory Threshold Rule', () => {
         '/app/metrics/link-to/inventory?customMetric=&metric=%28type%3Acpu%29&nodeType=h&timestamp=1640995200000'
       );
     });
+
+    it('should work with custom metrics when ALERT_RULE_PARAMETERS is an object', () => {
+      const fields = {
+        '@timestamp': '2022-01-01T00:00:00.000Z',
+        'kibana.alert.rule.parameters': {
+          sourceId: 'default',
+          criteria: [
+            {
+              comparator: '>',
+              timeSize: 1,
+              metric: 'custom',
+              threshold: [5],
+              customMetric: {
+                field: 'system.cpu.user.pct',
+                aggregation: 'avg',
+                id: 'alert-custom-metric',
+                type: 'custom',
+              },
+              timeUnit: 'm',
+            },
+          ],
+          nodeType: 'host',
+        },
+        _id: 'eaa439aa-a4bb-4e7c-b7f8-fbe532ca7366',
+        _index: '.internal.alerts-observability.metrics.alerts-default-000001',
+      } as unknown as ParsedTechnicalFields & Record<string, any>;
+      const url = getInventoryViewInAppUrl(fields);
+      expect(url).toEqual(
+        '/app/metrics/link-to/inventory?customMetric=%28aggregation%3Aavg%2Cfield%3Asystem.cpu.user.pct%2Cid%3Aalert-custom-metric%2Ctype%3Acustom%29&metric=%28aggregation%3Aavg%2Cfield%3Asystem.cpu.user.pct%2Cid%3Aalert-custom-metric%2Ctype%3Acustom%29&nodeType=host&timestamp=1640995200000'
+      );
+    });
+
+    it('should work with non-custom metrics when ALERT_RULE_PARAMETERS is an object', () => {
+      const fields = {
+        '@timestamp': '2022-01-01T00:00:00.000Z',
+        'kibana.alert.rule.parameters': {
+          sourceId: 'default',
+          criteria: [
+            {
+              comparator: '>',
+              timeSize: 1,
+              metric: 'cpu',
+              threshold: [5],
+              timeUnit: 'm',
+            },
+          ],
+          nodeType: 'host',
+        },
+        _id: 'eaa439aa-a4bb-4e7c-b7f8-fbe532ca7366',
+        _index: '.internal.alerts-observability.metrics.alerts-default-000001',
+      } as unknown as ParsedTechnicalFields & Record<string, any>;
+      const url = getInventoryViewInAppUrl(fields);
+      expect(url).toEqual(
+        '/app/metrics/link-to/inventory?customMetric=&metric=%28type%3Acpu%29&nodeType=host&timestamp=1640995200000'
+      );
+    });
   });
 });
diff --git a/x-pack/plugins/infra/common/alerting/metrics/alert_link.ts b/x-pack/plugins/infra/common/alerting/metrics/alert_link.ts
index 11068df93b926..a531911b7746b 100644
--- a/x-pack/plugins/infra/common/alerting/metrics/alert_link.ts
+++ b/x-pack/plugins/infra/common/alerting/metrics/alert_link.ts
@@ -10,26 +10,68 @@ import { encode } from 'rison-node';
 import { stringify } from 'query-string';
 import { ParsedTechnicalFields } from '@kbn/rule-registry-plugin/common/parse_technical_fields';
 
+export const flatAlertRuleParams = (params: {}, pKey = ''): Record<string, unknown[]> => {
+  return Object.entries(params).reduce((acc, [key, field]) => {
+    const objectKey = pKey.length ? `${pKey}.${key}` : key;
+    if (typeof field === 'object' && field != null) {
+      if (Array.isArray(field) && field.length > 0) {
+        return {
+          ...acc,
+          ...flatAlertRuleParams(field[0] as {}, objectKey),
+        };
+      } else {
+        return {
+          ...acc,
+          ...flatAlertRuleParams(field as {}, objectKey),
+        };
+      }
+    }
+    return {
+      ...acc,
+      [objectKey]: Array.isArray(field) ? field : [field],
+    };
+  }, {});
+};
+
 export const getInventoryViewInAppUrl = (
   fields: ParsedTechnicalFields & Record<string, any>
 ): string => {
+  let inventoryFields = fields;
+
+  /* Temporary Solution -> https://github.com/elastic/kibana/issues/137033
+   * In the alert table from timelines plugin (old table), we are using an API who is flattening all the response
+   * from elasticsearch to Record<string, string[]>, The new alert table API from TriggersActionUI is not doing that
+   * anymore, it is trusting and returning the way it has been done from the field API from elasticsearch. I think
+   * it is better to trust elasticsearch and the mapping of the doc. When o11y will only use the new alert table from
+   * triggersActionUI then we will stop using this flattening way and we will update the code to work with fields API,
+   * it will be less magic.
+   */
+  if (fields[ALERT_RULE_PARAMETERS]) {
+    inventoryFields = {
+      ...fields,
+      ...flatAlertRuleParams(fields[ALERT_RULE_PARAMETERS] as {}, ALERT_RULE_PARAMETERS),
+    };
+  }
+
   const nodeTypeField = `${ALERT_RULE_PARAMETERS}.nodeType`;
-  const nodeType = fields[nodeTypeField];
+  const nodeType = inventoryFields[nodeTypeField];
   let inventoryViewInAppUrl = '/app/metrics/link-to/inventory?';
+
   if (nodeType) {
     const linkToParams: Record<string, any> = {
-      nodeType: fields[nodeTypeField][0],
-      timestamp: Date.parse(fields[TIMESTAMP]),
+      nodeType: inventoryFields[nodeTypeField][0],
+      timestamp: Date.parse(inventoryFields[TIMESTAMP]),
       customMetric: '',
     };
     // We always pick the first criteria metric for the URL
-    const criteriaMetric = fields[`${ALERT_RULE_PARAMETERS}.criteria.metric`][0];
+    const criteriaMetric = inventoryFields[`${ALERT_RULE_PARAMETERS}.criteria.metric`][0];
     if (criteriaMetric === 'custom') {
-      const criteriaCustomMetricId = fields[`${ALERT_RULE_PARAMETERS}.criteria.customMetric.id`][0];
+      const criteriaCustomMetricId =
+        inventoryFields[`${ALERT_RULE_PARAMETERS}.criteria.customMetric.id`][0];
       const criteriaCustomMetricAggregation =
-        fields[`${ALERT_RULE_PARAMETERS}.criteria.customMetric.aggregation`][0];
+        inventoryFields[`${ALERT_RULE_PARAMETERS}.criteria.customMetric.aggregation`][0];
       const criteriaCustomMetricField =
-        fields[`${ALERT_RULE_PARAMETERS}.criteria.customMetric.field`][0];
+        inventoryFields[`${ALERT_RULE_PARAMETERS}.criteria.customMetric.field`][0];
 
       const customMetric = encode({
         id: criteriaCustomMetricId,
diff --git a/x-pack/plugins/observability/public/config/register_alerts_table_configuration.tsx b/x-pack/plugins/observability/public/config/register_alerts_table_configuration.tsx
index e2d3dc1130750..f119b07def3b7 100644
--- a/x-pack/plugins/observability/public/config/register_alerts_table_configuration.tsx
+++ b/x-pack/plugins/observability/public/config/register_alerts_table_configuration.tsx
@@ -7,10 +7,12 @@
 
 import type { GetRenderCellValue } from '@kbn/triggers-actions-ui-plugin/public';
 import { observabilityFeatureId } from '../../common';
+import { useBulkAddToCaseActions } from '../hooks/use_alert_bulk_case_actions';
 import { TopAlert, useToGetInternalFlyout } from '../pages/alerts';
 import { getRenderCellValue } from '../pages/alerts/components/render_cell_value';
 import { addDisplayNames } from '../pages/alerts/containers/alerts_table_t_grid/add_display_names';
 import { columns as alertO11yColumns } from '../pages/alerts/containers/alerts_table_t_grid/alerts_table_t_grid';
+import { getRowActions } from '../pages/alerts/containers/alerts_table_t_grid/get_row_actions';
 import type { ObservabilityRuleTypeRegistry } from '../rules/create_observability_rule_type_registry';
 
 const getO11yAlertsTableConfiguration = (
@@ -22,9 +24,11 @@ const getO11yAlertsTableConfiguration = (
     const { header, body, footer } = useToGetInternalFlyout(observabilityRuleTypeRegistry);
     return { header, body, footer };
   },
+  useActionsColumn: getRowActions(observabilityRuleTypeRegistry),
   getRenderCellValue: (({ setFlyoutAlert }: { setFlyoutAlert: (data: TopAlert) => void }) => {
     return getRenderCellValue({ observabilityRuleTypeRegistry, setFlyoutAlert });
   }) as unknown as GetRenderCellValue,
+  useBulkActions: useBulkAddToCaseActions,
 });
 
 export { getO11yAlertsTableConfiguration };
diff --git a/x-pack/plugins/observability/public/pages/alerts/containers/alerts_table_t_grid/alerts_table_t_grid.tsx b/x-pack/plugins/observability/public/pages/alerts/containers/alerts_table_t_grid/alerts_table_t_grid.tsx
index 9afe75f2ae310..ed2c3b6ae192b 100644
--- a/x-pack/plugins/observability/public/pages/alerts/containers/alerts_table_t_grid/alerts_table_t_grid.tsx
+++ b/x-pack/plugins/observability/public/pages/alerts/containers/alerts_table_t_grid/alerts_table_t_grid.tsx
@@ -63,7 +63,7 @@ import { getRenderCellValue } from '../../components/render_cell_value';
 import { observabilityAppId, observabilityFeatureId } from '../../../../../common';
 import { useGetUserCasesPermissions } from '../../../../hooks/use_get_user_cases_permissions';
 import { usePluginContext } from '../../../../hooks/use_plugin_context';
-import { LazyAlertsFlyout } from '../../../..';
+import { LazyAlertsFlyout, ObservabilityRuleTypeRegistry } from '../../../..';
 import { parseAlert } from '../../components/parse_alert';
 import { translations, paths } from '../../../../config';
 import { addDisplayNames } from './add_display_names';
@@ -82,9 +82,13 @@ interface AlertsTableTGridProps {
   itemsPerPage?: number;
 }
 
-interface ObservabilityActionsProps extends ActionProps {
+export type ObservabilityActionsProps = Pick<
+  ActionProps,
+  'data' | 'eventId' | 'ecsData' | 'setEventsDeleted'
+> & {
   setFlyoutAlert: React.Dispatch<React.SetStateAction<TopAlert | undefined>>;
-}
+  observabilityRuleTypeRegistry: ObservabilityRuleTypeRegistry;
+};
 
 const EventsThContent = styled.div.attrs(({ className = '' }) => ({
   className: `siemEventsTable__thContent ${className}`,
@@ -142,13 +146,13 @@ const NO_ROW_RENDER: RowRenderer[] = [];
 
 const trailingControlColumns: never[] = [];
 
-function ObservabilityActions({
+export function ObservabilityActions({
   data,
   eventId,
   ecsData,
+  observabilityRuleTypeRegistry,
   setFlyoutAlert,
 }: ObservabilityActionsProps) {
-  const { observabilityRuleTypeRegistry } = usePluginContext();
   const dataFieldEs = data.reduce((acc, d) => ({ ...acc, [d.field]: d.value }), {});
   const [openActionsPopoverId, setActionsPopover] = useState(null);
   const { cases, http } = useKibana<ObservabilityAppServices>().services;
@@ -263,42 +267,40 @@ function ObservabilityActions({
 
   return (
     <>
-      <EuiFlexGroup gutterSize="none" responsive={false}>
-        <EuiFlexItem>
-          <EuiToolTip content={translations.alertsTable.viewInAppTextLabel}>
-            <EuiButtonIcon
-              size="s"
-              href={http.basePath.prepend(alert.link ?? '')}
-              iconType="eye"
-              color="text"
-              aria-label={translations.alertsTable.viewInAppTextLabel}
-            />
-          </EuiToolTip>
-        </EuiFlexItem>
-        <EuiFlexItem>
-          <EuiPopover
-            button={
-              <EuiToolTip content={actionsToolTip}>
-                <EuiButtonIcon
-                  display="empty"
-                  size="s"
-                  color="text"
-                  iconType="boxesHorizontal"
-                  aria-label={actionsToolTip}
-                  onClick={() => toggleActionsPopover(eventId)}
-                  data-test-subj="alertsTableRowActionMore"
-                />
-              </EuiToolTip>
-            }
-            isOpen={openActionsPopoverId === eventId}
-            closePopover={closeActionsPopover}
-            panelPaddingSize="none"
-            anchorPosition="downLeft"
-          >
-            <EuiContextMenuPanel size="s" items={actionsMenuItems} />
-          </EuiPopover>
-        </EuiFlexItem>
-      </EuiFlexGroup>
+      <EuiFlexItem>
+        <EuiToolTip content={translations.alertsTable.viewInAppTextLabel}>
+          <EuiButtonIcon
+            size="s"
+            href={http.basePath.prepend(alert.link ?? '')}
+            iconType="eye"
+            color="text"
+            aria-label={translations.alertsTable.viewInAppTextLabel}
+          />
+        </EuiToolTip>
+      </EuiFlexItem>
+      <EuiFlexItem>
+        <EuiPopover
+          button={
+            <EuiToolTip content={actionsToolTip}>
+              <EuiButtonIcon
+                display="empty"
+                size="s"
+                color="text"
+                iconType="boxesHorizontal"
+                aria-label={actionsToolTip}
+                onClick={() => toggleActionsPopover(eventId)}
+                data-test-subj="alertsTableRowActionMore"
+              />
+            </EuiToolTip>
+          }
+          isOpen={openActionsPopoverId === eventId}
+          closePopover={closeActionsPopover}
+          panelPaddingSize="none"
+          anchorPosition="downLeft"
+        >
+          <EuiContextMenuPanel size="s" items={actionsMenuItems} />
+        </EuiPopover>
+      </EuiFlexItem>
     </>
   );
 }
@@ -377,16 +379,19 @@ export function AlertsTableTGrid(props: AlertsTableTGridProps) {
         },
         rowCellRender: (actionProps: ActionProps) => {
           return (
-            <ObservabilityActions
-              {...actionProps}
-              setEventsDeleted={setEventsDeleted}
-              setFlyoutAlert={setFlyoutAlert}
-            />
+            <EuiFlexGroup gutterSize="none" responsive={false}>
+              <ObservabilityActions
+                {...actionProps}
+                setEventsDeleted={setEventsDeleted}
+                setFlyoutAlert={setFlyoutAlert}
+                observabilityRuleTypeRegistry={observabilityRuleTypeRegistry}
+              />
+            </EuiFlexGroup>
           );
         },
       },
     ];
-  }, [setEventsDeleted]);
+  }, [setEventsDeleted, observabilityRuleTypeRegistry]);
 
   const onStateChange = useCallback(
     (state: TGridState) => {
diff --git a/x-pack/plugins/observability/public/pages/alerts/containers/alerts_table_t_grid/get_row_actions.tsx b/x-pack/plugins/observability/public/pages/alerts/containers/alerts_table_t_grid/get_row_actions.tsx
new file mode 100644
index 0000000000000..61fc0afbe16ef
--- /dev/null
+++ b/x-pack/plugins/observability/public/pages/alerts/containers/alerts_table_t_grid/get_row_actions.tsx
@@ -0,0 +1,36 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import React from 'react';
+import { EcsFieldsResponse } from '@kbn/rule-registry-plugin/common/search_strategy';
+import { ObservabilityRuleTypeRegistry } from '../../../../rules/create_observability_rule_type_registry';
+import { ObservabilityActions } from './alerts_table_t_grid';
+import type { ObservabilityActionsProps } from './alerts_table_t_grid';
+
+const buildData = (alerts: EcsFieldsResponse): ObservabilityActionsProps['data'] => {
+  return Object.entries(alerts).reduce<ObservabilityActionsProps['data']>(
+    (acc, [field, value]) => [...acc, { field, value }],
+    []
+  );
+};
+const fakeSetEventsDeleted = () => [];
+export const getRowActions = (observabilityRuleTypeRegistry: ObservabilityRuleTypeRegistry) => {
+  return () => ({
+    renderCustomActionsRow: (alert: EcsFieldsResponse, setFlyoutAlert: (data: unknown) => void) => {
+      return (
+        <ObservabilityActions
+          data={buildData(alert)}
+          eventId={alert._id}
+          ecsData={{ _id: alert._id, _index: alert._index }}
+          observabilityRuleTypeRegistry={observabilityRuleTypeRegistry}
+          setEventsDeleted={fakeSetEventsDeleted}
+          setFlyoutAlert={setFlyoutAlert}
+        />
+      );
+    },
+    width: 120,
+  });
+};
diff --git a/x-pack/plugins/observability/public/pages/rule_details/index.tsx b/x-pack/plugins/observability/public/pages/rule_details/index.tsx
index b99a20b8db07a..c0884dd6a134a 100644
--- a/x-pack/plugins/observability/public/pages/rule_details/index.tsx
+++ b/x-pack/plugins/observability/public/pages/rule_details/index.tsx
@@ -34,6 +34,7 @@ import {
 import { ALERTS_FEATURE_ID, RuleExecutionStatusErrorReasons } from '@kbn/alerting-plugin/common';
 import { AlertConsumers } from '@kbn/rule-data-utils';
 import { RuleDefinitionProps } from '@kbn/triggers-actions-ui-plugin/public';
+import { useKibana } from '@kbn/kibana-react-plugin/public';
 import { DeleteModalConfirmation } from './components/delete_modal_confirmation';
 import { CenterJustifiedSpinner } from './components/center_justified_spinner';
 import { RuleDetailsPathParams, EVENT_LOG_LIST_TAB, ALERT_LIST_TAB } from './types';
@@ -42,15 +43,17 @@ import { usePluginContext } from '../../hooks/use_plugin_context';
 import { useFetchRule } from '../../hooks/use_fetch_rule';
 import { RULES_BREADCRUMB_TEXT } from '../rules/translations';
 import { PageTitle } from './components';
-import { useKibana } from '../../utils/kibana_react';
 import { getHealthColor } from './config';
 import { hasExecuteActionsCapability, hasAllPrivilege } from './config';
 import { paths } from '../../config/paths';
 import { observabilityFeatureId } from '../../../common';
 import { ALERT_STATUS_LICENSE_ERROR, rulesStatusesTranslationsMapping } from './translations';
+import { ObservabilityAppServices } from '../../application/types';
+import { useGetUserCasesPermissions } from '../../hooks/use_get_user_cases_permissions';
 
 export function RuleDetailsPage() {
   const {
+    cases,
     http,
     triggersActionsUi: {
       alertsTableConfigurationRegistry,
@@ -63,7 +66,7 @@ export function RuleDetailsPage() {
     },
     application: { capabilities, navigateToUrl },
     notifications: { toasts },
-  } = useKibana().services;
+  } = useKibana<ObservabilityAppServices>().services;
 
   const { ruleId } = useParams<RuleDetailsPathParams>();
   const { ObservabilityPageTemplate, observabilityRuleTypeRegistry } = usePluginContext();
@@ -150,7 +153,13 @@ export function RuleDetailsPage() {
       ? !ruleTypeRegistry.get(rule.ruleTypeId).requiresAppContext
       : false);
 
+  const userPermissions = useGetUserCasesPermissions();
+
   const alertStateProps = {
+    cases: {
+      ui: cases.ui,
+      permissions: userPermissions,
+    },
     alertsTableConfigurationRegistry,
     configurationId: observabilityFeatureId,
     id: `case-details-alerts-o11y`,
diff --git a/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/alerts_table.tsx b/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/alerts_table.tsx
index 44429b472e60b..2708da04bc996 100644
--- a/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/alerts_table.tsx
+++ b/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/alerts_table.tsx
@@ -92,6 +92,17 @@ const AlertsTable: React.FunctionComponent<AlertsTableProps> = (props: AlertsTab
 
   const [visibleColumns, setVisibleColumns] = useState(props.visibleColumns);
 
+  // TODO when every solution is using this table, we will be able to simplify it by just passing the alert index
+  const handleFlyoutAlert = useCallback(
+    (alert) => {
+      const idx = alerts.findIndex((a) =>
+        (a as any)[ALERT_UUID].includes(alert.fields[ALERT_UUID])
+      );
+      setFlyoutAlertIndex(idx);
+    },
+    [alerts, setFlyoutAlertIndex]
+  );
+
   const onChangeVisibleColumns = useCallback(
     (newColumns: string[]) => {
       setVisibleColumns(newColumns);
@@ -144,7 +155,8 @@ const AlertsTable: React.FunctionComponent<AlertsTableProps> = (props: AlertsTab
                     </EuiToolTip>
                   </EuiFlexItem>
                 )}
-                {renderCustomActionsRow && renderCustomActionsRow(alerts[visibleRowIndex])}
+                {renderCustomActionsRow &&
+                  renderCustomActionsRow(alerts[visibleRowIndex], handleFlyoutAlert)}
               </EuiFlexGroup>
             );
           },
@@ -161,6 +173,7 @@ const AlertsTable: React.FunctionComponent<AlertsTableProps> = (props: AlertsTab
   }, [
     actionsColumnWidth,
     alerts,
+    handleFlyoutAlert,
     getBulkActionsLeadingControlColumn,
     isBulkActionsColumnActive,
     props.leadingControlColumns,
@@ -179,17 +192,6 @@ const AlertsTable: React.FunctionComponent<AlertsTableProps> = (props: AlertsTab
 
   const handleFlyoutClose = useCallback(() => setFlyoutAlertIndex(-1), [setFlyoutAlertIndex]);
 
-  // TODO when every solution is using this table, we will be able to simplify it by just passing the alert index
-  const handleFlyoutAlert = useCallback(
-    (alert) => {
-      const idx = alerts.findIndex((a) =>
-        (a as any)[ALERT_UUID].includes(alert.fields[ALERT_UUID])
-      );
-      setFlyoutAlertIndex(idx);
-    },
-    [alerts, setFlyoutAlertIndex]
-  );
-
   const basicRenderCellValue = ({
     data,
     columnId,
diff --git a/x-pack/plugins/triggers_actions_ui/public/types.ts b/x-pack/plugins/triggers_actions_ui/public/types.ts
index 389683bc2d0d0..01a012820e318 100644
--- a/x-pack/plugins/triggers_actions_ui/public/types.ts
+++ b/x-pack/plugins/triggers_actions_ui/public/types.ts
@@ -460,7 +460,10 @@ export interface AlertsTableConfigurationRegistry {
   sort?: SortCombinations[];
   getRenderCellValue?: GetRenderCellValue;
   useActionsColumn?: () => {
-    renderCustomActionsRow: (alert?: EcsFieldsResponse) => JSX.Element;
+    renderCustomActionsRow: (
+      alert: EcsFieldsResponse,
+      setFlyoutAlert: (data: unknown) => void
+    ) => JSX.Element;
     width?: number;
   };
   useBulkActions?: UseBulkActionsRegistry;

From 0cc899cdb0d86928a3c1290ef7389cc395d7b2d8 Mon Sep 17 00:00:00 2001
From: Vitalii Dmyterko <92328789+vitaliidm@users.noreply.github.com>
Date: Mon, 25 Jul 2022 10:47:12 +0100
Subject: [PATCH 08/12] [Security Solution][Detections]  adds confirmation
 modal window for bulk exporting action (#136418)

## Summary

- addresses https://github.com/elastic/kibana/issues/127746
- when users select rules for bulk export confirmation dialog is displayed, that shows how many rules can be exported. Only custom rules are exportable
- if no rules can be exported, dialog will show users, that action is not available
- changes successful export message, by showing note that prebuilt rules are excluded, only when rule have been excluded

### Modal windows

#### no rules can be exported
<img width="1293" alt="Screenshot 2022-07-18 at 14 01 36" src="https://user-images.githubusercontent.com/92328789/179517392-913f3dd9-4118-46eb-ba35-77d46906efd2.png">

#### some rules can be exported
<img width="1267" alt="Screenshot 2022-07-18 at 14 02 30" src="https://user-images.githubusercontent.com/92328789/179517376-cff64ee2-af9a-448b-aa2a-ce19e1542d6b.png">


### Implementation details
- we won't need dry run action here, because export doesn't mutate state
- once user click on export, we download file in browser, read it, and display message to user how many rules can/can't be exported
- since all failed export are immutable rules, we can safely display immutable message error to users in modal window
- user can proceed with download of exported rules OR cancel export action, thus experience will become consistent with bulk edit

### Checklist

Delete any items that are not applicable to this PR.

- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios

### For maintainers

- [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)


### Release note
improves user experience for bulk export of security rules, by displaying confirmation modal, that show how many rules can be exported
---
 .../detection_rules/bulk_edit_rules.spec.ts   |  11 +-
 .../detection_rules/export_rule.spec.ts       |  63 ++++++-
 .../cypress/screens/alerts_detection_rules.ts |   2 +
 .../cypress/tasks/alerts_detection_rules.ts   |  19 +++
 .../rules/rule_actions_overflow/index.tsx     |   3 +-
 .../detection_engine/rules/all/actions.ts     | 100 ++++++++++--
 .../bulk_action_dry_run_confirmation.tsx      |  95 +++++++++++
 ... => bulk_action_rule_errors_list.test.tsx} |  20 ++-
 .../bulk_action_rule_errors_list.tsx          | 154 ++++++++++++++++++
 .../bulk_edit_dry_run_confirmation.tsx        |  62 -------
 .../bulk_edit_rule_errors_list.tsx            |  84 ----------
 .../rules/all/bulk_actions/types.ts           |  38 +++++
 .../all/bulk_actions/use_bulk_actions.tsx     |  60 +++++--
 .../use_bulk_actions_confirmation.ts          |  56 +++++++
 .../bulk_actions/use_bulk_actions_dry_run.ts  |  44 +----
 .../all/bulk_actions/utils/dry_run_result.ts  |  54 ++++++
 .../utils/prepare_search_params.test.ts       |   2 +-
 .../utils/prepare_search_params.ts            |   2 +-
 .../rules/all/rules_table_actions.tsx         |   4 +-
 .../rules/all/rules_tables.tsx                |  34 ++--
 .../detection_engine/rules/translations.ts    |  38 ++++-
 21 files changed, 679 insertions(+), 266 deletions(-)
 create mode 100644 x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/bulk_actions/bulk_action_dry_run_confirmation.tsx
 rename x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/bulk_actions/{bulk_edit_rule_errors_list.test.tsx => bulk_action_rule_errors_list.test.tsx} (76%)
 create mode 100644 x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/bulk_actions/bulk_action_rule_errors_list.tsx
 delete mode 100644 x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/bulk_actions/bulk_edit_dry_run_confirmation.tsx
 delete mode 100644 x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/bulk_actions/bulk_edit_rule_errors_list.tsx
 create mode 100644 x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/bulk_actions/types.ts
 create mode 100644 x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/bulk_actions/use_bulk_actions_confirmation.ts
 create mode 100644 x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/bulk_actions/utils/dry_run_result.ts

diff --git a/x-pack/plugins/security_solution/cypress/integration/detection_rules/bulk_edit_rules.spec.ts b/x-pack/plugins/security_solution/cypress/integration/detection_rules/bulk_edit_rules.spec.ts
index d5368f2bc665c..20da46b4a3cf9 100644
--- a/x-pack/plugins/security_solution/cypress/integration/detection_rules/bulk_edit_rules.spec.ts
+++ b/x-pack/plugins/security_solution/cypress/integration/detection_rules/bulk_edit_rules.spec.ts
@@ -10,7 +10,6 @@ import {
   CUSTOM_RULES_BTN,
   MODAL_CONFIRMATION_BTN,
   SELECT_ALL_RULES_ON_PAGE_CHECKBOX,
-  LOAD_PREBUILT_RULES_ON_PAGE_HEADER_BTN,
   RULES_TAGS_FILTER_BTN,
   RULE_CHECKBOX,
   RULES_TAGS_POPOVER_BTN,
@@ -29,11 +28,12 @@ import {
   waitForRulesTableToBeLoaded,
   selectAllRules,
   goToTheRuleDetailsOf,
-  waitForRulesTableToBeRefreshed,
   selectNumberOfRules,
   testAllTagsBadges,
   testTagsBadge,
   testMultipleSelectedRulesLabel,
+  loadPrebuiltDetectionRulesFromHeaderBtn,
+  switchToElasticRules,
 } from '../../tasks/alerts_detection_rules';
 
 import {
@@ -105,14 +105,11 @@ describe('Detection rules, bulk edit', () => {
   it('should show warning modal windows when some of the selected rules cannot be edited', () => {
     createMachineLearningRule(getMachineLearningRule(), '7');
 
-    cy.get(LOAD_PREBUILT_RULES_ON_PAGE_HEADER_BTN)
-      .pipe(($el) => $el.trigger('click'))
-      .should('not.exist');
+    loadPrebuiltDetectionRulesFromHeaderBtn();
 
     // select few Elastic rules, check if we can't proceed further, as ELastic rules are not editable
     // filter rules, only Elastic rule to show
-    cy.get(ELASTIC_RULES_BTN).click();
-    waitForRulesTableToBeRefreshed();
+    switchToElasticRules();
 
     // check modal window for few selected rules
     selectNumberOfRules(numberOfRulesPerPage);
diff --git a/x-pack/plugins/security_solution/cypress/integration/detection_rules/export_rule.spec.ts b/x-pack/plugins/security_solution/cypress/integration/detection_rules/export_rule.spec.ts
index 1c299004f442d..d48a2d847892a 100644
--- a/x-pack/plugins/security_solution/cypress/integration/detection_rules/export_rule.spec.ts
+++ b/x-pack/plugins/security_solution/cypress/integration/detection_rules/export_rule.spec.ts
@@ -5,13 +5,24 @@
  * 2.0.
  */
 
-import { expectedExportedRule, getNewRule } from '../../objects/rule';
+import { expectedExportedRule, getNewRule, totalNumberOfPrebuiltRules } from '../../objects/rule';
 
-import { TOASTER_BODY } from '../../screens/alerts_detection_rules';
+import {
+  TOASTER_BODY,
+  MODAL_CONFIRMATION_BODY,
+  MODAL_CONFIRMATION_BTN,
+} from '../../screens/alerts_detection_rules';
 
-import { exportFirstRule } from '../../tasks/alerts_detection_rules';
+import {
+  exportFirstRule,
+  loadPrebuiltDetectionRulesFromHeaderBtn,
+  switchToElasticRules,
+  selectNumberOfRules,
+  bulkExportRules,
+  selectAllRules,
+} from '../../tasks/alerts_detection_rules';
 import { createCustomRule } from '../../tasks/api_calls/rules';
-import { cleanKibana } from '../../tasks/common';
+import { cleanKibana, deleteAlertsAndRules } from '../../tasks/common';
 import { login, visitWithoutDateRange } from '../../tasks/login';
 
 import { DETECTIONS_RULE_MANAGEMENT_URL } from '../../urls/navigation';
@@ -23,6 +34,7 @@ describe('Export rules', () => {
   });
 
   beforeEach(() => {
+    deleteAlertsAndRules();
     // Rules get exported via _bulk_action endpoint
     cy.intercept('POST', '/api/detection_engine/rules/_bulk_action').as('bulk_action');
     visitWithoutDateRange(DETECTIONS_RULE_MANAGEMENT_URL);
@@ -33,10 +45,45 @@ describe('Export rules', () => {
     exportFirstRule();
     cy.wait('@bulk_action').then(({ response }) => {
       cy.wrap(response?.body).should('eql', expectedExportedRule(this.ruleResponse));
-      cy.get(TOASTER_BODY).should(
-        'have.text',
-        'Successfully exported 1 of 1 rule. Prebuilt rules were excluded from the resulting file.'
-      );
+      cy.get(TOASTER_BODY).should('have.text', 'Successfully exported 1 of 1 rule.');
     });
   });
+
+  it('shows a modal saying that no rules can be exported if all the selected rules are prebuilt', function () {
+    const expectedElasticRulesCount = 7;
+
+    loadPrebuiltDetectionRulesFromHeaderBtn();
+
+    switchToElasticRules();
+    selectNumberOfRules(expectedElasticRulesCount);
+    bulkExportRules();
+
+    cy.get(MODAL_CONFIRMATION_BODY).contains(
+      `${expectedElasticRulesCount} prebuilt Elastic rules (exporting prebuilt rules is not supported)`
+    );
+  });
+
+  it('exports only custom rules', function () {
+    const expectedNumberCustomRulesToBeExported = 1;
+    const totalNumberOfRules = expectedNumberCustomRulesToBeExported + totalNumberOfPrebuiltRules;
+
+    loadPrebuiltDetectionRulesFromHeaderBtn();
+
+    selectAllRules();
+    bulkExportRules();
+
+    cy.get(MODAL_CONFIRMATION_BODY).contains(
+      `${totalNumberOfPrebuiltRules} prebuilt Elastic rules (exporting prebuilt rules is not supported)`
+    );
+
+    // proceed with exporting only custom rules
+    cy.get(MODAL_CONFIRMATION_BTN)
+      .should('have.text', `Export ${expectedNumberCustomRulesToBeExported} Custom rule`)
+      .click();
+
+    cy.get(TOASTER_BODY).should(
+      'contain',
+      `Successfully exported ${expectedNumberCustomRulesToBeExported} of ${totalNumberOfRules} rules. Prebuilt rules were excluded from the resulting file.`
+    );
+  });
 });
diff --git a/x-pack/plugins/security_solution/cypress/screens/alerts_detection_rules.ts b/x-pack/plugins/security_solution/cypress/screens/alerts_detection_rules.ts
index 7eb9b6262a054..950655e850a73 100644
--- a/x-pack/plugins/security_solution/cypress/screens/alerts_detection_rules.ts
+++ b/x-pack/plugins/security_solution/cypress/screens/alerts_detection_rules.ts
@@ -35,6 +35,8 @@ export const ELASTIC_RULES_BTN = '[data-test-subj="showElasticRulesFilterButton"
 
 export const EXPORT_ACTION_BTN = '[data-test-subj="exportRuleAction"]';
 
+export const BULK_EXPORT_ACTION_BTN = '[data-test-subj="exportRuleBulk"]';
+
 export const FIRST_RULE = 0;
 
 export const FOURTH_RULE = 3;
diff --git a/x-pack/plugins/security_solution/cypress/tasks/alerts_detection_rules.ts b/x-pack/plugins/security_solution/cypress/tasks/alerts_detection_rules.ts
index 5f7700d3c55ef..40ab35a2d7b55 100644
--- a/x-pack/plugins/security_solution/cypress/tasks/alerts_detection_rules.ts
+++ b/x-pack/plugins/security_solution/cypress/tasks/alerts_detection_rules.ts
@@ -14,6 +14,7 @@ import {
   DELETE_RULE_ACTION_BTN,
   DELETE_RULE_BULK_BTN,
   LOAD_PREBUILT_RULES_BTN,
+  LOAD_PREBUILT_RULES_ON_PAGE_HEADER_BTN,
   RULES_TABLE_INITIAL_LOADING_INDICATOR,
   RULES_TABLE_REFRESH_INDICATOR,
   RULES_TABLE_AUTOREFRESH_INDICATOR,
@@ -50,6 +51,8 @@ import {
   SELECTED_RULES_NUMBER_LABEL,
   REFRESH_SETTINGS_POPOVER,
   REFRESH_SETTINGS_SWITCH,
+  ELASTIC_RULES_BTN,
+  BULK_EXPORT_ACTION_BTN,
 } from '../screens/alerts_detection_rules';
 import { ALL_ACTIONS } from '../screens/rule_details';
 import { LOADING_INDICATOR } from '../screens/security_header';
@@ -168,6 +171,12 @@ export const loadPrebuiltDetectionRules = () => {
     .should('be.disabled');
 };
 
+export const loadPrebuiltDetectionRulesFromHeaderBtn = () => {
+  cy.get(LOAD_PREBUILT_RULES_ON_PAGE_HEADER_BTN)
+    .pipe(($el) => $el.trigger('click'))
+    .should('not.exist');
+};
+
 export const openIntegrationsPopover = () => {
   cy.get(INTEGRATIONS_POPOVER).click();
 };
@@ -328,3 +337,13 @@ export const mockGlobalClock = () => {
 
   cy.clock(Date.now(), ['setInterval', 'clearInterval', 'Date']);
 };
+
+export const switchToElasticRules = () => {
+  cy.get(ELASTIC_RULES_BTN).click();
+  waitForRulesTableToBeRefreshed();
+};
+
+export const bulkExportRules = () => {
+  cy.get(BULK_ACTIONS_BTN).click();
+  cy.get(BULK_EXPORT_ACTION_BTN).click();
+};
diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/rule_actions_overflow/index.tsx b/x-pack/plugins/security_solution/public/detections/components/rules/rule_actions_overflow/index.tsx
index 554f9a61ece7e..27b776e67c61f 100644
--- a/x-pack/plugins/security_solution/public/detections/components/rules/rule_actions_overflow/index.tsx
+++ b/x-pack/plugins/security_solution/public/detections/components/rules/rule_actions_overflow/index.tsx
@@ -28,6 +28,7 @@ import type { Rule } from '../../../containers/detection_engine/rules';
 import {
   executeRulesBulkAction,
   goToRuleEditPage,
+  bulkExportRules,
 } from '../../../pages/detection_engine/rules/all/actions';
 import * as i18nActions from '../../../pages/detection_engine/rules/translations';
 import * as i18n from './translations';
@@ -108,7 +109,7 @@ const RuleActionsOverflowComponent = ({
               onClick={async () => {
                 startTransaction({ name: SINGLE_RULE_ACTIONS.EXPORT });
                 closePopover();
-                await executeRulesBulkAction({
+                await bulkExportRules({
                   action: BulkAction.export,
                   onSuccess: noop,
                   search: { ids: [rule.id] },
diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/actions.ts b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/actions.ts
index 94f5d8b2bd9c6..28d3f4856579f 100644
--- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/actions.ts
+++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/actions.ts
@@ -16,8 +16,8 @@ import type { UseAppToasts } from '../../../../../common/hooks/use_app_toasts';
 import { METRIC_TYPE, TELEMETRY_EVENT, track } from '../../../../../common/lib/telemetry';
 import { downloadBlob } from '../../../../../common/utils/download_blob';
 import type {
-  BulkActionResponse,
   BulkActionSummary,
+  BulkActionResponse,
 } from '../../../../containers/detection_engine/rules';
 import { performBulkAction } from '../../../../containers/detection_engine/rules';
 import * as i18n from '../translations';
@@ -34,19 +34,39 @@ export const goToRuleEditPage = (
   });
 };
 
-interface ExecuteRulesBulkActionArgs {
+type OnActionSuccessCallback = (
+  toasts: UseAppToasts,
+  action: BulkAction,
+  summary: BulkActionSummary
+) => void;
+
+type OnActionErrorCallback = (toasts: UseAppToasts, action: BulkAction, error: HTTPError) => void;
+
+interface BaseRulesBulkActionArgs {
   visibleRuleIds?: string[];
-  action: BulkAction;
   toasts: UseAppToasts;
   search: { query: string } | { ids: string[] };
   payload?: { edit?: BulkActionEditPayload[] };
-  onSuccess?: (toasts: UseAppToasts, action: BulkAction, summary: BulkActionSummary) => void;
-  onError?: (toasts: UseAppToasts, action: BulkAction, error: HTTPError) => void;
+  onError?: OnActionErrorCallback;
   onFinish?: () => void;
+  onSuccess?: OnActionSuccessCallback;
   setLoadingRules?: RulesTableActions['setLoadingRules'];
 }
 
-export const executeRulesBulkAction = async ({
+interface RulesBulkActionArgs extends BaseRulesBulkActionArgs {
+  action: Exclude<BulkAction, BulkAction.export>;
+}
+interface ExportRulesBulkActionArgs extends BaseRulesBulkActionArgs {
+  action: BulkAction.export;
+}
+
+// export bulk actions API returns blob, the rest of actions returns BulkActionResponse object
+// hence method overloading to make type safe calls
+export async function executeRulesBulkAction(args: ExportRulesBulkActionArgs): Promise<Blob | null>;
+export async function executeRulesBulkAction(
+  args: RulesBulkActionArgs
+): Promise<BulkActionResponse | null>;
+export async function executeRulesBulkAction({
   visibleRuleIds = [],
   action,
   setLoadingRules,
@@ -56,20 +76,18 @@ export const executeRulesBulkAction = async ({
   onSuccess = defaultSuccessHandler,
   onError = defaultErrorHandler,
   onFinish,
-}: ExecuteRulesBulkActionArgs) => {
+}: RulesBulkActionArgs | ExportRulesBulkActionArgs) {
+  let response: Blob | BulkActionResponse | null = null;
   try {
     setLoadingRules?.({ ids: visibleRuleIds, action });
 
     if (action === BulkAction.export) {
-      const response = await performBulkAction({ ...search, action });
-      downloadBlob(response, `${i18n.EXPORT_FILENAME}.ndjson`);
-      onSuccess(toasts, action, await getExportedRulesCounts(response));
+      // on successToast for export handles separately outside of action execution method
+      response = await performBulkAction({ ...search, action });
     } else {
-      const response = await performBulkAction({ ...search, action, edit: payload?.edit });
+      response = await performBulkAction({ ...search, action, edit: payload?.edit });
       sendTelemetry(action, response);
       onSuccess(toasts, action, response.attributes.summary);
-
-      return response;
     }
   } catch (error) {
     onError(toasts, action, error);
@@ -77,7 +95,47 @@ export const executeRulesBulkAction = async ({
     setLoadingRules?.({ ids: [], action: null });
     onFinish?.();
   }
-};
+  return response;
+}
+
+/**
+ * downloads exported rules, received from export action
+ * @param params.response - Blob results with exported rules
+ * @param params.toasts - {@link UseAppToasts} toasts service
+ * @param params.onSuccess - {@link OnActionSuccessCallback} optional toast to display when action successful
+ * @param params.onError - {@link OnActionErrorCallback} optional toast to display when action failed
+ */
+export async function downloadExportedRules({
+  response,
+  toasts,
+  onSuccess = defaultSuccessHandler,
+  onError = defaultErrorHandler,
+}: {
+  response: Blob;
+  toasts: UseAppToasts;
+  onSuccess?: OnActionSuccessCallback;
+  onError?: OnActionErrorCallback;
+}) {
+  try {
+    downloadBlob(response, `${i18n.EXPORT_FILENAME}.ndjson`);
+    onSuccess(toasts, BulkAction.export, await getExportedRulesCounts(response));
+  } catch (error) {
+    onError(toasts, BulkAction.export, error);
+  }
+}
+
+/**
+ * executes bulk export action and downloads exported rules
+ * @param params - {@link ExportRulesBulkActionArgs}
+ */
+export async function bulkExportRules(params: ExportRulesBulkActionArgs) {
+  const response = await executeRulesBulkAction(params);
+
+  // if response null, likely network error happened and export rules haven't been received
+  if (response) {
+    await downloadExportedRules({ response, toasts: params.toasts, onSuccess: params.onSuccess });
+  }
+}
 
 function defaultErrorHandler(toasts: UseAppToasts, action: BulkAction, error: HTTPError) {
   // if response doesn't have number of failed rules, it means the whole bulk action failed
@@ -130,6 +188,18 @@ function defaultErrorHandler(toasts: UseAppToasts, action: BulkAction, error: HT
   toasts.addError(error, { title, toastMessage });
 }
 
+const getExportSuccessToastMessage = (succeeded: number, total: number) => {
+  const message = [i18n.RULES_BULK_EXPORT_SUCCESS_DESCRIPTION(succeeded, total)];
+
+  // if not all rules are successfully exported it means there included prebuilt rules
+  // display message to users that prebuilt rules were excluded
+  if (total > succeeded) {
+    message.push(i18n.RULES_BULK_EXPORT_PREBUILT_RULES_EXCLUDED_DESCRIPTION);
+  }
+
+  return message.join(' ');
+};
+
 async function defaultSuccessHandler(
   toasts: UseAppToasts,
   action: BulkAction,
@@ -141,7 +211,7 @@ async function defaultSuccessHandler(
   switch (action) {
     case BulkAction.export:
       title = i18n.RULES_BULK_EXPORT_SUCCESS;
-      text = i18n.RULES_BULK_EXPORT_SUCCESS_DESCRIPTION(summary.succeeded, summary.total);
+      text = getExportSuccessToastMessage(summary.succeeded, summary.total);
       break;
     case BulkAction.duplicate:
       title = i18n.RULES_BULK_DUPLICATE_SUCCESS;
diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/bulk_actions/bulk_action_dry_run_confirmation.tsx b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/bulk_actions/bulk_action_dry_run_confirmation.tsx
new file mode 100644
index 0000000000000..33d325b837d33
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/bulk_actions/bulk_action_dry_run_confirmation.tsx
@@ -0,0 +1,95 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+import { EuiConfirmModal } from '@elastic/eui';
+
+import * as i18n from '../../translations';
+import { BulkActionRuleErrorsList } from './bulk_action_rule_errors_list';
+import { BulkAction } from '../../../../../../../common/detection_engine/schemas/common/schemas';
+import { assertUnreachable } from '../../../../../../../common/utility_types';
+
+import type { BulkActionForConfirmation, DryRunResult } from './types';
+
+const getActionRejectedTitle = (
+  bulkAction: BulkActionForConfirmation,
+  failedRulesCount: number
+) => {
+  switch (bulkAction) {
+    case BulkAction.edit:
+      return i18n.BULK_EDIT_CONFIRMATION_REJECTED_TITLE(failedRulesCount);
+    case BulkAction.export:
+      return i18n.BULK_EXPORT_CONFIRMATION_REJECTED_TITLE(failedRulesCount);
+    default:
+      assertUnreachable(bulkAction);
+  }
+};
+
+const getActionConfirmLabel = (
+  bulkAction: BulkActionForConfirmation,
+  succeededRulesCount: number
+) => {
+  switch (bulkAction) {
+    case BulkAction.edit:
+      return i18n.BULK_EDIT_CONFIRMATION_CONFIRM(succeededRulesCount);
+    case BulkAction.export:
+      return i18n.BULK_EXPORT_CONFIRMATION_CONFIRM(succeededRulesCount);
+    default:
+      assertUnreachable(bulkAction);
+  }
+};
+
+interface BulkEditDryRunConfirmationProps {
+  bulkAction: BulkActionForConfirmation;
+  result?: DryRunResult;
+  onCancel: () => void;
+  onConfirm: () => void;
+}
+
+const BulkActionDryRunConfirmationComponent = ({
+  onCancel,
+  onConfirm,
+  result,
+  bulkAction,
+}: BulkEditDryRunConfirmationProps) => {
+  const { failedRulesCount = 0, succeededRulesCount = 0, ruleErrors = [] } = result ?? {};
+
+  // if no rule can be edited, modal window that denies bulk edit action will be displayed
+  if (succeededRulesCount === 0) {
+    return (
+      <EuiConfirmModal
+        title={getActionRejectedTitle(bulkAction, failedRulesCount)}
+        onCancel={onCancel}
+        onConfirm={onCancel}
+        confirmButtonText={i18n.BULK_ACTION_CONFIRMATION_CLOSE}
+        defaultFocusedButton="confirm"
+        data-test-subj="bulkActionRejectModal"
+      >
+        <BulkActionRuleErrorsList bulkAction={bulkAction} ruleErrors={ruleErrors} />
+      </EuiConfirmModal>
+    );
+  }
+
+  // if there are rules that can and cannot be edited, modal window that propose edit of some the rules will be displayed
+  return (
+    <EuiConfirmModal
+      title={i18n.BULK_ACTION_CONFIRMATION_PARTLY_TITLE(succeededRulesCount)}
+      onCancel={onCancel}
+      onConfirm={onConfirm}
+      confirmButtonText={getActionConfirmLabel(bulkAction, succeededRulesCount)}
+      cancelButtonText={i18n.BULK_EDIT_CONFIRMATION_CANCEL}
+      defaultFocusedButton="confirm"
+      data-test-subj="bulkActionConfirmationModal"
+    >
+      <BulkActionRuleErrorsList bulkAction={bulkAction} ruleErrors={ruleErrors} />
+    </EuiConfirmModal>
+  );
+};
+
+export const BulkActionDryRunConfirmation = React.memo(BulkActionDryRunConfirmationComponent);
+
+BulkActionDryRunConfirmation.displayName = 'BulkActionDryRunConfirmation';
diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/bulk_actions/bulk_edit_rule_errors_list.test.tsx b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/bulk_actions/bulk_action_rule_errors_list.test.tsx
similarity index 76%
rename from x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/bulk_actions/bulk_edit_rule_errors_list.test.tsx
rename to x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/bulk_actions/bulk_action_rule_errors_list.test.tsx
index 9d2fc6e8dd37c..2a14f5ca8b7c2 100644
--- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/bulk_actions/bulk_edit_rule_errors_list.test.tsx
+++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/bulk_actions/bulk_action_rule_errors_list.test.tsx
@@ -10,9 +10,10 @@ import React from 'react';
 import { __IntlProvider as IntlProvider } from '@kbn/i18n-react';
 import { render, screen } from '@testing-library/react';
 
-import type { DryRunResult } from './use_bulk_actions_dry_run';
-import { BulkEditRuleErrorsList } from './bulk_edit_rule_errors_list';
+import { BulkActionRuleErrorsList } from './bulk_action_rule_errors_list';
 import { BulkActionsDryRunErrCode } from '../../../../../../../common/constants';
+import type { DryRunResult } from './types';
+import { BulkAction } from '../../../../../../../common/detection_engine/schemas/common/schemas';
 
 const Wrapper: FC = ({ children }) => {
   return (
@@ -24,7 +25,12 @@ const Wrapper: FC = ({ children }) => {
 
 describe('Component BulkEditRuleErrorsList', () => {
   test('should not render component if no errors present', () => {
-    const { container } = render(<BulkEditRuleErrorsList ruleErrors={[]} />, { wrapper: Wrapper });
+    const { container } = render(
+      <BulkActionRuleErrorsList bulkAction={BulkAction.edit} ruleErrors={[]} />,
+      {
+        wrapper: Wrapper,
+      }
+    );
 
     expect(container.childElementCount).toEqual(0);
   });
@@ -40,7 +46,9 @@ describe('Component BulkEditRuleErrorsList', () => {
         ruleIds: ['rule:1'],
       },
     ];
-    render(<BulkEditRuleErrorsList ruleErrors={ruleErrors} />, { wrapper: Wrapper });
+    render(<BulkActionRuleErrorsList bulkAction={BulkAction.edit} ruleErrors={ruleErrors} />, {
+      wrapper: Wrapper,
+    });
 
     expect(screen.getByText("2 rules can't be edited (test failure)")).toBeInTheDocument();
     expect(screen.getByText("1 rule can't be edited (another failure)")).toBeInTheDocument();
@@ -68,7 +76,9 @@ describe('Component BulkEditRuleErrorsList', () => {
         ruleIds: ['rule:1', 'rule:2'],
       },
     ];
-    render(<BulkEditRuleErrorsList ruleErrors={ruleErrors} />, { wrapper: Wrapper });
+    render(<BulkActionRuleErrorsList bulkAction={BulkAction.edit} ruleErrors={ruleErrors} />, {
+      wrapper: Wrapper,
+    });
 
     expect(screen.getByText(value)).toBeInTheDocument();
   });
diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/bulk_actions/bulk_action_rule_errors_list.tsx b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/bulk_actions/bulk_action_rule_errors_list.tsx
new file mode 100644
index 0000000000000..d5058536afdc5
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/bulk_actions/bulk_action_rule_errors_list.tsx
@@ -0,0 +1,154 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+import { EuiSpacer } from '@elastic/eui';
+import { FormattedMessage } from '@kbn/i18n-react';
+
+import { BulkActionsDryRunErrCode } from '../../../../../../../common/constants';
+import { BulkAction } from '../../../../../../../common/detection_engine/schemas/common/schemas';
+
+import type { DryRunResult, BulkActionForConfirmation } from './types';
+
+interface BulkActionRuleErrorItemProps {
+  errorCode: BulkActionsDryRunErrCode | undefined;
+  message: string;
+  rulesCount: number;
+}
+
+const BulkEditRuleErrorItem = ({
+  errorCode,
+  message,
+  rulesCount,
+}: BulkActionRuleErrorItemProps) => {
+  switch (errorCode) {
+    case BulkActionsDryRunErrCode.IMMUTABLE:
+      return (
+        <li key={message}>
+          <FormattedMessage
+            id="xpack.securitySolution.detectionEngine.rules.allRules.bulkActions.elasticRulesEditDescription"
+            defaultMessage="{rulesCount, plural, =1 {# prebuilt Elastic rule} other {# prebuilt Elastic rules}} (editing prebuilt rules is not supported)"
+            values={{ rulesCount }}
+          />
+        </li>
+      );
+    case BulkActionsDryRunErrCode.MACHINE_LEARNING_INDEX_PATTERN:
+      return (
+        <li key={message}>
+          <FormattedMessage
+            id="xpack.securitySolution.detectionEngine.rules.allRules.bulkActions.machineLearningRulesIndexEditDescription"
+            defaultMessage="{rulesCount, plural, =1 {# custom Machine Learning rule} other {# custom Machine Learning rules}} (these rules don't have index patterns)"
+            values={{ rulesCount }}
+          />
+        </li>
+      );
+    case BulkActionsDryRunErrCode.MACHINE_LEARNING_AUTH:
+      return (
+        <li key={message}>
+          <FormattedMessage
+            id="xpack.securitySolution.detectionEngine.rules.allRules.bulkActions.machineLearningRulesAuthDescription"
+            defaultMessage="{rulesCount, plural, =1 {# Machine Learning rule} other {# Machine Learning rules}} can't be edited ({message})"
+            values={{ rulesCount, message }}
+          />
+        </li>
+      );
+    default:
+      return (
+        <li key={message}>
+          <FormattedMessage
+            id="xpack.securitySolution.detectionEngine.rules.allRules.bulkActions.defaultRulesEditFailureDescription"
+            defaultMessage="{rulesCount, plural, =1 {# rule} other {# rules}} can't be edited ({message})"
+            values={{ rulesCount, message }}
+          />
+        </li>
+      );
+  }
+};
+
+const BulkExportRuleErrorItem = ({
+  errorCode,
+  message,
+  rulesCount,
+}: BulkActionRuleErrorItemProps) => {
+  switch (errorCode) {
+    case BulkActionsDryRunErrCode.IMMUTABLE:
+      return (
+        <li key={message}>
+          <FormattedMessage
+            id="xpack.securitySolution.detectionEngine.rules.allRules.bulkActions.elasticRulesExportDescription"
+            defaultMessage="{rulesCount, plural, =1 {# prebuilt Elastic rule} other {# prebuilt Elastic rules}} (exporting prebuilt rules is not supported)"
+            values={{ rulesCount }}
+          />
+        </li>
+      );
+    default:
+      return (
+        <li key={message}>
+          <FormattedMessage
+            id="xpack.securitySolution.detectionEngine.rules.allRules.bulkActions.defaultRulesExportFailureDescription"
+            defaultMessage="{rulesCount, plural, =1 {# rule} other {# rules}} can't be exported ({message})"
+            values={{ rulesCount, message }}
+          />
+        </li>
+      );
+  }
+};
+
+interface BulkActionRuleErrorsListProps {
+  ruleErrors: DryRunResult['ruleErrors'];
+  bulkAction: BulkActionForConfirmation;
+}
+
+const BulkActionRuleErrorsListComponent = ({
+  ruleErrors = [],
+  bulkAction,
+}: BulkActionRuleErrorsListProps) => {
+  if (ruleErrors.length === 0) {
+    return null;
+  }
+
+  return (
+    <>
+      <FormattedMessage
+        id="xpack.securitySolution.detectionEngine.rules.allRules.bulkActions.actionRejectionDescription"
+        defaultMessage="This action can't be applied to the following rules:"
+      />
+      <EuiSpacer />
+      <ul>
+        {ruleErrors.map(({ message, errorCode, ruleIds }) => {
+          const rulesCount = ruleIds.length;
+          switch (bulkAction) {
+            case BulkAction.edit:
+              return (
+                <BulkEditRuleErrorItem
+                  message={message}
+                  errorCode={errorCode}
+                  rulesCount={rulesCount}
+                />
+              );
+
+            case BulkAction.export:
+              return (
+                <BulkExportRuleErrorItem
+                  message={message}
+                  errorCode={errorCode}
+                  rulesCount={rulesCount}
+                />
+              );
+
+            default:
+              return null;
+          }
+        })}
+      </ul>
+    </>
+  );
+};
+
+export const BulkActionRuleErrorsList = React.memo(BulkActionRuleErrorsListComponent);
+
+BulkActionRuleErrorsList.displayName = 'BulkActionRuleErrorsList';
diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/bulk_actions/bulk_edit_dry_run_confirmation.tsx b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/bulk_actions/bulk_edit_dry_run_confirmation.tsx
deleted file mode 100644
index 85393b679b39a..0000000000000
--- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/bulk_actions/bulk_edit_dry_run_confirmation.tsx
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import React from 'react';
-import { EuiConfirmModal } from '@elastic/eui';
-
-import * as i18n from '../../translations';
-import type { DryRunResult } from './use_bulk_actions_dry_run';
-import { BulkEditRuleErrorsList } from './bulk_edit_rule_errors_list';
-
-interface BulkEditDryRunConfirmationProps {
-  result?: DryRunResult;
-  onCancel: () => void;
-  onConfirm: () => void;
-}
-
-const BulkEditDryRunConfirmationComponent = ({
-  onCancel,
-  onConfirm,
-  result,
-}: BulkEditDryRunConfirmationProps) => {
-  const { failedRulesCount = 0, succeededRulesCount = 0, ruleErrors = [] } = result ?? {};
-
-  // if no rule can be edited, modal window that denies bulk edit action will be displayed
-  if (succeededRulesCount === 0) {
-    return (
-      <EuiConfirmModal
-        title={i18n.BULK_EDIT_CONFIRMATION_DENIED_TITLE(failedRulesCount)}
-        onCancel={onCancel}
-        onConfirm={onCancel}
-        confirmButtonText={i18n.BULK_EDIT_CONFIRMATION_CLOSE}
-        defaultFocusedButton="confirm"
-        data-test-subj="bulkEditRejectModal"
-      >
-        <BulkEditRuleErrorsList ruleErrors={ruleErrors} />
-      </EuiConfirmModal>
-    );
-  }
-
-  // if there are rules that can and cannot be edited, modal window that propose edit of some the rules will be displayed
-  return (
-    <EuiConfirmModal
-      title={i18n.BULK_EDIT_CONFIRMATION_PARTLY_TITLE(succeededRulesCount)}
-      onCancel={onCancel}
-      onConfirm={onConfirm}
-      confirmButtonText={i18n.BULK_EDIT_CONFIRMATION_CONFIRM(succeededRulesCount)}
-      cancelButtonText={i18n.BULK_EDIT_CONFIRMATION_CANCEL}
-      defaultFocusedButton="confirm"
-      data-test-subj="bulkEditConfirmationModal"
-    >
-      <BulkEditRuleErrorsList ruleErrors={ruleErrors} />
-    </EuiConfirmModal>
-  );
-};
-
-export const BulkEditDryRunConfirmation = React.memo(BulkEditDryRunConfirmationComponent);
-
-BulkEditDryRunConfirmation.displayName = 'BulkEditDryRunConfirmation';
diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/bulk_actions/bulk_edit_rule_errors_list.tsx b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/bulk_actions/bulk_edit_rule_errors_list.tsx
deleted file mode 100644
index 1a95332ac61d5..0000000000000
--- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/bulk_actions/bulk_edit_rule_errors_list.tsx
+++ /dev/null
@@ -1,84 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import React from 'react';
-import { EuiSpacer } from '@elastic/eui';
-import { FormattedMessage } from '@kbn/i18n-react';
-
-import type { DryRunResult } from './use_bulk_actions_dry_run';
-import { BulkActionsDryRunErrCode } from '../../../../../../../common/constants';
-
-interface BulkEditRuleErrorsListProps {
-  ruleErrors: DryRunResult['ruleErrors'];
-}
-
-const BulkEditRuleErrorsListComponent = ({ ruleErrors = [] }: BulkEditRuleErrorsListProps) => {
-  if (ruleErrors.length === 0) {
-    return null;
-  }
-
-  return (
-    <>
-      <FormattedMessage
-        id="xpack.securitySolution.detectionEngine.rules.allRules.bulkActions.actionRejectionDescription"
-        defaultMessage="This action can't be applied to the following rules:"
-      />
-      <EuiSpacer />
-      <ul>
-        {ruleErrors.map(({ message, errorCode, ruleIds }) => {
-          const rulesCount = ruleIds.length;
-          switch (errorCode) {
-            case BulkActionsDryRunErrCode.IMMUTABLE:
-              return (
-                <li key={message}>
-                  <FormattedMessage
-                    id="xpack.securitySolution.detectionEngine.rules.allRules.bulkActions.elasticRulesEditDescription"
-                    defaultMessage="{rulesCount, plural, =1 {# prebuilt Elastic rule} other {# prebuilt Elastic rules}} (editing prebuilt rules is not supported)"
-                    values={{ rulesCount }}
-                  />
-                </li>
-              );
-            case BulkActionsDryRunErrCode.MACHINE_LEARNING_INDEX_PATTERN:
-              return (
-                <li key={message}>
-                  <FormattedMessage
-                    id="xpack.securitySolution.detectionEngine.rules.allRules.bulkActions.machineLearningRulesIndexEditDescription"
-                    defaultMessage="{rulesCount, plural, =1 {# custom Machine Learning rule} other {# custom Machine Learning rules}} (these rules don't have index patterns)"
-                    values={{ rulesCount }}
-                  />
-                </li>
-              );
-            case BulkActionsDryRunErrCode.MACHINE_LEARNING_AUTH:
-              return (
-                <li key={message}>
-                  <FormattedMessage
-                    id="xpack.securitySolution.detectionEngine.rules.allRules.bulkActions.machineLearningRulesAuthDescription"
-                    defaultMessage="{rulesCount, plural, =1 {# Machine Learning rule} other {# Machine Learning rules}} can't be edited ({message})"
-                    values={{ rulesCount, message }}
-                  />
-                </li>
-              );
-            default:
-              return (
-                <li key={message}>
-                  <FormattedMessage
-                    id="xpack.securitySolution.detectionEngine.rules.allRules.bulkActions.defaultRulesEditFailureDescription"
-                    defaultMessage="{rulesCount, plural, =1 {# rule} other {# rules}} can't be edited ({message})"
-                    values={{ rulesCount, message }}
-                  />
-                </li>
-              );
-          }
-        })}
-      </ul>
-    </>
-  );
-};
-
-export const BulkEditRuleErrorsList = React.memo(BulkEditRuleErrorsListComponent);
-
-BulkEditRuleErrorsList.displayName = 'BulkEditRuleErrorsList';
diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/bulk_actions/types.ts b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/bulk_actions/types.ts
new file mode 100644
index 0000000000000..9041e83167469
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/bulk_actions/types.ts
@@ -0,0 +1,38 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { BulkActionsDryRunErrCode } from '../../../../../../../common/constants';
+import type { BulkAction } from '../../../../../../../common/detection_engine/schemas/common/schemas';
+
+/**
+ * Only 2 bulk actions are supported for for confirmation dry run modal:
+ * * export
+ * * edit
+ */
+export type BulkActionForConfirmation = BulkAction.export | BulkAction.edit;
+
+/**
+ * transformed results of dry run
+ */
+export interface DryRunResult {
+  /**
+   * total number of rules that succeeded validation in dry run
+   */
+  succeededRulesCount?: number;
+  /**
+   * total number of rules that failed validation in dry run
+   */
+  failedRulesCount?: number;
+  /**
+   * rule failures errors(message and error code) and ids of rules, that failed
+   */
+  ruleErrors: Array<{
+    message: string;
+    errorCode?: BulkActionsDryRunErrCode;
+    ruleIds: string[];
+  }>;
+}
diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/bulk_actions/use_bulk_actions.tsx b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/bulk_actions/use_bulk_actions.tsx
index 003e40471c8ba..694df32a97d09 100644
--- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/bulk_actions/use_bulk_actions.tsx
+++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/bulk_actions/use_bulk_actions.tsx
@@ -24,9 +24,11 @@ import { canEditRuleWithActions } from '../../../../../../common/utils/privilege
 import { useRulesTableContext } from '../rules_table/rules_table_context';
 import * as detectionI18n from '../../../translations';
 import * as i18n from '../../translations';
-import { executeRulesBulkAction } from '../actions';
+import { executeRulesBulkAction, downloadExportedRules } from '../actions';
+import { getExportedRulesDetails } from '../helpers';
 import { useHasActionsPrivileges } from '../use_has_actions_privileges';
 import { useHasMlPermissions } from '../use_has_ml_permissions';
+import { transformExportDetailsToDryRunResult } from './utils/dry_run_result';
 import type { ExecuteBulkActionsDryRun } from './use_bulk_actions_dry_run';
 import { useAppToasts } from '../../../../../../common/hooks/use_app_toasts';
 import { convertRulesFilterToKQL } from '../../../../../containers/detection_engine/rules/utils';
@@ -40,10 +42,15 @@ import { BULK_RULE_ACTIONS } from '../../../../../../common/lib/apm/user_actions
 import { useStartTransaction } from '../../../../../../common/lib/apm/use_start_transaction';
 import { useInvalidatePrePackagedRulesStatus } from '../../../../../containers/detection_engine/rules/use_pre_packaged_rules_status';
 
+import type { DryRunResult, BulkActionForConfirmation } from './types';
+
 interface UseBulkActionsArgs {
   filterOptions: FilterOptions;
   confirmDeletion: () => Promise<boolean>;
-  confirmBulkEdit: () => Promise<boolean>;
+  showBulkActionConfirmation: (
+    result: DryRunResult | undefined,
+    action: BulkActionForConfirmation
+  ) => Promise<boolean>;
   completeBulkEditForm: (
     bulkActionEditType: BulkActionEditType
   ) => Promise<BulkActionEditPayload | null>;
@@ -54,7 +61,7 @@ interface UseBulkActionsArgs {
 export const useBulkActions = ({
   filterOptions,
   confirmDeletion,
-  confirmBulkEdit,
+  showBulkActionConfirmation,
   completeBulkEditForm,
   reFetchTags,
   executeBulkActionsDryRun,
@@ -193,13 +200,32 @@ export const useBulkActions = ({
         closePopover();
         startTransaction({ name: BULK_RULE_ACTIONS.EXPORT });
 
-        await executeRulesBulkAction({
+        const response = await executeRulesBulkAction({
           visibleRuleIds: selectedRuleIds,
           action: BulkAction.export,
           setLoadingRules,
           toasts,
           search: isAllSelected ? { query: filterQuery } : { ids: selectedRuleIds },
         });
+
+        // if response null, likely network error happened and export rules haven't been received
+        if (!response) {
+          return;
+        }
+
+        const details = await getExportedRulesDetails(response);
+
+        // if there are failed exported rules, show modal window to users.
+        // they can either cancel action or proceed with export of succeeded rules
+        const hasActionBeenConfirmed = await showBulkActionConfirmation(
+          transformExportDetailsToDryRunResult(details),
+          BulkAction.export
+        );
+        if (hasActionBeenConfirmed === false) {
+          return;
+        }
+
+        await downloadExportedRules({ response, toasts });
       };
 
       const handleBulkEdit = (bulkEditActionType: BulkActionEditType) => async () => {
@@ -217,11 +243,12 @@ export const useBulkActions = ({
             : { ids: selectedRuleIds },
         });
 
-        // show bulk edit confirmation window only if there is at least one failed rule
-        const hasFailedRules = (dryRunResult?.failedRulesCount ?? 0) > 0;
-
-        if (hasFailedRules && (await confirmBulkEdit()) === false) {
-          // User has cancelled edit action or there are no custom rules to proceed
+        // User has cancelled edit action or there are no custom rules to proceed
+        const hasActionBeenConfirmed = await showBulkActionConfirmation(
+          dryRunResult,
+          BulkAction.edit
+        );
+        if (hasActionBeenConfirmed === false) {
           return;
         }
 
@@ -347,10 +374,7 @@ export const useBulkActions = ({
               key: i18n.BULK_ACTION_EXPORT,
               name: i18n.BULK_ACTION_EXPORT,
               'data-test-subj': 'exportRuleBulk',
-              disabled:
-                (containsImmutable && !isAllSelected) ||
-                containsLoading ||
-                selectedRuleIds.length === 0,
+              disabled: containsLoading || selectedRuleIds.length === 0,
               onClick: handleExportAction,
               icon: undefined,
             },
@@ -446,17 +470,17 @@ export const useBulkActions = ({
       setLoadingRules,
       toasts,
       filterQuery,
+      updateRulesCache,
       invalidateRules,
       invalidatePrePackagedRulesStatus,
+      clearRulesSelection,
       confirmDeletion,
-      confirmBulkEdit,
-      completeBulkEditForm,
+      showBulkActionConfirmation,
+      executeBulkActionsDryRun,
       filterOptions,
+      completeBulkEditForm,
       getIsMounted,
       resolveTagsRefetch,
-      updateRulesCache,
-      clearRulesSelection,
-      executeBulkActionsDryRun,
     ]
   );
 
diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/bulk_actions/use_bulk_actions_confirmation.ts b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/bulk_actions/use_bulk_actions_confirmation.ts
new file mode 100644
index 0000000000000..d840abae1f2e2
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/bulk_actions/use_bulk_actions_confirmation.ts
@@ -0,0 +1,56 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import { useState, useCallback } from 'react';
+import { useAsyncConfirmation } from '../rules_table/use_async_confirmation';
+
+import { useBoolState } from '../../../../../../common/hooks/use_bool_state';
+
+import type { DryRunResult, BulkActionForConfirmation } from './types';
+
+/**
+ * hook that controls bulk actions confirmation modal window and its content
+ */
+export const useBulkActionsConfirmation = () => {
+  const [bulkAction, setBulkAction] = useState<BulkActionForConfirmation>();
+  const [dryRunResult, setDryRunResult] = useState<DryRunResult>();
+  const [isBulkActionConfirmationVisible, showModal, hideModal] = useBoolState();
+
+  const [confirmForm, onConfirm, onCancel] = useAsyncConfirmation({
+    onInit: showModal,
+    onFinish: hideModal,
+  });
+
+  const showBulkActionConfirmation = useCallback(
+    async (result: DryRunResult | undefined, action: BulkActionForConfirmation) => {
+      setBulkAction(action);
+      setDryRunResult(result);
+
+      // show bulk action confirmation window only if there is at least one failed rule, otherwise return early
+      const hasFailedRules = (result?.failedRulesCount ?? 0) > 0;
+      if (!hasFailedRules) {
+        return true;
+      }
+
+      const confirmation = await confirmForm();
+      if (confirmation) {
+        onConfirm();
+      }
+
+      return confirmation;
+    },
+    [confirmForm, onConfirm]
+  );
+
+  return {
+    bulkActionsDryRunResult: dryRunResult,
+    bulkAction,
+    isBulkActionConfirmationVisible,
+    showBulkActionConfirmation,
+    cancelBulkActionConfirmation: onCancel,
+    approveBulkActionConfirmation: onConfirm,
+  };
+};
diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/bulk_actions/use_bulk_actions_dry_run.ts b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/bulk_actions/use_bulk_actions_dry_run.ts
index cd0caf63b94d4..4468b1c65ece0 100644
--- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/bulk_actions/use_bulk_actions_dry_run.ts
+++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/bulk_actions/use_bulk_actions_dry_run.ts
@@ -8,8 +8,6 @@
 import type { UseMutateAsyncFunction } from 'react-query';
 import { useMutation } from 'react-query';
 
-import type { BulkActionsDryRunErrCode } from '../../../../../../../common/constants';
-
 import type {
   BulkAction,
   BulkActionEditType,
@@ -17,47 +15,11 @@ import type {
 import type { BulkActionResponse } from '../../../../../containers/detection_engine/rules';
 import { performBulkAction } from '../../../../../containers/detection_engine/rules';
 import { computeDryRunPayload } from './utils/compute_dry_run_payload';
+import { processDryRunResult } from './utils/dry_run_result';
 
-const BULK_ACTIONS_DRY_RUN_QUERY_KEY = 'bulkActionsDryRun';
+import type { DryRunResult } from './types';
 
-export interface DryRunResult {
-  /**
-   * total number of rules that succeeded validation in dry run
-   */
-  succeededRulesCount?: number;
-  /**
-   * total number of rules that failed validation in dry run
-   */
-  failedRulesCount?: number;
-  /**
-   * rule failures errors(message and error code) and ids of rules, that failed
-   */
-  ruleErrors: Array<{
-    message: string;
-    errorCode?: BulkActionsDryRunErrCode;
-    ruleIds: string[];
-  }>;
-}
-
-/**
- * helper utility that transforms raw BulkActionResponse response to DryRunResult format
- * @param response - raw bulk_actions API response ({@link BulkActionResponse})
- * @returns dry run result ({@link DryRunResult})
- */
-const processDryRunResult = (response: BulkActionResponse | undefined): DryRunResult => {
-  const processed = {
-    succeededRulesCount: response?.attributes.summary.succeeded,
-    failedRulesCount: response?.attributes.summary.failed,
-    ruleErrors:
-      response?.attributes.errors?.map(({ message, err_code: errorCode, rules }) => ({
-        message,
-        errorCode,
-        ruleIds: rules.map(({ id }) => id),
-      })) ?? [],
-  };
-
-  return processed;
-};
+const BULK_ACTIONS_DRY_RUN_QUERY_KEY = 'bulkActionsDryRun';
 
 export type ExecuteBulkActionsDryRun = UseMutateAsyncFunction<
   DryRunResult | undefined,
diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/bulk_actions/utils/dry_run_result.ts b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/bulk_actions/utils/dry_run_result.ts
new file mode 100644
index 0000000000000..7fe7a9bd86012
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/bulk_actions/utils/dry_run_result.ts
@@ -0,0 +1,54 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { BulkActionsDryRunErrCode } from '../../../../../../../../common/constants';
+import type { ExportRulesDetails } from '../../../../../../../../common/detection_engine/schemas/response/export_rules_details_schema';
+import type { BulkActionResponse } from '../../../../../../containers/detection_engine/rules';
+
+import type { DryRunResult } from '../types';
+
+/**
+ * helper utility that transforms raw BulkActionResponse response to DryRunResult format
+ * @param response - raw bulk_actions API response ({@link BulkActionResponse})
+ * @returns dry run result ({@link DryRunResult})
+ */
+export const processDryRunResult = (response: BulkActionResponse | undefined): DryRunResult => {
+  const processed = {
+    succeededRulesCount: response?.attributes.summary.succeeded,
+    failedRulesCount: response?.attributes.summary.failed,
+    ruleErrors:
+      response?.attributes.errors?.map(({ message, err_code: errorCode, rules }) => ({
+        message,
+        errorCode,
+        ruleIds: rules.map(({ id }) => id),
+      })) ?? [],
+  };
+
+  return processed;
+};
+
+/**
+ * transform rules export details {@link ExportRulesDetails} to dry run result format {@link DryRunResult}
+ * @param details - {@link ExportRulesDetails} rules export details
+ * @returns transformed to {@link DryRunResult}
+ */
+export const transformExportDetailsToDryRunResult = (details: ExportRulesDetails): DryRunResult => {
+  return {
+    succeededRulesCount: details.exported_count,
+    failedRulesCount: details.missing_rules_count,
+    // if there are rules that can't be exported, it means they are immutable. So we can safely put error code as immutable
+    ruleErrors: details.missing_rules.length
+      ? [
+          {
+            errorCode: BulkActionsDryRunErrCode.IMMUTABLE,
+            message: "Prebuilt rules can't be exported.",
+            ruleIds: details.missing_rules.map(({ rule_id: ruleId }) => ruleId),
+          },
+        ]
+      : [],
+  };
+};
diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/bulk_actions/utils/prepare_search_params.test.ts b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/bulk_actions/utils/prepare_search_params.test.ts
index f86d98670f117..ed7f18376c3f4 100644
--- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/bulk_actions/utils/prepare_search_params.test.ts
+++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/bulk_actions/utils/prepare_search_params.test.ts
@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import type { DryRunResult } from '../use_bulk_actions_dry_run';
+import type { DryRunResult } from '../types';
 import type { FilterOptions } from '../../../../../../containers/detection_engine/rules/types';
 
 import { convertRulesFilterToKQL } from '../../../../../../containers/detection_engine/rules/utils';
diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/bulk_actions/utils/prepare_search_params.ts b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/bulk_actions/utils/prepare_search_params.ts
index c7dfdfc129969..72a74a9fa500d 100644
--- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/bulk_actions/utils/prepare_search_params.ts
+++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/bulk_actions/utils/prepare_search_params.ts
@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import type { DryRunResult } from '../use_bulk_actions_dry_run';
+import type { DryRunResult } from '../types';
 import type { FilterOptions } from '../../../../../../containers/detection_engine/rules/types';
 
 import { convertRulesFilterToKQL } from '../../../../../../containers/detection_engine/rules/utils';
diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/rules_table_actions.tsx b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/rules_table_actions.tsx
index 747c0c6afe37b..8e32583a54c9b 100644
--- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/rules_table_actions.tsx
+++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/rules_table_actions.tsx
@@ -14,7 +14,7 @@ import type { UseAppToasts } from '../../../../../common/hooks/use_app_toasts';
 import { canEditRuleWithActions } from '../../../../../common/utils/privileges';
 import type { Rule } from '../../../../containers/detection_engine/rules';
 import * as i18n from '../translations';
-import { executeRulesBulkAction, goToRuleEditPage } from './actions';
+import { executeRulesBulkAction, goToRuleEditPage, bulkExportRules } from './actions';
 import type { RulesTableActions } from './rules_table/rules_table_context';
 import type { useStartTransaction } from '../../../../../common/lib/apm/use_start_transaction';
 import { SINGLE_RULE_ACTIONS } from '../../../../../common/lib/apm/user_actions';
@@ -91,7 +91,7 @@ export const getRulesTableActions = ({
     name: i18n.EXPORT_RULE,
     onClick: async (rule: Rule) => {
       startTransaction({ name: SINGLE_RULE_ACTIONS.EXPORT });
-      await executeRulesBulkAction({
+      await bulkExportRules({
         action: BulkAction.export,
         setLoadingRules,
         visibleRuleIds: [rule.id],
diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/rules_tables.tsx b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/rules_tables.tsx
index 9dd6ca7529b27..328b9a51b30a3 100644
--- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/rules_tables.tsx
+++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/rules_tables.tsx
@@ -5,6 +5,8 @@
  * 2.0.
  */
 
+/* eslint-disable complexity */
+
 import {
   EuiBasicTable,
   EuiConfirmModal,
@@ -33,8 +35,9 @@ import { useAsyncConfirmation } from './rules_table/use_async_confirmation';
 import { RulesTableFilters } from './rules_table_filters/rules_table_filters';
 import { AllRulesUtilityBar } from './utility_bar';
 import { useBulkActionsDryRun } from './bulk_actions/use_bulk_actions_dry_run';
+import { useBulkActionsConfirmation } from './bulk_actions/use_bulk_actions_confirmation';
 import { useBulkEditFormFlyout } from './bulk_actions/use_bulk_edit_form_flyout';
-import { BulkEditDryRunConfirmation } from './bulk_actions/bulk_edit_dry_run_confirmation';
+import { BulkActionDryRunConfirmation } from './bulk_actions/bulk_action_dry_run_confirmation';
 import { BulkEditFlyout } from './bulk_actions/bulk_edit_flyout';
 import { useBulkActions } from './bulk_actions/use_bulk_actions';
 
@@ -126,13 +129,14 @@ export const RulesTables = React.memo<RulesTableProps>(
       onFinish: hideDeleteConfirmation,
     });
 
-    const [isBulkEditConfirmationVisible, showBulkEditConfirmation, hideBulkEditConfirmation] =
-      useBoolState();
-
-    const [confirmBulkEdit, handleBulkEditConfirm, handleBulkEditCancel] = useAsyncConfirmation({
-      onInit: showBulkEditConfirmation,
-      onFinish: hideBulkEditConfirmation,
-    });
+    const {
+      bulkActionsDryRunResult,
+      bulkAction,
+      isBulkActionConfirmationVisible,
+      showBulkActionConfirmation,
+      cancelBulkActionConfirmation,
+      approveBulkActionConfirmation,
+    } = useBulkActionsConfirmation();
 
     const {
       bulkEditActionType,
@@ -145,13 +149,12 @@ export const RulesTables = React.memo<RulesTableProps>(
     const selectedItemsCount = isAllSelected ? pagination.total : selectedRuleIds.length;
     const hasPagination = pagination.total > pagination.perPage;
 
-    const { bulkActionsDryRunResult, isBulkActionsDryRunLoading, executeBulkActionsDryRun } =
-      useBulkActionsDryRun();
+    const { isBulkActionsDryRunLoading, executeBulkActionsDryRun } = useBulkActionsDryRun();
 
     const getBulkItemsPopoverContent = useBulkActions({
       filterOptions,
       confirmDeletion,
-      confirmBulkEdit,
+      showBulkActionConfirmation,
       completeBulkEditForm,
       reFetchTags,
       executeBulkActionsDryRun,
@@ -312,11 +315,12 @@ export const RulesTables = React.memo<RulesTableProps>(
             <p>{i18n.DELETE_CONFIRMATION_BODY}</p>
           </EuiConfirmModal>
         )}
-        {isBulkEditConfirmationVisible && (
-          <BulkEditDryRunConfirmation
+        {isBulkActionConfirmationVisible && bulkAction && (
+          <BulkActionDryRunConfirmation
+            bulkAction={bulkAction}
             result={bulkActionsDryRunResult}
-            onCancel={handleBulkEditCancel}
-            onConfirm={handleBulkEditConfirm}
+            onCancel={cancelBulkActionConfirmation}
+            onConfirm={approveBulkActionConfirmation}
           />
         )}
         {isBulkEditFlyoutVisible && bulkEditActionType !== undefined && (
diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/translations.ts b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/translations.ts
index 90dfaa5086a35..b4f25d1b5ff2f 100644
--- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/translations.ts
+++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/translations.ts
@@ -210,7 +210,16 @@ export const BULK_EDIT_WARNING_TOAST_NOTIFY = i18n.translate(
   }
 );
 
-export const BULK_EDIT_CONFIRMATION_DENIED_TITLE = (rulesCount: number) =>
+export const BULK_EXPORT_CONFIRMATION_REJECTED_TITLE = (rulesCount: number) =>
+  i18n.translate(
+    'xpack.securitySolution.detectionEngine.rules.allRules.bulkActions.bulkExportConfirmationDeniedTitle',
+    {
+      values: { rulesCount },
+      defaultMessage: '{rulesCount, plural, =1 {# rule} other {# rules}} cannot be exported',
+    }
+  );
+
+export const BULK_EDIT_CONFIRMATION_REJECTED_TITLE = (rulesCount: number) =>
   i18n.translate(
     'xpack.securitySolution.detectionEngine.rules.allRules.bulkActions.bulkEditConfirmationDeniedTitle',
     {
@@ -219,9 +228,9 @@ export const BULK_EDIT_CONFIRMATION_DENIED_TITLE = (rulesCount: number) =>
     }
   );
 
-export const BULK_EDIT_CONFIRMATION_PARTLY_TITLE = (customRulesCount: number) =>
+export const BULK_ACTION_CONFIRMATION_PARTLY_TITLE = (customRulesCount: number) =>
   i18n.translate(
-    'xpack.securitySolution.detectionEngine.rules.allRules.bulkActions.bulkEditConfirmationPartlyTitle',
+    'xpack.securitySolution.detectionEngine.rules.allRules.bulkActions.bulkActionConfirmationPartlyTitle',
     {
       values: { customRulesCount },
       defaultMessage:
@@ -236,8 +245,8 @@ export const BULK_EDIT_CONFIRMATION_CANCEL = i18n.translate(
   }
 );
 
-export const BULK_EDIT_CONFIRMATION_CLOSE = i18n.translate(
-  'xpack.securitySolution.detectionEngine.components.allRules.bulkActions.bulkEditConfirmationCloseButtonLabel',
+export const BULK_ACTION_CONFIRMATION_CLOSE = i18n.translate(
+  'xpack.securitySolution.detectionEngine.components.allRules.bulkActions.bulkActionConfirmationCloseButtonLabel',
   {
     defaultMessage: 'Close',
   }
@@ -252,6 +261,16 @@ export const BULK_EDIT_CONFIRMATION_CONFIRM = (customRulesCount: number) =>
     }
   );
 
+export const BULK_EXPORT_CONFIRMATION_CONFIRM = (customRulesCount: number) =>
+  i18n.translate(
+    'xpack.securitySolution.detectionEngine.components.allRules.bulkActions.bulkExportConfirmation.confirmButtonLabel',
+    {
+      values: { customRulesCount },
+      defaultMessage:
+        'Export {customRulesCount, plural, =1 {# Custom rule} other {# Custom rules}}',
+    }
+  );
+
 export const BULK_EDIT_FLYOUT_FORM_SAVE = i18n.translate(
   'xpack.securitySolution.detectionEngine.components.allRules.bulkActions.bulkEditFlyoutForm.saveButtonLabel',
   {
@@ -843,10 +862,17 @@ export const RULES_BULK_EXPORT_SUCCESS_DESCRIPTION = (exportedRules: number, tot
     {
       values: { totalRules, exportedRules },
       defaultMessage:
-        'Successfully exported {exportedRules} of {totalRules} {totalRules, plural, =1 {rule} other {rules}}. Prebuilt rules were excluded from the resulting file.',
+        'Successfully exported {exportedRules} of {totalRules} {totalRules, plural, =1 {rule} other {rules}}.',
     }
   );
 
+export const RULES_BULK_EXPORT_PREBUILT_RULES_EXCLUDED_DESCRIPTION = i18n.translate(
+  'xpack.securitySolution.detectionEngine.rules.allRules.bulkActions.export.prebuiltRulesExcludedToastDescription',
+  {
+    defaultMessage: 'Prebuilt rules were excluded from the resulting file.',
+  }
+);
+
 export const RULES_BULK_EXPORT_FAILURE = i18n.translate(
   'xpack.securitySolution.detectionEngine.rules.allRules.bulkActions.export.errorToastTitle',
   {

From e33f4b0f8082ecf2310ea0a33dbbad4b728b37d7 Mon Sep 17 00:00:00 2001
From: Or Ouziel <or.ouziel@elastic.co>
Date: Mon, 25 Jul 2022 12:53:07 +0300
Subject: [PATCH 09/12] [Cloud Posture] fix negated filter in findings
 (#137021)

---
 .../public/pages/findings/get_filters.test.ts | 56 ++++++++++++++++
 .../public/pages/findings/get_filters.ts      | 65 +++++++++++++++++++
 .../latest_findings_container.tsx             |  4 +-
 .../findings_by_resource_container.tsx        |  4 +-
 .../resource_findings_container.tsx           |  4 +-
 .../public/pages/findings/utils.ts            | 37 +----------
 6 files changed, 129 insertions(+), 41 deletions(-)
 create mode 100644 x-pack/plugins/cloud_security_posture/public/pages/findings/get_filters.test.ts
 create mode 100644 x-pack/plugins/cloud_security_posture/public/pages/findings/get_filters.ts

diff --git a/x-pack/plugins/cloud_security_posture/public/pages/findings/get_filters.test.ts b/x-pack/plugins/cloud_security_posture/public/pages/findings/get_filters.test.ts
new file mode 100644
index 0000000000000..39c88981a3698
--- /dev/null
+++ b/x-pack/plugins/cloud_security_posture/public/pages/findings/get_filters.test.ts
@@ -0,0 +1,56 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import { CSP_LATEST_FINDINGS_DATA_VIEW } from '../../../common/constants';
+import { createStubDataView } from '@kbn/data-views-plugin/common/stubs';
+import { DataView } from '@kbn/data-views-plugin/common';
+import { getFilters } from './get_filters';
+
+describe('Get Filters', () => {
+  let dataViewMock: DataView;
+  const fieldKey = 'some_field_name';
+
+  beforeEach(() => {
+    dataViewMock = createStubDataView({
+      spec: {
+        id: CSP_LATEST_FINDINGS_DATA_VIEW,
+        fields: {
+          a: {
+            searchable: false,
+            aggregatable: false,
+            name: fieldKey,
+            type: 'type',
+          },
+        },
+      },
+    });
+  });
+
+  it('negate an existing filter', () => {
+    const fields = {
+      dataView: dataViewMock,
+      field: fieldKey,
+      value: 'b',
+    };
+    const initialFilters = getFilters({
+      ...fields,
+      filters: [],
+      negate: false,
+    });
+
+    expect(initialFilters.length).toBe(1);
+    expect(initialFilters[0].meta.negate).toBe(false);
+
+    const nextFilters = getFilters({
+      ...fields,
+      filters: initialFilters,
+      negate: true,
+    });
+
+    expect(nextFilters.length).toBe(1);
+    expect(nextFilters[0].meta.negate).toBe(true);
+  });
+});
diff --git a/x-pack/plugins/cloud_security_posture/public/pages/findings/get_filters.ts b/x-pack/plugins/cloud_security_posture/public/pages/findings/get_filters.ts
new file mode 100644
index 0000000000000..fec0efdcaba4c
--- /dev/null
+++ b/x-pack/plugins/cloud_security_posture/public/pages/findings/get_filters.ts
@@ -0,0 +1,65 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import {
+  type Filter,
+  buildFilter,
+  FILTERS,
+  FilterStateStore,
+  compareFilters,
+  FilterCompareOptions,
+} from '@kbn/es-query';
+import type { Serializable } from '@kbn/utility-types';
+import type { FindingsBaseProps } from './types';
+
+const compareOptions: FilterCompareOptions = {
+  negate: false,
+};
+
+/**
+ * adds a new filter to a new filters array
+ * removes existing filter if negated filter is added
+ *
+ * @returns {Filter[]} a new array of filters to be added back to filterManager
+ */
+export const getFilters = ({
+  filters: existingFilters,
+  dataView,
+  field,
+  value,
+  negate,
+}: {
+  filters: Filter[];
+  dataView: FindingsBaseProps['dataView'];
+  field: string;
+  value: Serializable;
+  negate: boolean;
+}): Filter[] => {
+  const dataViewField = dataView.getFieldByName(field);
+  if (!dataViewField) return existingFilters;
+
+  const phraseFilter = buildFilter(
+    dataView,
+    dataViewField,
+    FILTERS.PHRASE,
+    negate,
+    false,
+    value,
+    null,
+    FilterStateStore.APP_STATE
+  );
+
+  const nextFilters = [
+    ...existingFilters.filter(
+      // Exclude existing filters that match the newly added 'phraseFilter'
+      (filter) => !compareFilters(filter, phraseFilter, compareOptions)
+    ),
+    phraseFilter,
+  ];
+
+  return nextFilters;
+};
diff --git a/x-pack/plugins/cloud_security_posture/public/pages/findings/latest_findings/latest_findings_container.tsx b/x-pack/plugins/cloud_security_posture/public/pages/findings/latest_findings/latest_findings_container.tsx
index c41b6835fb4ff..f72e4b61bd17c 100644
--- a/x-pack/plugins/cloud_security_posture/public/pages/findings/latest_findings/latest_findings_container.tsx
+++ b/x-pack/plugins/cloud_security_posture/public/pages/findings/latest_findings/latest_findings_container.tsx
@@ -18,7 +18,7 @@ import type { FindingsBaseURLQuery } from '../types';
 import { FindingsDistributionBar } from '../layout/findings_distribution_bar';
 import {
   getFindingsPageSizeInfo,
-  addFilter,
+  getFilters,
   getPaginationQuery,
   getPaginationTableParams,
   useBaseEsQuery,
@@ -119,7 +119,7 @@ export const LatestFindingsContainer = ({ dataView }: FindingsBaseProps) => {
               onAddFilter={(field, value, negate) =>
                 setUrlQuery({
                   pageIndex: 0,
-                  filters: addFilter({
+                  filters: getFilters({
                     filters: urlQuery.filters,
                     dataView,
                     field,
diff --git a/x-pack/plugins/cloud_security_posture/public/pages/findings/latest_findings_by_resource/findings_by_resource_container.tsx b/x-pack/plugins/cloud_security_posture/public/pages/findings/latest_findings_by_resource/findings_by_resource_container.tsx
index e55af94202e3c..6ed71372c4580 100644
--- a/x-pack/plugins/cloud_security_posture/public/pages/findings/latest_findings_by_resource/findings_by_resource_container.tsx
+++ b/x-pack/plugins/cloud_security_posture/public/pages/findings/latest_findings_by_resource/findings_by_resource_container.tsx
@@ -17,7 +17,7 @@ import { FindingsByResourceQuery, useFindingsByResource } from './use_findings_b
 import { FindingsByResourceTable } from './findings_by_resource_table';
 import {
   getFindingsPageSizeInfo,
-  addFilter,
+  getFilters,
   getPaginationQuery,
   getPaginationTableParams,
   useBaseEsQuery,
@@ -143,7 +143,7 @@ const LatestFindingsByResource = ({ dataView }: FindingsBaseProps) => {
               onAddFilter={(field, value, negate) =>
                 setUrlQuery({
                   pageIndex: 0,
-                  filters: addFilter({
+                  filters: getFilters({
                     filters: urlQuery.filters,
                     dataView,
                     field,
diff --git a/x-pack/plugins/cloud_security_posture/public/pages/findings/latest_findings_by_resource/resource_findings/resource_findings_container.tsx b/x-pack/plugins/cloud_security_posture/public/pages/findings/latest_findings_by_resource/resource_findings/resource_findings_container.tsx
index 1302dfafe6603..c3e23d2a865f1 100644
--- a/x-pack/plugins/cloud_security_posture/public/pages/findings/latest_findings_by_resource/resource_findings/resource_findings_container.tsx
+++ b/x-pack/plugins/cloud_security_posture/public/pages/findings/latest_findings_by_resource/resource_findings/resource_findings_container.tsx
@@ -19,7 +19,7 @@ import { useUrlQuery } from '../../../../common/hooks/use_url_query';
 import type { FindingsBaseURLQuery, FindingsBaseProps, CspFinding } from '../../types';
 import {
   getFindingsPageSizeInfo,
-  addFilter,
+  getFilters,
   getPaginationQuery,
   getPaginationTableParams,
   useBaseEsQuery,
@@ -147,7 +147,7 @@ export const ResourceFindings = ({ dataView }: FindingsBaseProps) => {
               onAddFilter={(field, value, negate) =>
                 setUrlQuery({
                   pageIndex: 0,
-                  filters: addFilter({
+                  filters: getFilters({
                     filters: urlQuery.filters,
                     dataView,
                     field,
diff --git a/x-pack/plugins/cloud_security_posture/public/pages/findings/utils.ts b/x-pack/plugins/cloud_security_posture/public/pages/findings/utils.ts
index 55d33ec15b83b..269e715bd2c06 100644
--- a/x-pack/plugins/cloud_security_posture/public/pages/findings/utils.ts
+++ b/x-pack/plugins/cloud_security_posture/public/pages/findings/utils.ts
@@ -5,15 +5,14 @@
  * 2.0.
  */
 
-import { buildEsQuery, type Filter, buildFilter, FILTERS, FilterStateStore } from '@kbn/es-query';
+import { buildEsQuery } from '@kbn/es-query';
 import { EuiBasicTableProps, Pagination } from '@elastic/eui';
 import { useCallback, useEffect, useMemo } from 'react';
 import { i18n } from '@kbn/i18n';
 import type { estypes } from '@elastic/elasticsearch';
-import type { Serializable } from '@kbn/utility-types';
 import type { FindingsBaseProps, FindingsBaseURLQuery } from './types';
 import { useKibana } from '../../common/hooks/use_kibana';
-import { isNonNullable } from '../../../common/utils/helpers';
+export { getFilters } from './get_filters';
 
 const getBaseQuery = ({ dataView, query, filters }: FindingsBaseURLQuery & FindingsBaseProps) => {
   try {
@@ -130,38 +129,6 @@ export const getAggregationCount = (buckets: estypes.AggregationsStringRareTerms
   };
 };
 
-export const addFilter = ({
-  filters,
-  dataView,
-  field,
-  value,
-  negate,
-}: {
-  filters: Filter[];
-  dataView: FindingsBaseProps['dataView'];
-  field: string;
-  value: Serializable;
-  negate: boolean;
-}): Filter[] => {
-  const dataViewField = dataView.getFieldByName(field);
-  if (!dataViewField) return filters;
-
-  const singleValue = Array.isArray(value) ? value[0] : value;
-
-  const filter = buildFilter(
-    dataView,
-    dataViewField,
-    FILTERS.PHRASE,
-    negate,
-    false,
-    singleValue,
-    null,
-    FilterStateStore.APP_STATE
-  );
-
-  return [...filters, filter].filter(isNonNullable);
-};
-
 const FIELDS_WITHOUT_KEYWORD_MAPPING = new Set([
   '@timestamp',
   'resource.sub_type',

From ded1fcb279e74312c66ba8e7e6b1ddcd2b691fba Mon Sep 17 00:00:00 2001
From: Alexey Antonov <alexwizp@gmail.com>
Date: Mon, 25 Jul 2022 13:07:34 +0300
Subject: [PATCH 10/12] [Step 1 ] VisEditors Telemetry enhancements (remove
 legacy agg-based telemetries) (#135634)

* [Step 1 ] VisEditors Telemetry enhancements (remove legacy agg-based telemetries)

* remove legacy trackUiMetric telemetries

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
---
 src/plugins/telemetry/schema/oss_plugins.json | 116 --------
 .../public/editor/components/index.tsx        |   3 +-
 .../vis_types/heatmap/public/plugin.ts        |   6 -
 src/plugins/vis_types/heatmap/public/types.ts |   2 -
 .../heatmap/public/vis_type/heatmap.tsx       |   2 -
 .../pie/public/editor/components/index.tsx    |   3 +-
 .../pie/public/editor/components/pie.tsx      |  13 -
 src/plugins/vis_types/pie/public/plugin.ts    |   2 -
 .../vis_types/pie/public/types/types.ts       |   2 -
 .../vis_types/pie/public/vis_type/pie.ts      |   2 -
 src/plugins/vis_types/table/kibana.json       |   1 -
 src/plugins/vis_types/table/server/index.ts   |  11 +-
 .../server/usage_collector/get_stats.test.ts  |  75 -----
 .../table/server/usage_collector/get_stats.ts | 102 -------
 .../table/server/usage_collector/index.ts     |   9 -
 .../register_usage_collector.test.ts          |  57 ----
 .../register_usage_collector.ts               |  31 --
 src/plugins/vis_types/table/tsconfig.json     |   1 -
 src/plugins/vis_types/timeseries/kibana.json  |   2 +-
 .../vis_types/timeseries/server/plugin.ts     |   8 -
 .../get_usage_collector.mock.ts               |  14 -
 .../get_usage_collector.test.ts               | 264 ------------------
 .../usage_collector/get_usage_collector.ts    | 182 ------------
 .../server/usage_collector/index.ts           |   9 -
 .../register_timeseries_collector.test.ts     |  52 ----
 .../register_timeseries_collector.ts          |  46 ---
 .../vis_types/timeseries/tsconfig.json        |   1 -
 src/plugins/vis_types/vega/kibana.json        |   2 +-
 src/plugins/vis_types/vega/server/plugin.ts   |  11 +-
 .../get_usage_collector.mock.ts               |  14 -
 .../get_usage_collector.test.ts               | 148 ----------
 .../usage_collector/get_usage_collector.ts    | 116 --------
 .../vega/server/usage_collector/index.ts      |   9 -
 .../register_vega_collector.test.ts           |  60 ----
 .../register_vega_collector.ts                |  30 --
 src/plugins/vis_types/vega/tsconfig.json      |   1 -
 .../point_series/elastic_charts_options.tsx   |  13 +-
 .../point_series/point_series.test.tsx        |   1 -
 src/plugins/vis_types/xy/public/plugin.ts     |   4 -
 src/plugins/vis_types/xy/public/services.ts   |   6 -
 src/plugins/visualizations/kibana.json        |   2 +-
 src/plugins/visualizations/public/mocks.ts    |   2 -
 src/plugins/visualizations/public/plugin.ts   |   9 -
 src/plugins/visualizations/public/services.ts |   6 -
 .../public/visualize_app/types.ts             |   2 -
 .../visualize_app/utils/get_table_columns.tsx |  15 -
 .../utils/get_top_nav_config.tsx              |  18 +-
 .../public/wizard/new_vis_modal.tsx           |   7 -
 .../public/wizard/show_new_vis.tsx            |   2 -
 src/plugins/visualizations/server/plugin.ts   |   7 -
 .../usage_collector/get_past_days.test.ts     |  24 --
 .../server/usage_collector/get_past_days.ts   |  14 -
 .../get_usage_collector.mock.ts               |  13 -
 .../get_usage_collector.test.ts               | 168 -----------
 .../usage_collector/get_usage_collector.ts    |  83 ------
 .../server/usage_collector/index.ts           |   9 -
 .../register_visualizations_collector.test.ts |  53 ----
 .../register_visualizations_collector.ts      |  30 --
 src/plugins/visualizations/tsconfig.json      |   1 -
 59 files changed, 10 insertions(+), 1886 deletions(-)
 delete mode 100644 src/plugins/vis_types/table/server/usage_collector/get_stats.test.ts
 delete mode 100644 src/plugins/vis_types/table/server/usage_collector/get_stats.ts
 delete mode 100644 src/plugins/vis_types/table/server/usage_collector/index.ts
 delete mode 100644 src/plugins/vis_types/table/server/usage_collector/register_usage_collector.test.ts
 delete mode 100644 src/plugins/vis_types/table/server/usage_collector/register_usage_collector.ts
 delete mode 100644 src/plugins/vis_types/timeseries/server/usage_collector/get_usage_collector.mock.ts
 delete mode 100644 src/plugins/vis_types/timeseries/server/usage_collector/get_usage_collector.test.ts
 delete mode 100644 src/plugins/vis_types/timeseries/server/usage_collector/get_usage_collector.ts
 delete mode 100644 src/plugins/vis_types/timeseries/server/usage_collector/index.ts
 delete mode 100644 src/plugins/vis_types/timeseries/server/usage_collector/register_timeseries_collector.test.ts
 delete mode 100644 src/plugins/vis_types/timeseries/server/usage_collector/register_timeseries_collector.ts
 delete mode 100644 src/plugins/vis_types/vega/server/usage_collector/get_usage_collector.mock.ts
 delete mode 100644 src/plugins/vis_types/vega/server/usage_collector/get_usage_collector.test.ts
 delete mode 100644 src/plugins/vis_types/vega/server/usage_collector/get_usage_collector.ts
 delete mode 100644 src/plugins/vis_types/vega/server/usage_collector/index.ts
 delete mode 100644 src/plugins/vis_types/vega/server/usage_collector/register_vega_collector.test.ts
 delete mode 100644 src/plugins/vis_types/vega/server/usage_collector/register_vega_collector.ts
 delete mode 100644 src/plugins/visualizations/server/usage_collector/get_past_days.test.ts
 delete mode 100644 src/plugins/visualizations/server/usage_collector/get_past_days.ts
 delete mode 100644 src/plugins/visualizations/server/usage_collector/get_usage_collector.mock.ts
 delete mode 100644 src/plugins/visualizations/server/usage_collector/get_usage_collector.test.ts
 delete mode 100644 src/plugins/visualizations/server/usage_collector/get_usage_collector.ts
 delete mode 100644 src/plugins/visualizations/server/usage_collector/index.ts
 delete mode 100644 src/plugins/visualizations/server/usage_collector/register_visualizations_collector.test.ts
 delete mode 100644 src/plugins/visualizations/server/usage_collector/register_visualizations_collector.ts

diff --git a/src/plugins/telemetry/schema/oss_plugins.json b/src/plugins/telemetry/schema/oss_plugins.json
index ba27dc7538cff..fde583cf907e4 100644
--- a/src/plugins/telemetry/schema/oss_plugins.json
+++ b/src/plugins/telemetry/schema/oss_plugins.json
@@ -10112,122 +10112,6 @@
           }
         }
       }
-    },
-    "vis_type_table": {
-      "properties": {
-        "total": {
-          "type": "long"
-        },
-        "total_split": {
-          "type": "long"
-        },
-        "split_columns": {
-          "properties": {
-            "total": {
-              "type": "long"
-            },
-            "enabled": {
-              "type": "long"
-            }
-          }
-        },
-        "split_rows": {
-          "properties": {
-            "total": {
-              "type": "long"
-            },
-            "enabled": {
-              "type": "long"
-            }
-          }
-        }
-      }
-    },
-    "vis_type_timeseries": {
-      "properties": {
-        "timeseries_use_last_value_mode_total": {
-          "type": "long",
-          "_meta": {
-            "description": "Number of TSVB visualizations using \"last value\" as a time range"
-          }
-        },
-        "timeseries_use_es_indices_total": {
-          "type": "long",
-          "_meta": {
-            "description": "Number of TSVB visualizations using elasticsearch indices"
-          }
-        },
-        "timeseries_table_use_aggregate_function": {
-          "type": "long",
-          "_meta": {
-            "description": "Number of TSVB table visualizations using aggregate function"
-          }
-        },
-        "timeseries_types": {
-          "properties": {
-            "table": {
-              "type": "long"
-            },
-            "gauge": {
-              "type": "long"
-            },
-            "markdown": {
-              "type": "long"
-            },
-            "top_n": {
-              "type": "long"
-            },
-            "timeseries": {
-              "type": "long"
-            },
-            "metric": {
-              "type": "long"
-            }
-          }
-        }
-      }
-    },
-    "vis_type_vega": {
-      "properties": {
-        "vega_lib_specs_total": {
-          "type": "long"
-        },
-        "vega_lite_lib_specs_total": {
-          "type": "long"
-        },
-        "vega_use_map_total": {
-          "type": "long"
-        }
-      }
-    },
-    "visualization_types": {
-      "properties": {
-        "DYNAMIC_KEY": {
-          "properties": {
-            "total": {
-              "type": "long"
-            },
-            "spaces_min": {
-              "type": "long"
-            },
-            "spaces_max": {
-              "type": "long"
-            },
-            "spaces_avg": {
-              "type": "long"
-            },
-            "saved_7_days_total": {
-              "type": "long"
-            },
-            "saved_30_days_total": {
-              "type": "long"
-            },
-            "saved_90_days_total": {
-              "type": "long"
-            }
-          }
-        }
-      }
     }
   }
 }
diff --git a/src/plugins/vis_types/heatmap/public/editor/components/index.tsx b/src/plugins/vis_types/heatmap/public/editor/components/index.tsx
index 59db84b0db665..cac64d00af9cd 100644
--- a/src/plugins/vis_types/heatmap/public/editor/components/index.tsx
+++ b/src/plugins/vis_types/heatmap/public/editor/components/index.tsx
@@ -13,13 +13,12 @@ import { HeatmapVisParams, HeatmapTypeProps } from '../../types';
 const HeatmapOptionsLazy = lazy(() => import('./heatmap'));
 
 export const getHeatmapOptions =
-  ({ showElasticChartsOptions, palettes, trackUiMetric }: HeatmapTypeProps) =>
+  ({ showElasticChartsOptions, palettes }: HeatmapTypeProps) =>
   (props: VisEditorOptionsProps<HeatmapVisParams>) =>
     (
       <HeatmapOptionsLazy
         {...props}
         palettes={palettes}
         showElasticChartsOptions={showElasticChartsOptions}
-        trackUiMetric={trackUiMetric}
       />
     );
diff --git a/src/plugins/vis_types/heatmap/public/plugin.ts b/src/plugins/vis_types/heatmap/public/plugin.ts
index c84c8830318c2..44357cceaa86b 100644
--- a/src/plugins/vis_types/heatmap/public/plugin.ts
+++ b/src/plugins/vis_types/heatmap/public/plugin.ts
@@ -34,16 +34,10 @@ export class VisTypeHeatmapPlugin {
     { visualizations, charts, usageCollection }: VisTypeHeatmapSetupDependencies
   ) {
     if (!core.uiSettings.get(LEGACY_HEATMAP_CHARTS_LIBRARY)) {
-      const trackUiMetric = usageCollection?.reportUiCounter.bind(
-        usageCollection,
-        'vis_type_heatmap'
-      );
-
       visualizations.createBaseVisualization(
         heatmapVisType({
           showElasticChartsOptions: true,
           palettes: charts.palettes,
-          trackUiMetric,
         })
       );
     }
diff --git a/src/plugins/vis_types/heatmap/public/types.ts b/src/plugins/vis_types/heatmap/public/types.ts
index 9d41a132f00b1..e29b77746b070 100644
--- a/src/plugins/vis_types/heatmap/public/types.ts
+++ b/src/plugins/vis_types/heatmap/public/types.ts
@@ -5,7 +5,6 @@
  * in compliance with, at your election, the Elastic License 2.0 or the Server
  * Side Public License, v 1.
  */
-import { UiCounterMetricType } from '@kbn/analytics';
 import type { Position } from '@elastic/charts';
 import type { ChartsPluginSetup, Style, Labels, ColorSchemas } from '@kbn/charts-plugin/public';
 import { Range } from '@kbn/expressions-plugin/public';
@@ -14,7 +13,6 @@ import { LegendSize } from '@kbn/visualizations-plugin/public';
 export interface HeatmapTypeProps {
   showElasticChartsOptions?: boolean;
   palettes?: ChartsPluginSetup['palettes'];
-  trackUiMetric?: (metricType: UiCounterMetricType, eventName: string | string[]) => void;
 }
 
 export interface HeatmapVisParams {
diff --git a/src/plugins/vis_types/heatmap/public/vis_type/heatmap.tsx b/src/plugins/vis_types/heatmap/public/vis_type/heatmap.tsx
index ee2893f2cb190..e5a92ca03f5cc 100644
--- a/src/plugins/vis_types/heatmap/public/vis_type/heatmap.tsx
+++ b/src/plugins/vis_types/heatmap/public/vis_type/heatmap.tsx
@@ -20,7 +20,6 @@ import { SplitTooltip } from './split_tooltip';
 export const getHeatmapVisTypeDefinition = ({
   showElasticChartsOptions = false,
   palettes,
-  trackUiMetric,
 }: HeatmapTypeProps): VisTypeDefinition<HeatmapVisParams> => ({
   name: 'heatmap',
   title: i18n.translate('visTypeHeatmap.heatmap.heatmapTitle', { defaultMessage: 'Heat map' }),
@@ -68,7 +67,6 @@ export const getHeatmapVisTypeDefinition = ({
     optionsTemplate: getHeatmapOptions({
       showElasticChartsOptions,
       palettes,
-      trackUiMetric,
     }),
     schemas: [
       {
diff --git a/src/plugins/vis_types/pie/public/editor/components/index.tsx b/src/plugins/vis_types/pie/public/editor/components/index.tsx
index f21af20f6b2af..4290634cdeb78 100644
--- a/src/plugins/vis_types/pie/public/editor/components/index.tsx
+++ b/src/plugins/vis_types/pie/public/editor/components/index.tsx
@@ -14,13 +14,12 @@ import { PieTypeProps } from '../../types';
 const PieOptionsLazy = lazy(() => import('./pie'));
 
 export const getPieOptions =
-  ({ showElasticChartsOptions, palettes, trackUiMetric }: PieTypeProps) =>
+  ({ showElasticChartsOptions, palettes }: PieTypeProps) =>
   (props: VisEditorOptionsProps<PartitionVisParams>) =>
     (
       <PieOptionsLazy
         {...props}
         palettes={palettes}
         showElasticChartsOptions={showElasticChartsOptions}
-        trackUiMetric={trackUiMetric}
       />
     );
diff --git a/src/plugins/vis_types/pie/public/editor/components/pie.tsx b/src/plugins/vis_types/pie/public/editor/components/pie.tsx
index cd1e565861d78..a22f29415d5b5 100644
--- a/src/plugins/vis_types/pie/public/editor/components/pie.tsx
+++ b/src/plugins/vis_types/pie/public/editor/components/pie.tsx
@@ -7,7 +7,6 @@
  */
 
 import React, { useState, useEffect, useCallback } from 'react';
-import { METRIC_TYPE } from '@kbn/analytics';
 import {
   EuiPanel,
   EuiTitle,
@@ -223,9 +222,6 @@ const PieOptions = (props: PieOptionsProps) => {
               value={stateParams.nestedLegend}
               disabled={stateParams.legendDisplay === LegendDisplay.HIDE}
               setValue={(paramName, value) => {
-                if (props.trackUiMetric) {
-                  props.trackUiMetric(METRIC_TYPE.CLICK, 'nested_legend_switched');
-                }
                 setValue(paramName, value);
               }}
               data-test-subj="visTypePieNestedLegendSwitch"
@@ -253,9 +249,6 @@ const PieOptions = (props: PieOptionsProps) => {
             activePalette={stateParams.palette}
             paramName="palette"
             setPalette={(paramName, value) => {
-              if (props.trackUiMetric) {
-                props.trackUiMetric(METRIC_TYPE.CLICK, 'palette_selected');
-              }
               setValue(paramName, value);
             }}
           />
@@ -296,9 +289,6 @@ const PieOptions = (props: PieOptionsProps) => {
                 : stateParams.labels.position || LabelPositions.DEFAULT
             }
             setValue={(paramName, value) => {
-              if (props.trackUiMetric) {
-                props.trackUiMetric(METRIC_TYPE.CLICK, 'label_position_selected');
-              }
               setLabels(paramName, value);
             }}
             data-test-subj="visTypePieLabelPositionSelect"
@@ -338,9 +328,6 @@ const PieOptions = (props: PieOptionsProps) => {
               paramName="valuesFormat"
               value={stateParams.labels.valuesFormat || ValueFormats.PERCENT}
               setValue={(paramName, value) => {
-                if (props.trackUiMetric) {
-                  props.trackUiMetric(METRIC_TYPE.CLICK, 'values_format_selected');
-                }
                 setLabels(paramName, value);
               }}
               data-test-subj="visTypePieValueFormatsSelect"
diff --git a/src/plugins/vis_types/pie/public/plugin.ts b/src/plugins/vis_types/pie/public/plugin.ts
index ac219d29b5479..480cf0c49db63 100644
--- a/src/plugins/vis_types/pie/public/plugin.ts
+++ b/src/plugins/vis_types/pie/public/plugin.ts
@@ -43,12 +43,10 @@ export class VisTypePiePlugin {
     { visualizations, charts, usageCollection }: VisTypePieSetupDependencies
   ) {
     if (!core.uiSettings.get(LEGACY_PIE_CHARTS_LIBRARY, false)) {
-      const trackUiMetric = usageCollection?.reportUiCounter.bind(usageCollection, 'vis_type_pie');
       visualizations.createBaseVisualization(
         pieVisType({
           showElasticChartsOptions: true,
           palettes: charts.palettes,
-          trackUiMetric,
         })
       );
     }
diff --git a/src/plugins/vis_types/pie/public/types/types.ts b/src/plugins/vis_types/pie/public/types/types.ts
index 968e04fd59075..a13ed368d8dec 100644
--- a/src/plugins/vis_types/pie/public/types/types.ts
+++ b/src/plugins/vis_types/pie/public/types/types.ts
@@ -6,7 +6,6 @@
  * Side Public License, v 1.
  */
 
-import { UiCounterMetricType } from '@kbn/analytics';
 import { SerializedFieldFormat } from '@kbn/field-formats-plugin/common';
 import { ChartsPluginSetup } from '@kbn/charts-plugin/public';
 
@@ -28,5 +27,4 @@ export interface Dimensions {
 export interface PieTypeProps {
   showElasticChartsOptions?: boolean;
   palettes?: ChartsPluginSetup['palettes'];
-  trackUiMetric?: (metricType: UiCounterMetricType, eventName: string | string[]) => void;
 }
diff --git a/src/plugins/vis_types/pie/public/vis_type/pie.ts b/src/plugins/vis_types/pie/public/vis_type/pie.ts
index 113c277d5e210..6d48507cf47a3 100644
--- a/src/plugins/vis_types/pie/public/vis_type/pie.ts
+++ b/src/plugins/vis_types/pie/public/vis_type/pie.ts
@@ -25,7 +25,6 @@ import { getPieOptions } from '../editor/components';
 export const getPieVisTypeDefinition = ({
   showElasticChartsOptions = false,
   palettes,
-  trackUiMetric,
 }: PieTypeProps): VisTypeDefinition<PartitionVisParams> => ({
   name: 'pie',
   title: i18n.translate('visTypePie.pie.pieTitle', { defaultMessage: 'Pie' }),
@@ -68,7 +67,6 @@ export const getPieVisTypeDefinition = ({
     optionsTemplate: getPieOptions({
       showElasticChartsOptions,
       palettes,
-      trackUiMetric,
     }),
     schemas: [
       {
diff --git a/src/plugins/vis_types/table/kibana.json b/src/plugins/vis_types/table/kibana.json
index a56965a214349..28b21fc55f453 100644
--- a/src/plugins/vis_types/table/kibana.json
+++ b/src/plugins/vis_types/table/kibana.json
@@ -14,7 +14,6 @@
     "share",
     "visDefaultEditor"
   ],
-  "optionalPlugins": ["usageCollection"],
   "owner": {
     "name": "Vis Editors",
     "githubTeam": "kibana-vis-editors"
diff --git a/src/plugins/vis_types/table/server/index.ts b/src/plugins/vis_types/table/server/index.ts
index 0d1eade453f6c..a7f63648ba422 100644
--- a/src/plugins/vis_types/table/server/index.ts
+++ b/src/plugins/vis_types/table/server/index.ts
@@ -6,21 +6,14 @@
  * Side Public License, v 1.
  */
 
-import { CoreSetup, PluginConfigDescriptor } from '@kbn/core/server';
-import { UsageCollectionSetup } from '@kbn/usage-collection-plugin/server';
-
+import { PluginConfigDescriptor } from '@kbn/core/server';
 import { configSchema, ConfigSchema } from '../config';
-import { registerVisTypeTableUsageCollector } from './usage_collector';
 
 export const config: PluginConfigDescriptor<ConfigSchema> = {
   schema: configSchema,
 };
 
 export const plugin = () => ({
-  setup(core: CoreSetup, plugins: { usageCollection?: UsageCollectionSetup }) {
-    if (plugins.usageCollection) {
-      registerVisTypeTableUsageCollector(plugins.usageCollection);
-    }
-  },
+  setup() {},
   start() {},
 });
diff --git a/src/plugins/vis_types/table/server/usage_collector/get_stats.test.ts b/src/plugins/vis_types/table/server/usage_collector/get_stats.test.ts
deleted file mode 100644
index cba5bce0c5bbf..0000000000000
--- a/src/plugins/vis_types/table/server/usage_collector/get_stats.test.ts
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0 and the Server Side Public License, v 1; you may not use this file except
- * in compliance with, at your election, the Elastic License 2.0 or the Server
- * Side Public License, v 1.
- */
-
-import { getStats } from './get_stats';
-import type { SavedObjectsClientContract } from '@kbn/core/server';
-
-const mockVisualizations = {
-  saved_objects: [
-    {
-      attributes: {
-        visState:
-          '{"type": "table","aggs": [{ "schema": "metric" }, { "schema": "bucket" }, { "schema": "split", "enabled": true }], "params": { "row": true }}',
-      },
-    },
-    {
-      attributes: {
-        visState:
-          '{"type": "table","aggs": [{ "schema": "metric" }, { "schema": "bucket" }, { "schema": "split", "enabled": false }], "params": { "row": true }}',
-      },
-    },
-    {
-      attributes: {
-        visState:
-          '{"type": "table","aggs": [{ "schema": "metric" }, { "schema": "split", "enabled": true }], "params": { "row": false }}',
-      },
-    },
-    {
-      attributes: {
-        visState: '{"type": "table","aggs": [{ "schema": "metric" }, { "schema": "bucket" }]}',
-      },
-    },
-    {
-      attributes: { visState: '{"type": "histogram"}' },
-    },
-  ],
-};
-
-describe('vis_type_table getStats', () => {
-  const mockSoClient = {
-    createPointInTimeFinder: jest.fn().mockResolvedValue({
-      close: jest.fn(),
-      find: function* asyncGenerator() {
-        yield mockVisualizations;
-      },
-    }),
-  } as unknown as SavedObjectsClientContract;
-
-  test('Returns stats from saved objects for table vis only', async () => {
-    const result = await getStats(mockSoClient);
-
-    expect(mockSoClient.createPointInTimeFinder).toHaveBeenCalledWith({
-      type: 'visualization',
-      perPage: 1000,
-      namespaces: ['*'],
-    });
-
-    expect(result).toEqual({
-      total: 4,
-      total_split: 3,
-      split_columns: {
-        total: 1,
-        enabled: 1,
-      },
-      split_rows: {
-        total: 2,
-        enabled: 1,
-      },
-    });
-  });
-});
diff --git a/src/plugins/vis_types/table/server/usage_collector/get_stats.ts b/src/plugins/vis_types/table/server/usage_collector/get_stats.ts
deleted file mode 100644
index 288a48a20cc81..0000000000000
--- a/src/plugins/vis_types/table/server/usage_collector/get_stats.ts
+++ /dev/null
@@ -1,102 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0 and the Server Side Public License, v 1; you may not use this file except
- * in compliance with, at your election, the Elastic License 2.0 or the Server
- * Side Public License, v 1.
- */
-
-import type {
-  ISavedObjectsRepository,
-  SavedObjectsClientContract,
-  SavedObjectsFindResult,
-} from '@kbn/core/server';
-import type { SavedVisState } from '@kbn/visualizations-plugin/common';
-import { VIS_TYPE_TABLE } from '../../common';
-
-export interface VisTypeTableUsage {
-  /**
-   * Total number of table type visualizations
-   */
-  total: number;
-  /**
-   * Total number of table visualizations, using "Split table" agg
-   */
-  total_split: number;
-  /**
-   * Split table by columns stats
-   */
-  split_columns: {
-    total: number;
-    enabled: number;
-  };
-  /**
-   * Split table by rows stats
-   */
-  split_rows: {
-    total: number;
-    enabled: number;
-  };
-}
-
-/*
- * Parse the response data into telemetry payload
- */
-export async function getStats(
-  soClient: SavedObjectsClientContract | ISavedObjectsRepository
-): Promise<VisTypeTableUsage | undefined> {
-  const finder = await soClient.createPointInTimeFinder({
-    type: 'visualization',
-    perPage: 1000,
-    namespaces: ['*'],
-  });
-
-  const stats: VisTypeTableUsage = {
-    total: 0,
-    total_split: 0,
-    split_columns: {
-      total: 0,
-      enabled: 0,
-    },
-    split_rows: {
-      total: 0,
-      enabled: 0,
-    },
-  };
-
-  const doTelemetry = ({ aggs, params }: SavedVisState) => {
-    stats.total += 1;
-
-    const hasSplitAgg = aggs.find((agg) => agg.schema === 'split');
-
-    if (hasSplitAgg) {
-      stats.total_split += 1;
-
-      const isSplitRow = params.row;
-      const isSplitEnabled = hasSplitAgg.enabled;
-      const container = isSplitRow ? stats.split_rows : stats.split_columns;
-
-      container.total += 1;
-      container.enabled = isSplitEnabled ? container.enabled + 1 : container.enabled;
-    }
-  };
-
-  for await (const response of finder.find()) {
-    (response.saved_objects || []).forEach(({ attributes }: SavedObjectsFindResult<any>) => {
-      if (attributes?.visState) {
-        try {
-          const visState: SavedVisState = JSON.parse(attributes.visState);
-
-          if (visState.type === VIS_TYPE_TABLE) {
-            doTelemetry(visState);
-          }
-        } catch {
-          // nothing to be here, "so" not valid
-        }
-      }
-    });
-  }
-  await finder.close();
-
-  return stats;
-}
diff --git a/src/plugins/vis_types/table/server/usage_collector/index.ts b/src/plugins/vis_types/table/server/usage_collector/index.ts
deleted file mode 100644
index 6a2e893a354e0..0000000000000
--- a/src/plugins/vis_types/table/server/usage_collector/index.ts
+++ /dev/null
@@ -1,9 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0 and the Server Side Public License, v 1; you may not use this file except
- * in compliance with, at your election, the Elastic License 2.0 or the Server
- * Side Public License, v 1.
- */
-
-export { registerVisTypeTableUsageCollector } from './register_usage_collector';
diff --git a/src/plugins/vis_types/table/server/usage_collector/register_usage_collector.test.ts b/src/plugins/vis_types/table/server/usage_collector/register_usage_collector.test.ts
deleted file mode 100644
index 7d6c4e54ff8fd..0000000000000
--- a/src/plugins/vis_types/table/server/usage_collector/register_usage_collector.test.ts
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0 and the Server Side Public License, v 1; you may not use this file except
- * in compliance with, at your election, the Elastic License 2.0 or the Server
- * Side Public License, v 1.
- */
-
-import {
-  createUsageCollectionSetupMock,
-  createCollectorFetchContextMock,
-} from '@kbn/usage-collection-plugin/server/mocks';
-import { registerVisTypeTableUsageCollector } from './register_usage_collector';
-import { getStats } from './get_stats';
-
-jest.mock('./get_stats', () => ({
-  getStats: jest.fn().mockResolvedValue({ somestat: 1 }),
-}));
-
-describe('registerVisTypeTableUsageCollector', () => {
-  test('Usage collector configs fit the shape', () => {
-    const mockCollectorSet = createUsageCollectionSetupMock();
-    registerVisTypeTableUsageCollector(mockCollectorSet);
-    expect(mockCollectorSet.makeUsageCollector).toBeCalledTimes(1);
-    expect(mockCollectorSet.registerCollector).toBeCalledTimes(1);
-    expect(mockCollectorSet.makeUsageCollector).toHaveBeenCalledWith({
-      type: 'vis_type_table',
-      isReady: expect.any(Function),
-      fetch: expect.any(Function),
-      schema: {
-        total: { type: 'long' },
-        total_split: { type: 'long' },
-        split_columns: {
-          total: { type: 'long' },
-          enabled: { type: 'long' },
-        },
-        split_rows: {
-          total: { type: 'long' },
-          enabled: { type: 'long' },
-        },
-      },
-    });
-    const usageCollectorConfig = mockCollectorSet.makeUsageCollector.mock.calls[0][0];
-    expect(usageCollectorConfig.isReady()).toBe(true);
-  });
-
-  test('Usage collector config.fetch calls getStats', async () => {
-    const mockCollectorSet = createUsageCollectionSetupMock();
-    registerVisTypeTableUsageCollector(mockCollectorSet);
-    const usageCollector = mockCollectorSet.makeUsageCollector.mock.results[0].value;
-    const mockCollectorFetchContext = createCollectorFetchContextMock();
-    const fetchResult = await usageCollector.fetch(mockCollectorFetchContext);
-    expect(getStats).toBeCalledTimes(1);
-    expect(getStats).toBeCalledWith(mockCollectorFetchContext.soClient);
-    expect(fetchResult).toEqual({ somestat: 1 });
-  });
-});
diff --git a/src/plugins/vis_types/table/server/usage_collector/register_usage_collector.ts b/src/plugins/vis_types/table/server/usage_collector/register_usage_collector.ts
deleted file mode 100644
index 75cc7c0b11f1a..0000000000000
--- a/src/plugins/vis_types/table/server/usage_collector/register_usage_collector.ts
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0 and the Server Side Public License, v 1; you may not use this file except
- * in compliance with, at your election, the Elastic License 2.0 or the Server
- * Side Public License, v 1.
- */
-
-import type { UsageCollectionSetup } from '@kbn/usage-collection-plugin/server';
-import { getStats, VisTypeTableUsage } from './get_stats';
-
-export function registerVisTypeTableUsageCollector(collectorSet: UsageCollectionSetup) {
-  const collector = collectorSet.makeUsageCollector<VisTypeTableUsage | undefined>({
-    type: 'vis_type_table',
-    isReady: () => true,
-    schema: {
-      total: { type: 'long' },
-      total_split: { type: 'long' },
-      split_columns: {
-        total: { type: 'long' },
-        enabled: { type: 'long' },
-      },
-      split_rows: {
-        total: { type: 'long' },
-        enabled: { type: 'long' },
-      },
-    },
-    fetch: ({ soClient }) => getStats(soClient),
-  });
-  collectorSet.registerCollector(collector);
-}
diff --git a/src/plugins/vis_types/table/tsconfig.json b/src/plugins/vis_types/table/tsconfig.json
index 578b10fb09be8..6df0a83853142 100644
--- a/src/plugins/vis_types/table/tsconfig.json
+++ b/src/plugins/vis_types/table/tsconfig.json
@@ -17,7 +17,6 @@
     { "path": "../../data/tsconfig.json" },
     { "path": "../../visualizations/tsconfig.json" },
     { "path": "../../share/tsconfig.json" },
-    { "path": "../../usage_collection/tsconfig.json" },
     { "path": "../../expressions/tsconfig.json" },
     { "path": "../../kibana_utils/tsconfig.json" },
     { "path": "../../kibana_react/tsconfig.json" },
diff --git a/src/plugins/vis_types/timeseries/kibana.json b/src/plugins/vis_types/timeseries/kibana.json
index 8f12e7c4d3ca5..199b0e00242d3 100644
--- a/src/plugins/vis_types/timeseries/kibana.json
+++ b/src/plugins/vis_types/timeseries/kibana.json
@@ -5,7 +5,7 @@
   "server": true,
   "ui": true,
   "requiredPlugins": ["charts", "data", "expressions", "visualizations", "inspector", "dataViews"],
-  "optionalPlugins": ["home","usageCollection"],
+  "optionalPlugins": ["home"],
   "requiredBundles": ["unifiedSearch", "kibanaUtils", "kibanaReact", "fieldFormats"],
   "owner": {
     "name": "Vis Editors",
diff --git a/src/plugins/vis_types/timeseries/server/plugin.ts b/src/plugins/vis_types/timeseries/server/plugin.ts
index 31ca2667ed3a7..6ca50032aa689 100644
--- a/src/plugins/vis_types/timeseries/server/plugin.ts
+++ b/src/plugins/vis_types/timeseries/server/plugin.ts
@@ -18,7 +18,6 @@ import {
 import { firstValueFrom, Observable } from 'rxjs';
 import { Server } from '@hapi/hapi';
 import { map } from 'rxjs/operators';
-import { UsageCollectionSetup } from '@kbn/usage-collection-plugin/server';
 import { HomeServerPluginSetup } from '@kbn/home-plugin/server';
 import { PluginStart } from '@kbn/data-plugin/server';
 import type { DataViewsService } from '@kbn/data-views-plugin/common';
@@ -41,14 +40,11 @@ import {
 } from './lib/search_strategies';
 import type { TimeseriesVisData, VisPayload } from '../common/types';
 
-import { registerTimeseriesUsageCollector } from './usage_collector';
-
 export interface LegacySetup {
   server: Server;
 }
 
 interface VisTypeTimeseriesPluginSetupDependencies {
-  usageCollection?: UsageCollectionSetup;
   home?: HomeServerPluginSetup;
 }
 
@@ -128,10 +124,6 @@ export class VisTypeTimeseriesPlugin implements Plugin<VisTypeTimeseriesSetup> {
     visDataRoutes(router, framework);
     fieldsRoutes(router, framework);
 
-    if (plugins.usageCollection) {
-      registerTimeseriesUsageCollector(plugins.usageCollection, plugins.home);
-    }
-
     return {
       getVisData: async (
         requestContext: VisTypeTimeseriesRequestHandlerContext,
diff --git a/src/plugins/vis_types/timeseries/server/usage_collector/get_usage_collector.mock.ts b/src/plugins/vis_types/timeseries/server/usage_collector/get_usage_collector.mock.ts
deleted file mode 100644
index bb52d215c67e8..0000000000000
--- a/src/plugins/vis_types/timeseries/server/usage_collector/get_usage_collector.mock.ts
+++ /dev/null
@@ -1,14 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0 and the Server Side Public License, v 1; you may not use this file except
- * in compliance with, at your election, the Elastic License 2.0 or the Server
- * Side Public License, v 1.
- */
-
-export const mockStats = { somestat: 1 };
-export const mockGetStats = jest.fn().mockResolvedValue(mockStats);
-
-jest.doMock('./get_usage_collector', () => ({
-  getStats: mockGetStats,
-}));
diff --git a/src/plugins/vis_types/timeseries/server/usage_collector/get_usage_collector.test.ts b/src/plugins/vis_types/timeseries/server/usage_collector/get_usage_collector.test.ts
deleted file mode 100644
index 6304e7e6518ba..0000000000000
--- a/src/plugins/vis_types/timeseries/server/usage_collector/get_usage_collector.test.ts
+++ /dev/null
@@ -1,264 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0 and the Server Side Public License, v 1; you may not use this file except
- * in compliance with, at your election, the Elastic License 2.0 or the Server
- * Side Public License, v 1.
- */
-
-import { getStats } from './get_usage_collector';
-import { createCollectorFetchContextMock } from '@kbn/usage-collection-plugin/server/mocks';
-import type { SavedObjectsClientContract, SavedObjectsFindResponse } from '@kbn/core/server';
-import { TIME_RANGE_DATA_MODES } from '../../common/enums';
-
-const mockedSavedObject = {
-  saved_objects: [
-    {
-      attributes: {
-        visState: JSON.stringify({
-          type: 'metrics',
-          title: 'TSVB visualization 1',
-          params: {
-            type: 'gauge',
-            time_range_mode: TIME_RANGE_DATA_MODES.ENTIRE_TIME_RANGE,
-            use_kibana_indexes: true,
-          },
-        }),
-      },
-    },
-    {
-      attributes: {
-        visState: JSON.stringify({
-          type: 'metrics',
-          title: 'TSVB visualization 2',
-          params: {
-            type: 'top_n',
-            time_range_mode: TIME_RANGE_DATA_MODES.LAST_VALUE,
-            use_kibana_indexes: false,
-          },
-        }),
-      },
-    },
-    {
-      attributes: {
-        visState: JSON.stringify({
-          type: 'metrics',
-          title: 'TSVB visualization 3',
-          params: {
-            type: 'markdown',
-            time_range_mode: undefined,
-            use_kibana_indexes: false,
-          },
-        }),
-      },
-    },
-    {
-      attributes: {
-        visState: JSON.stringify({
-          type: 'metrics',
-          title: 'TSVB visualization 4',
-          params: {
-            type: 'table',
-            series: [
-              {
-                aggregate_by: 'test',
-                aggregate_function: 'max',
-              },
-            ],
-          },
-        }),
-      },
-    },
-  ],
-} as SavedObjectsFindResponse;
-
-const mockedSavedObjectsByValue = [
-  {
-    attributes: {
-      panelsJSON: JSON.stringify({
-        type: 'visualization',
-        embeddableConfig: {
-          savedVis: {
-            type: 'metrics',
-            params: {
-              type: 'markdown',
-              time_range_mode: TIME_RANGE_DATA_MODES.LAST_VALUE,
-              use_kibana_indexes: false,
-            },
-          },
-        },
-      }),
-    },
-  },
-  {
-    attributes: {
-      panelsJSON: JSON.stringify({
-        type: 'visualization',
-        embeddableConfig: {
-          savedVis: {
-            type: 'metrics',
-            params: {
-              type: 'timeseries',
-              time_range_mode: TIME_RANGE_DATA_MODES.ENTIRE_TIME_RANGE,
-              use_kibana_indexes: true,
-            },
-          },
-        },
-      }),
-    },
-  },
-  {
-    attributes: {
-      panelsJSON: JSON.stringify({
-        type: 'visualization',
-        embeddableConfig: {
-          savedVis: {
-            type: 'metrics',
-            params: {
-              type: 'table',
-              series: [
-                {
-                  aggregate_by: 'test1',
-                  aggregate_function: 'sum',
-                },
-              ],
-              use_kibana_indexes: true,
-            },
-          },
-        },
-      }),
-    },
-  },
-];
-
-const getMockCollectorFetchContext = (
-  savedObjects: SavedObjectsFindResponse,
-  savedObjectsByValue: unknown[] = []
-) => {
-  const fetchParamsMock = createCollectorFetchContextMock();
-
-  fetchParamsMock.soClient = {
-    find: jest.fn().mockResolvedValue({
-      saved_objects: savedObjectsByValue,
-    }),
-    createPointInTimeFinder: jest.fn().mockResolvedValue({
-      close: jest.fn(),
-      find: function* asyncGenerator() {
-        yield savedObjects;
-      },
-    }),
-  } as unknown as SavedObjectsClientContract;
-  return fetchParamsMock;
-};
-
-describe('Timeseries visualization usage collector', () => {
-  test('Returns undefined when no results found (undefined)', async () => {
-    const mockCollectorFetchContext = getMockCollectorFetchContext(
-      { saved_objects: [] } as unknown as SavedObjectsFindResponse,
-      []
-    );
-    const result = await getStats(mockCollectorFetchContext.soClient);
-
-    expect(result).toBeUndefined();
-  });
-
-  test('Returns undefined when no timeseries saved objects found', async () => {
-    const mockCollectorFetchContext = getMockCollectorFetchContext({
-      saved_objects: [
-        {
-          attributes: { visState: '{"type": "area"}' },
-        },
-        {
-          attributes: {
-            panelsJSON: JSON.stringify({
-              type: 'visualization',
-              embeddableConfig: {
-                savedVis: {
-                  type: 'area',
-                },
-              },
-            }),
-          },
-        },
-      ],
-    } as SavedObjectsFindResponse);
-
-    const result = await getStats(mockCollectorFetchContext.soClient);
-
-    expect(result).toBeUndefined();
-  });
-
-  test('Returns undefined when aggregate function is null', async () => {
-    const mockCollectorFetchContext = getMockCollectorFetchContext({
-      saved_objects: [
-        {
-          attributes: {
-            panelsJSON: JSON.stringify({
-              type: 'visualization',
-              embeddableConfig: {
-                savedVis: {
-                  type: 'metrics',
-                  params: {
-                    type: 'table',
-                    series: [
-                      {
-                        aggregate_by: null,
-                        aggregate_function: null,
-                      },
-                    ],
-                  },
-                },
-              },
-            }),
-          },
-        },
-        {
-          attributes: {
-            panelsJSON: JSON.stringify({
-              type: 'visualization',
-              embeddableConfig: {
-                savedVis: {
-                  type: 'metrics',
-                  params: {
-                    type: 'table',
-                    series: [
-                      {
-                        axis_position: 'right',
-                      },
-                    ],
-                  },
-                },
-              },
-            }),
-          },
-        },
-      ],
-    } as SavedObjectsFindResponse);
-
-    const result = await getStats(mockCollectorFetchContext.soClient);
-
-    expect(result).toBeUndefined();
-  });
-
-  test('Summarizes visualizations response data', async () => {
-    const mockCollectorFetchContext = getMockCollectorFetchContext(
-      mockedSavedObject,
-      mockedSavedObjectsByValue
-    );
-    const result = await getStats(mockCollectorFetchContext.soClient);
-
-    expect(result).toStrictEqual({
-      timeseries_use_last_value_mode_total: 5,
-      timeseries_use_es_indices_total: 4,
-      timeseries_table_use_aggregate_function: 2,
-      timeseries_types: {
-        gauge: 1,
-        markdown: 2,
-        metric: 0,
-        table: 2,
-        timeseries: 1,
-        top_n: 1,
-      },
-    });
-  });
-});
diff --git a/src/plugins/vis_types/timeseries/server/usage_collector/get_usage_collector.ts b/src/plugins/vis_types/timeseries/server/usage_collector/get_usage_collector.ts
deleted file mode 100644
index 1a6c060cd7f96..0000000000000
--- a/src/plugins/vis_types/timeseries/server/usage_collector/get_usage_collector.ts
+++ /dev/null
@@ -1,182 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0 and the Server Side Public License, v 1; you may not use this file except
- * in compliance with, at your election, the Elastic License 2.0 or the Server
- * Side Public License, v 1.
- */
-
-import { findByValueEmbeddables } from '@kbn/dashboard-plugin/server';
-
-import type {
-  SavedObjectsClientContract,
-  ISavedObjectsRepository,
-  SavedObjectsFindResult,
-} from '@kbn/core/server';
-import type { HomeServerPluginSetup } from '@kbn/home-plugin/server';
-import type { SavedVisState } from '@kbn/visualizations-plugin/common';
-import { TIME_RANGE_DATA_MODES } from '../../common/enums';
-import type { Panel } from '../../common/types';
-
-export interface TimeseriesUsage {
-  timeseries_use_last_value_mode_total: number;
-  timeseries_use_es_indices_total: number;
-  timeseries_table_use_aggregate_function: number;
-  timeseries_types: {
-    table: number;
-    gauge: number;
-    markdown: number;
-    top_n: number;
-    timeseries: number;
-    metric: number;
-  };
-}
-
-const doTelemetryFoVisualizations = async (
-  soClient: SavedObjectsClientContract | ISavedObjectsRepository,
-  calculateTelemetry: (savedVis: SavedVisState<Panel>) => void
-) => {
-  const finder = await soClient.createPointInTimeFinder({
-    type: 'visualization',
-    perPage: 1000,
-    namespaces: ['*'],
-  });
-
-  for await (const response of finder.find()) {
-    (response.saved_objects || []).forEach(({ attributes }: SavedObjectsFindResult<any>) => {
-      if (attributes?.visState) {
-        try {
-          const visState: SavedVisState<Panel> = JSON.parse(attributes.visState);
-
-          calculateTelemetry(visState);
-        } catch {
-          // nothing to be here, "so" not valid
-        }
-      }
-    });
-  }
-  await finder.close();
-};
-
-const doTelemetryForByValueVisualizations = async (
-  soClient: SavedObjectsClientContract | ISavedObjectsRepository,
-  telemetryUseLastValueMode: (savedVis: SavedVisState<Panel>) => void
-) => {
-  const byValueVisualizations = await findByValueEmbeddables(soClient, 'visualization');
-
-  for (const item of byValueVisualizations) {
-    telemetryUseLastValueMode(item.savedVis as unknown as SavedVisState<Panel>);
-  }
-};
-
-const getDefaultTSVBVisualizations = (home?: HomeServerPluginSetup) => {
-  const titles: string[] = [];
-  const sampleDataSets = home?.sampleData.getSampleDatasets() ?? [];
-
-  sampleDataSets.forEach((sampleDataSet) =>
-    sampleDataSet.savedObjects.forEach((savedObject) => {
-      try {
-        if (savedObject.type === 'visualization') {
-          const visState = JSON.parse(savedObject.attributes?.visState);
-
-          if (visState.type === 'metrics') {
-            titles.push(visState.title);
-          }
-        }
-      } catch (e) {
-        // Let it go, visState is invalid and we'll don't need to handle it
-      }
-    })
-  );
-
-  return titles;
-};
-
-export const getStats = async (
-  soClient: SavedObjectsClientContract | ISavedObjectsRepository,
-  home?: HomeServerPluginSetup
-): Promise<TimeseriesUsage | undefined> => {
-  const timeseriesUsage = {
-    timeseries_use_last_value_mode_total: 0,
-    timeseries_use_es_indices_total: 0,
-    timeseries_table_use_aggregate_function: 0,
-    timeseries_types: {
-      gauge: 0,
-      markdown: 0,
-      metric: 0,
-      table: 0,
-      timeseries: 0,
-      top_n: 0,
-    },
-  };
-
-  // we want to exclude the TSVB Sample Data visualizations from the stats
-  // in order to have more accurate results
-  const excludedFromStatsVisualizations = getDefaultTSVBVisualizations(home);
-
-  function telemetryUseLastValueMode(visState: SavedVisState<Panel>) {
-    if (
-      visState.type === 'metrics' &&
-      visState.params.type !== 'timeseries' &&
-      (!visState.params.time_range_mode ||
-        visState.params.time_range_mode === TIME_RANGE_DATA_MODES.LAST_VALUE) &&
-      !excludedFromStatsVisualizations.includes(visState.title)
-    ) {
-      timeseriesUsage.timeseries_use_last_value_mode_total++;
-    }
-  }
-
-  function telemetryUseESIndices(visState: SavedVisState<Panel>) {
-    if (
-      visState.type === 'metrics' &&
-      !visState.params.use_kibana_indexes &&
-      !excludedFromStatsVisualizations.includes(visState.title)
-    ) {
-      timeseriesUsage.timeseries_use_es_indices_total++;
-    }
-  }
-
-  function telemetryTableAggFunction(visState: SavedVisState<Panel>) {
-    if (
-      visState.type === 'metrics' &&
-      visState.params.type === 'table' &&
-      visState.params.series &&
-      visState.params.series.length > 0 &&
-      !excludedFromStatsVisualizations.includes(visState.title)
-    ) {
-      const usesAggregateFunction = visState.params.series.some(
-        (s) => s.aggregate_by && s.aggregate_function
-      );
-      if (usesAggregateFunction) {
-        timeseriesUsage.timeseries_table_use_aggregate_function++;
-      }
-    }
-  }
-
-  function telemetryPanelTypes(visState: SavedVisState<Panel>) {
-    if (visState.type === 'metrics' && !excludedFromStatsVisualizations.includes(visState.title)) {
-      timeseriesUsage.timeseries_types[visState.params.type]++;
-    }
-  }
-  await Promise.all([
-    // last value usage telemetry
-    doTelemetryFoVisualizations(soClient, telemetryUseLastValueMode),
-    doTelemetryForByValueVisualizations(soClient, telemetryUseLastValueMode),
-    // elasticsearch indices usage telemetry
-    doTelemetryFoVisualizations(soClient, telemetryUseESIndices),
-    doTelemetryForByValueVisualizations(soClient, telemetryUseESIndices),
-    //  table aggregate function telemetry
-    doTelemetryFoVisualizations(soClient, telemetryTableAggFunction),
-    doTelemetryForByValueVisualizations(soClient, telemetryTableAggFunction),
-    //  panel types usage telemetry
-    doTelemetryFoVisualizations(soClient, telemetryPanelTypes),
-    doTelemetryForByValueVisualizations(soClient, telemetryPanelTypes),
-  ]);
-
-  return timeseriesUsage.timeseries_use_last_value_mode_total ||
-    timeseriesUsage.timeseries_use_es_indices_total ||
-    timeseriesUsage.timeseries_table_use_aggregate_function ||
-    Object.values(timeseriesUsage.timeseries_types).some((visualizationCount) => visualizationCount)
-    ? timeseriesUsage
-    : undefined;
-};
diff --git a/src/plugins/vis_types/timeseries/server/usage_collector/index.ts b/src/plugins/vis_types/timeseries/server/usage_collector/index.ts
deleted file mode 100644
index 7f72662e154ea..0000000000000
--- a/src/plugins/vis_types/timeseries/server/usage_collector/index.ts
+++ /dev/null
@@ -1,9 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0 and the Server Side Public License, v 1; you may not use this file except
- * in compliance with, at your election, the Elastic License 2.0 or the Server
- * Side Public License, v 1.
- */
-
-export { registerTimeseriesUsageCollector } from './register_timeseries_collector';
diff --git a/src/plugins/vis_types/timeseries/server/usage_collector/register_timeseries_collector.test.ts b/src/plugins/vis_types/timeseries/server/usage_collector/register_timeseries_collector.test.ts
deleted file mode 100644
index 2c4f0f08d216c..0000000000000
--- a/src/plugins/vis_types/timeseries/server/usage_collector/register_timeseries_collector.test.ts
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0 and the Server Side Public License, v 1; you may not use this file except
- * in compliance with, at your election, the Elastic License 2.0 or the Server
- * Side Public License, v 1.
- */
-
-import { mockStats, mockGetStats } from './get_usage_collector.mock';
-import { createUsageCollectionSetupMock } from '@kbn/usage-collection-plugin/server/mocks';
-import { createCollectorFetchContextMock } from '@kbn/usage-collection-plugin/server/mocks';
-import { registerTimeseriesUsageCollector } from './register_timeseries_collector';
-
-describe('registerTimeseriesUsageCollector', () => {
-  it('makes a usage collector and registers it`', () => {
-    const mockCollectorSet = createUsageCollectionSetupMock();
-    registerTimeseriesUsageCollector(mockCollectorSet);
-    expect(mockCollectorSet.makeUsageCollector).toBeCalledTimes(1);
-    expect(mockCollectorSet.registerCollector).toBeCalledTimes(1);
-  });
-
-  it('makeUsageCollector configs fit the shape', () => {
-    const mockCollectorSet = createUsageCollectionSetupMock();
-    registerTimeseriesUsageCollector(mockCollectorSet);
-    expect(mockCollectorSet.makeUsageCollector).toHaveBeenCalledWith({
-      type: 'vis_type_timeseries',
-      isReady: expect.any(Function),
-      fetch: expect.any(Function),
-      schema: expect.any(Object),
-    });
-    const usageCollectorConfig = mockCollectorSet.makeUsageCollector.mock.calls[0][0];
-    expect(usageCollectorConfig.isReady()).toBe(true);
-  });
-
-  it('makeUsageCollector config.isReady returns true', () => {
-    const mockCollectorSet = createUsageCollectionSetupMock();
-    registerTimeseriesUsageCollector(mockCollectorSet);
-    const usageCollectorConfig = mockCollectorSet.makeUsageCollector.mock.calls[0][0];
-    expect(usageCollectorConfig.isReady()).toBe(true);
-  });
-
-  it('makeUsageCollector config.fetch calls getStats', async () => {
-    const mockCollectorSet = createUsageCollectionSetupMock();
-    registerTimeseriesUsageCollector(mockCollectorSet);
-    const usageCollector = mockCollectorSet.makeUsageCollector.mock.results[0].value;
-    const mockedCollectorFetchContext = createCollectorFetchContextMock();
-    const fetchResult = await usageCollector.fetch(mockedCollectorFetchContext);
-    expect(mockGetStats).toBeCalledTimes(1);
-    expect(mockGetStats).toBeCalledWith(mockedCollectorFetchContext.soClient, undefined);
-    expect(fetchResult).toBe(mockStats);
-  });
-});
diff --git a/src/plugins/vis_types/timeseries/server/usage_collector/register_timeseries_collector.ts b/src/plugins/vis_types/timeseries/server/usage_collector/register_timeseries_collector.ts
deleted file mode 100644
index d06bf7f3a64b5..0000000000000
--- a/src/plugins/vis_types/timeseries/server/usage_collector/register_timeseries_collector.ts
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0 and the Server Side Public License, v 1; you may not use this file except
- * in compliance with, at your election, the Elastic License 2.0 or the Server
- * Side Public License, v 1.
- */
-
-import type { UsageCollectionSetup } from '@kbn/usage-collection-plugin/server';
-import type { HomeServerPluginSetup } from '@kbn/home-plugin/server';
-import { getStats, TimeseriesUsage } from './get_usage_collector';
-
-export function registerTimeseriesUsageCollector(
-  collectorSet: UsageCollectionSetup,
-  home?: HomeServerPluginSetup
-) {
-  const collector = collectorSet.makeUsageCollector<TimeseriesUsage | undefined>({
-    type: 'vis_type_timeseries',
-    isReady: () => true,
-    schema: {
-      timeseries_use_last_value_mode_total: {
-        type: 'long',
-        _meta: { description: 'Number of TSVB visualizations using "last value" as a time range' },
-      },
-      timeseries_use_es_indices_total: {
-        type: 'long',
-        _meta: { description: 'Number of TSVB visualizations using elasticsearch indices' },
-      },
-      timeseries_table_use_aggregate_function: {
-        type: 'long',
-        _meta: { description: 'Number of TSVB table visualizations using aggregate function' },
-      },
-      timeseries_types: {
-        table: { type: 'long' },
-        gauge: { type: 'long' },
-        markdown: { type: 'long' },
-        top_n: { type: 'long' },
-        timeseries: { type: 'long' },
-        metric: { type: 'long' },
-      },
-    },
-    fetch: async ({ soClient }) => await getStats(soClient, home),
-  });
-
-  collectorSet.registerCollector(collector);
-}
diff --git a/src/plugins/vis_types/timeseries/tsconfig.json b/src/plugins/vis_types/timeseries/tsconfig.json
index 43d66c3bd030e..be96a71b9a580 100644
--- a/src/plugins/vis_types/timeseries/tsconfig.json
+++ b/src/plugins/vis_types/timeseries/tsconfig.json
@@ -23,7 +23,6 @@
     { "path": "../../dashboard/tsconfig.json" },
     { "path": "../../kibana_utils/tsconfig.json" },
     { "path": "../../kibana_react/tsconfig.json" },
-    { "path": "../../usage_collection/tsconfig.json" },
     { "path": "../../unified_search/tsconfig.json" }
   ]
 }
diff --git a/src/plugins/vis_types/vega/kibana.json b/src/plugins/vis_types/vega/kibana.json
index d3e0da54d848f..423f044aa3275 100644
--- a/src/plugins/vis_types/vega/kibana.json
+++ b/src/plugins/vis_types/vega/kibana.json
@@ -4,7 +4,7 @@
   "server": true,
   "ui": true,
   "requiredPlugins": ["data", "visualizations", "mapsEms", "expressions", "inspector", "dataViews"],
-  "optionalPlugins": ["home","usageCollection"],
+  "optionalPlugins": ["home"],
   "requiredBundles": ["kibanaUtils", "kibanaReact", "visDefaultEditor"],
   "owner": {
     "name": "Vis Editors",
diff --git a/src/plugins/vis_types/vega/server/plugin.ts b/src/plugins/vis_types/vega/server/plugin.ts
index e5e9bdaefe987..6f43a79c99262 100644
--- a/src/plugins/vis_types/vega/server/plugin.ts
+++ b/src/plugins/vis_types/vega/server/plugin.ts
@@ -7,25 +7,16 @@
  */
 
 import { PluginInitializerContext, CoreSetup, CoreStart, Plugin } from '@kbn/core/server';
-import { registerVegaUsageCollector } from './usage_collector';
 import {
-  ConfigObservable,
   VisTypeVegaPluginSetupDependencies,
   VisTypeVegaPluginSetup,
   VisTypeVegaPluginStart,
 } from './types';
 
 export class VisTypeVegaPlugin implements Plugin<VisTypeVegaPluginSetup, VisTypeVegaPluginStart> {
-  private readonly config: ConfigObservable;
-
-  constructor(initializerContext: PluginInitializerContext) {
-    this.config = initializerContext.config.legacy.globalConfig$;
-  }
+  constructor(initializerContext: PluginInitializerContext) {}
 
   public setup(core: CoreSetup, { home, usageCollection }: VisTypeVegaPluginSetupDependencies) {
-    if (usageCollection) {
-      registerVegaUsageCollector(usageCollection, this.config, { home });
-    }
     return {};
   }
 
diff --git a/src/plugins/vis_types/vega/server/usage_collector/get_usage_collector.mock.ts b/src/plugins/vis_types/vega/server/usage_collector/get_usage_collector.mock.ts
deleted file mode 100644
index bb52d215c67e8..0000000000000
--- a/src/plugins/vis_types/vega/server/usage_collector/get_usage_collector.mock.ts
+++ /dev/null
@@ -1,14 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0 and the Server Side Public License, v 1; you may not use this file except
- * in compliance with, at your election, the Elastic License 2.0 or the Server
- * Side Public License, v 1.
- */
-
-export const mockStats = { somestat: 1 };
-export const mockGetStats = jest.fn().mockResolvedValue(mockStats);
-
-jest.doMock('./get_usage_collector', () => ({
-  getStats: mockGetStats,
-}));
diff --git a/src/plugins/vis_types/vega/server/usage_collector/get_usage_collector.test.ts b/src/plugins/vis_types/vega/server/usage_collector/get_usage_collector.test.ts
deleted file mode 100644
index e7154ea2b7da6..0000000000000
--- a/src/plugins/vis_types/vega/server/usage_collector/get_usage_collector.test.ts
+++ /dev/null
@@ -1,148 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0 and the Server Side Public License, v 1; you may not use this file except
- * in compliance with, at your election, the Elastic License 2.0 or the Server
- * Side Public License, v 1.
- */
-
-import { getStats } from './get_usage_collector';
-import { createCollectorFetchContextMock } from '@kbn/usage-collection-plugin/server/mocks';
-import type { HomeServerPluginSetup } from '@kbn/home-plugin/server';
-import type { SavedObjectsClientContract } from '@kbn/core/server';
-
-const mockedSavedObjects = [
-  // vega-lite lib spec
-  {
-    attributes: {
-      visState: JSON.stringify({
-        type: 'vega',
-        params: {
-          spec: '{"$schema": "https://vega.github.io/schema/vega-lite/v5.json" }',
-        },
-      }),
-    },
-  },
-  // vega lib spec
-  {
-    attributes: {
-      visState: JSON.stringify({
-        type: 'vega',
-        params: {
-          spec: '{"$schema": "https://vega.github.io/schema/vega/v5.json" }',
-        },
-      }),
-    },
-  },
-  // map layout
-  {
-    attributes: {
-      visState: JSON.stringify({
-        type: 'vega',
-        params: {
-          spec: '{"$schema": "https://vega.github.io/schema/vega/v3.json" \n "config": { "kibana" : { "type": "map" }} }',
-        },
-      }),
-    },
-  },
-];
-
-const getMockCollectorFetchContext = (savedObjects?: unknown[]) => {
-  const fetchParamsMock = createCollectorFetchContextMock();
-
-  fetchParamsMock.soClient = {
-    createPointInTimeFinder: jest.fn().mockResolvedValue({
-      close: jest.fn(),
-      find: function* asyncGenerator() {
-        yield { saved_objects: savedObjects };
-      },
-    }),
-  } as unknown as SavedObjectsClientContract;
-
-  return fetchParamsMock;
-};
-
-describe('Vega visualization usage collector', () => {
-  const mockDeps = {
-    home: {
-      sampleData: {
-        getSampleDatasets: jest.fn().mockReturnValue([
-          {
-            savedObjects: [
-              {
-                type: 'visualization',
-                attributes: {
-                  visState: JSON.stringify({
-                    type: 'vega',
-                    title: 'sample vega visualization',
-                    params: {
-                      spec: '{"$schema": "https://vega.github.io/schema/vega/v5.json" }',
-                    },
-                  }),
-                },
-              },
-            ],
-          },
-        ]),
-      },
-    } as unknown as HomeServerPluginSetup,
-  };
-
-  test('Returns undefined when no results found (undefined)', async () => {
-    const result = await getStats(getMockCollectorFetchContext().soClient, mockDeps);
-
-    expect(result).toBeUndefined();
-  });
-
-  test('Returns undefined when no results found (0 results)', async () => {
-    const result = await getStats(getMockCollectorFetchContext([]).soClient, mockDeps);
-
-    expect(result).toBeUndefined();
-  });
-
-  test('Returns undefined when no vega saved objects found', async () => {
-    const mockCollectorFetchContext = getMockCollectorFetchContext([
-      {
-        _id: 'visualization:myvis-123',
-        _source: {
-          type: 'visualization',
-          visualization: { visState: '{"type": "area"}' },
-        },
-      },
-    ]);
-    const result = await getStats(mockCollectorFetchContext.soClient, mockDeps);
-
-    expect(result).toBeUndefined();
-  });
-
-  test('Should ingnore sample data visualizations', async () => {
-    const mockCollectorFetchContext = getMockCollectorFetchContext([
-      {
-        attributes: {
-          visState: JSON.stringify({
-            type: 'vega',
-            title: 'sample vega visualization',
-            params: {
-              spec: '{"$schema": "https://vega.github.io/schema/vega/v5.json" }',
-            },
-          }),
-        },
-      },
-    ]);
-
-    const result = await getStats(mockCollectorFetchContext.soClient, mockDeps);
-
-    expect(result).toBeUndefined();
-  });
-
-  test('Summarizes visualizations response data', async () => {
-    const mockCollectorFetchContext = getMockCollectorFetchContext(mockedSavedObjects);
-    const result = await getStats(mockCollectorFetchContext.soClient, mockDeps);
-
-    expect(result).toMatchObject({
-      vega_lib_specs_total: 2,
-      vega_lite_lib_specs_total: 1,
-      vega_use_map_total: 1,
-    });
-  });
-});
diff --git a/src/plugins/vis_types/vega/server/usage_collector/get_usage_collector.ts b/src/plugins/vis_types/vega/server/usage_collector/get_usage_collector.ts
deleted file mode 100644
index 21afe9f141b88..0000000000000
--- a/src/plugins/vis_types/vega/server/usage_collector/get_usage_collector.ts
+++ /dev/null
@@ -1,116 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0 and the Server Side Public License, v 1; you may not use this file except
- * in compliance with, at your election, the Elastic License 2.0 or the Server
- * Side Public License, v 1.
- */
-
-import { parse } from 'hjson';
-
-import type { SavedObjectsClientContract, SavedObjectsFindResult } from '@kbn/core/server';
-import type { SavedVisState } from '@kbn/visualizations-plugin/common';
-import type { VegaSavedObjectAttributes, VisTypeVegaPluginSetupDependencies } from '../types';
-
-type UsageCollectorDependencies = Pick<VisTypeVegaPluginSetupDependencies, 'home'>;
-type VegaType = 'vega' | 'vega-lite';
-
-export interface VegaUsage {
-  vega_lib_specs_total: number;
-  vega_lite_lib_specs_total: number;
-  vega_use_map_total: number;
-}
-
-function isVegaType(attributes: any): attributes is VegaSavedObjectAttributes {
-  return attributes && attributes.type === 'vega' && attributes.params?.spec;
-}
-
-const checkVegaSchemaType = (schemaURL: string, type: VegaType) =>
-  schemaURL.includes(`//vega.github.io/schema/${type}/`);
-
-const getDefaultVegaVisualizations = (home: UsageCollectorDependencies['home']) => {
-  const titles: string[] = [];
-  const sampleDataSets = home?.sampleData.getSampleDatasets() ?? [];
-
-  sampleDataSets.forEach((sampleDataSet) =>
-    sampleDataSet.savedObjects.forEach((savedObject) => {
-      try {
-        if (savedObject.type === 'visualization') {
-          const visState = JSON.parse(savedObject.attributes?.visState);
-
-          if (isVegaType(visState)) {
-            titles.push(visState.title);
-          }
-        }
-      } catch (e) {
-        // Let it go, visState is invalid and we'll don't need to handle it
-      }
-    })
-  );
-
-  return titles;
-};
-
-export const getStats = async (
-  soClient: SavedObjectsClientContract,
-  { home }: UsageCollectorDependencies
-): Promise<VegaUsage | undefined> => {
-  let shouldPublishTelemetry = false;
-
-  const vegaUsage = {
-    vega_lib_specs_total: 0,
-    vega_lite_lib_specs_total: 0,
-    vega_use_map_total: 0,
-  };
-
-  // we want to exclude the Vega Sample Data visualizations from the stats
-  // in order to have more accurate results
-  const excludedFromStatsVisualizations = getDefaultVegaVisualizations(home);
-
-  const finder = await soClient.createPointInTimeFinder({
-    type: 'visualization',
-    perPage: 1000,
-    namespaces: ['*'],
-  });
-
-  const doTelemetry = ({ params }: SavedVisState) => {
-    try {
-      const spec = parse(params.spec as string, { legacyRoot: false });
-
-      if (spec) {
-        shouldPublishTelemetry = true;
-
-        if (checkVegaSchemaType(spec.$schema, 'vega')) {
-          vegaUsage.vega_lib_specs_total++;
-        }
-        if (checkVegaSchemaType(spec.$schema, 'vega-lite')) {
-          vegaUsage.vega_lite_lib_specs_total++;
-        }
-        if (spec.config?.kibana?.type === 'map') {
-          vegaUsage.vega_use_map_total++;
-        }
-      }
-    } catch (e) {
-      // Let it go, the data is invalid and we'll don't need to handle it
-    }
-  };
-
-  for await (const response of finder.find()) {
-    (response.saved_objects || []).forEach(({ attributes }: SavedObjectsFindResult<any>) => {
-      if (attributes?.visState) {
-        try {
-          const visState: SavedVisState = JSON.parse(attributes.visState);
-
-          if (isVegaType(visState) && !excludedFromStatsVisualizations.includes(visState.title)) {
-            doTelemetry(visState);
-          }
-        } catch {
-          // nothing to be here, "so" not valid
-        }
-      }
-    });
-  }
-  await finder.close();
-
-  return shouldPublishTelemetry ? vegaUsage : undefined;
-};
diff --git a/src/plugins/vis_types/vega/server/usage_collector/index.ts b/src/plugins/vis_types/vega/server/usage_collector/index.ts
deleted file mode 100644
index 3e7903f960d64..0000000000000
--- a/src/plugins/vis_types/vega/server/usage_collector/index.ts
+++ /dev/null
@@ -1,9 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0 and the Server Side Public License, v 1; you may not use this file except
- * in compliance with, at your election, the Elastic License 2.0 or the Server
- * Side Public License, v 1.
- */
-
-export { registerVegaUsageCollector } from './register_vega_collector';
diff --git a/src/plugins/vis_types/vega/server/usage_collector/register_vega_collector.test.ts b/src/plugins/vis_types/vega/server/usage_collector/register_vega_collector.test.ts
deleted file mode 100644
index 098515d15d9df..0000000000000
--- a/src/plugins/vis_types/vega/server/usage_collector/register_vega_collector.test.ts
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0 and the Server Side Public License, v 1; you may not use this file except
- * in compliance with, at your election, the Elastic License 2.0 or the Server
- * Side Public License, v 1.
- */
-
-import {
-  createUsageCollectionSetupMock,
-  createCollectorFetchContextMock,
-} from '@kbn/usage-collection-plugin/server/mocks';
-import { mockStats, mockGetStats } from './get_usage_collector.mock';
-import { registerVegaUsageCollector } from './register_vega_collector';
-
-import type { HomeServerPluginSetup } from '@kbn/home-plugin/server';
-import type { ConfigObservable } from '../types';
-
-describe('registerVegaUsageCollector', () => {
-  const mockDeps = { home: {} as unknown as HomeServerPluginSetup };
-  const mockConfig = {} as ConfigObservable;
-
-  test('makes a usage collector and registers it`', () => {
-    const mockCollectorSet = createUsageCollectionSetupMock();
-    registerVegaUsageCollector(mockCollectorSet, mockConfig, mockDeps);
-    expect(mockCollectorSet.makeUsageCollector).toBeCalledTimes(1);
-    expect(mockCollectorSet.registerCollector).toBeCalledTimes(1);
-  });
-
-  test('makeUsageCollector configs fit the shape', () => {
-    const mockCollectorSet = createUsageCollectionSetupMock();
-    registerVegaUsageCollector(mockCollectorSet, mockConfig, mockDeps);
-    expect(mockCollectorSet.makeUsageCollector).toHaveBeenCalledWith({
-      type: 'vis_type_vega',
-      isReady: expect.any(Function),
-      fetch: expect.any(Function),
-      schema: expect.any(Object),
-    });
-    const usageCollectorConfig = mockCollectorSet.makeUsageCollector.mock.calls[0][0];
-    expect(usageCollectorConfig.isReady()).toBe(true);
-  });
-
-  test('makeUsageCollector config.isReady returns true', () => {
-    const mockCollectorSet = createUsageCollectionSetupMock();
-    registerVegaUsageCollector(mockCollectorSet, mockConfig, mockDeps);
-    const usageCollectorConfig = mockCollectorSet.makeUsageCollector.mock.calls[0][0];
-    expect(usageCollectorConfig.isReady()).toBe(true);
-  });
-
-  test('makeUsageCollector config.fetch calls getStats', async () => {
-    const mockCollectorSet = createUsageCollectionSetupMock();
-    registerVegaUsageCollector(mockCollectorSet, mockConfig, mockDeps);
-    const usageCollector = mockCollectorSet.makeUsageCollector.mock.results[0].value;
-    const mockedCollectorFetchContext = createCollectorFetchContextMock();
-    const fetchResult = await usageCollector.fetch(mockedCollectorFetchContext);
-    expect(mockGetStats).toBeCalledTimes(1);
-    expect(mockGetStats).toBeCalledWith(mockedCollectorFetchContext.soClient, mockDeps);
-    expect(fetchResult).toBe(mockStats);
-  });
-});
diff --git a/src/plugins/vis_types/vega/server/usage_collector/register_vega_collector.ts b/src/plugins/vis_types/vega/server/usage_collector/register_vega_collector.ts
deleted file mode 100644
index adf35f81396d1..0000000000000
--- a/src/plugins/vis_types/vega/server/usage_collector/register_vega_collector.ts
+++ /dev/null
@@ -1,30 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0 and the Server Side Public License, v 1; you may not use this file except
- * in compliance with, at your election, the Elastic License 2.0 or the Server
- * Side Public License, v 1.
- */
-
-import type { UsageCollectionSetup } from '@kbn/usage-collection-plugin/server';
-import { getStats, VegaUsage } from './get_usage_collector';
-import type { ConfigObservable, VisTypeVegaPluginSetupDependencies } from '../types';
-
-export function registerVegaUsageCollector(
-  collectorSet: UsageCollectionSetup,
-  config: ConfigObservable,
-  dependencies: Pick<VisTypeVegaPluginSetupDependencies, 'home'>
-) {
-  const collector = collectorSet.makeUsageCollector<VegaUsage | undefined>({
-    type: 'vis_type_vega',
-    isReady: () => true,
-    schema: {
-      vega_lib_specs_total: { type: 'long' },
-      vega_lite_lib_specs_total: { type: 'long' },
-      vega_use_map_total: { type: 'long' },
-    },
-    fetch: async ({ soClient }) => await getStats(soClient, dependencies),
-  });
-
-  collectorSet.registerCollector(collector);
-}
diff --git a/src/plugins/vis_types/vega/tsconfig.json b/src/plugins/vis_types/vega/tsconfig.json
index ccb4bbfb34454..7aa32cbda7201 100644
--- a/src/plugins/vis_types/vega/tsconfig.json
+++ b/src/plugins/vis_types/vega/tsconfig.json
@@ -23,7 +23,6 @@
     { "path": "../../expressions/tsconfig.json" },
     { "path": "../../inspector/tsconfig.json" },
     { "path": "../../home/tsconfig.json" },
-    { "path": "../../usage_collection/tsconfig.json" },
     { "path": "../../kibana_utils/tsconfig.json" },
     { "path": "../../kibana_react/tsconfig.json" },
     { "path": "../../vis_default_editor/tsconfig.json" },
diff --git a/src/plugins/vis_types/xy/public/editor/components/options/point_series/elastic_charts_options.tsx b/src/plugins/vis_types/xy/public/editor/components/options/point_series/elastic_charts_options.tsx
index 8a633e9bda53e..ed57c5427027b 100644
--- a/src/plugins/vis_types/xy/public/editor/components/options/point_series/elastic_charts_options.tsx
+++ b/src/plugins/vis_types/xy/public/editor/components/options/point_series/elastic_charts_options.tsx
@@ -9,20 +9,18 @@
 import React, { useState, useEffect } from 'react';
 import type { PaletteRegistry } from '@kbn/coloring';
 import { i18n } from '@kbn/i18n';
-import { METRIC_TYPE } from '@kbn/analytics';
 import { EuiFormRow, EuiRange } from '@elastic/eui';
 import { SelectOption, SwitchOption, PalettePicker } from '@kbn/vis-default-editor-plugin/public';
 
 import { ChartType } from '../../../../../common';
 import { VisParams } from '../../../../types';
 import { ValidationVisOptionsProps } from '../../common';
-import { getPalettesService, getTrackUiMetric } from '../../../../services';
+import { getPalettesService } from '../../../../services';
 import { getFittingFunctions } from '../../../collections';
 
 const fittingFunctions = getFittingFunctions();
 
 export function ElasticChartsOptions(props: ValidationVisOptionsProps<VisParams>) {
-  const trackUiMetric = getTrackUiMetric();
   const [palettesRegistry, setPalettesRegistry] = useState<PaletteRegistry | null>(null);
   const { stateParams, setValue, aggs } = props;
 
@@ -58,9 +56,6 @@ export function ElasticChartsOptions(props: ValidationVisOptionsProps<VisParams>
         paramName="detailedTooltip"
         value={stateParams.detailedTooltip}
         setValue={(paramName, value) => {
-          if (trackUiMetric) {
-            trackUiMetric(METRIC_TYPE.CLICK, 'detailed_tooltip_switched');
-          }
           setValue(paramName, value);
         }}
       />
@@ -75,9 +70,6 @@ export function ElasticChartsOptions(props: ValidationVisOptionsProps<VisParams>
           paramName="fittingFunction"
           value={stateParams.fittingFunction ?? fittingFunctions[2].value}
           setValue={(paramName, value) => {
-            if (trackUiMetric) {
-              trackUiMetric(METRIC_TYPE.CLICK, 'fitting_function_selected');
-            }
             setValue(paramName, value);
           }}
         />
@@ -89,9 +81,6 @@ export function ElasticChartsOptions(props: ValidationVisOptionsProps<VisParams>
           activePalette={stateParams.palette}
           paramName="palette"
           setPalette={(paramName, value) => {
-            if (trackUiMetric) {
-              trackUiMetric(METRIC_TYPE.CLICK, 'palette_selected');
-            }
             setValue(paramName, value);
           }}
         />
diff --git a/src/plugins/vis_types/xy/public/editor/components/options/point_series/point_series.test.tsx b/src/plugins/vis_types/xy/public/editor/components/options/point_series/point_series.test.tsx
index dbd1bed390574..ae8327c6c9df0 100644
--- a/src/plugins/vis_types/xy/public/editor/components/options/point_series/point_series.test.tsx
+++ b/src/plugins/vis_types/xy/public/editor/components/options/point_series/point_series.test.tsx
@@ -16,7 +16,6 @@ import { ChartType } from '../../../../../common';
 import { getAggs, getVis, getStateParams } from './point_series.mocks';
 
 jest.mock('../../../../services', () => ({
-  getTrackUiMetric: jest.fn(() => null),
   getPalettesService: jest.fn(() => {
     return {
       getPalettes: jest.fn(),
diff --git a/src/plugins/vis_types/xy/public/plugin.ts b/src/plugins/vis_types/xy/public/plugin.ts
index 00b036594e4d4..81689401a8750 100644
--- a/src/plugins/vis_types/xy/public/plugin.ts
+++ b/src/plugins/vis_types/xy/public/plugin.ts
@@ -19,7 +19,6 @@ import {
   setUISettings,
   setDocLinks,
   setPalettesService,
-  setTrackUiMetric,
   setActiveCursor,
 } from './services';
 
@@ -85,9 +84,6 @@ export class VisTypeXyPlugin
     expressions.registerFunction(expressionFunctions.visScale);
 
     visTypesDefinitions.forEach(visualizations.createBaseVisualization);
-
-    setTrackUiMetric(usageCollection?.reportUiCounter.bind(usageCollection, 'vis_type_xy'));
-
     return {};
   }
 
diff --git a/src/plugins/vis_types/xy/public/services.ts b/src/plugins/vis_types/xy/public/services.ts
index 6ee38238c9cf4..b8a4cc94294d0 100644
--- a/src/plugins/vis_types/xy/public/services.ts
+++ b/src/plugins/vis_types/xy/public/services.ts
@@ -6,7 +6,6 @@
  * Side Public License, v 1.
  */
 
-import { UiCounterMetricType } from '@kbn/analytics';
 import { CoreSetup, DocLinksStart } from '@kbn/core/public';
 import { createGetterSetter } from '@kbn/kibana-utils-plugin/public';
 import { DataPublicPluginStart } from '@kbn/data-plugin/public';
@@ -31,8 +30,3 @@ export const [getPalettesService, setPalettesService] =
   createGetterSetter<ChartsPluginSetup['palettes']>('xy charts.palette');
 
 export const [getDocLinks, setDocLinks] = createGetterSetter<DocLinksStart>('DocLinks');
-
-export const [getTrackUiMetric, setTrackUiMetric] =
-  createGetterSetter<(metricType: UiCounterMetricType, eventName: string | string[]) => void>(
-    'trackUiMetric'
-  );
diff --git a/src/plugins/visualizations/kibana.json b/src/plugins/visualizations/kibana.json
index 9223f36b36816..62627208561da 100644
--- a/src/plugins/visualizations/kibana.json
+++ b/src/plugins/visualizations/kibana.json
@@ -18,7 +18,7 @@
     "dataViews",
     "dataViewEditor"
   ],
-  "optionalPlugins": ["home", "share", "usageCollection", "spaces", "savedObjectsTaggingOss"],
+  "optionalPlugins": ["home", "share", "spaces", "savedObjectsTaggingOss"],
   "requiredBundles": ["kibanaUtils", "discover", "kibanaReact"],
   "extraPublicDirs": ["common/constants", "common/utils", "common/expression_functions"],
   "owner": {
diff --git a/src/plugins/visualizations/public/mocks.ts b/src/plugins/visualizations/public/mocks.ts
index f8975b705caf6..49a083647fbf8 100644
--- a/src/plugins/visualizations/public/mocks.ts
+++ b/src/plugins/visualizations/public/mocks.ts
@@ -14,7 +14,6 @@ import { expressionsPluginMock } from '@kbn/expressions-plugin/public/mocks';
 import { dataPluginMock } from '@kbn/data-plugin/public/mocks';
 import { dataViewPluginMocks } from '@kbn/data-views-plugin/public/mocks';
 import { indexPatternEditorPluginMock } from '@kbn/data-view-editor-plugin/public/mocks';
-import { usageCollectionPluginMock } from '@kbn/usage-collection-plugin/public/mocks';
 import { uiActionsPluginMock } from '@kbn/ui-actions-plugin/public/mocks';
 import { inspectorPluginMock } from '@kbn/inspector-plugin/public/mocks';
 import { savedObjectsPluginMock } from '@kbn/saved-objects-plugin/public/mocks';
@@ -52,7 +51,6 @@ const createInstance = async () => {
     embeddable: embeddablePluginMock.createSetupContract(),
     expressions: expressionsPluginMock.createSetupContract(),
     inspector: inspectorPluginMock.createSetupContract(),
-    usageCollection: usageCollectionPluginMock.createSetupContract(),
     urlForwarding: urlForwardingPluginMock.createSetupContract(),
     uiActions: uiActionsPluginMock.createSetupContract(),
   });
diff --git a/src/plugins/visualizations/public/plugin.ts b/src/plugins/visualizations/public/plugin.ts
index 7c704a8916af8..2bd233a5db049 100644
--- a/src/plugins/visualizations/public/plugin.ts
+++ b/src/plugins/visualizations/public/plugin.ts
@@ -33,7 +33,6 @@ import type {
   ApplicationStart,
   SavedObjectsClientContract,
 } from '@kbn/core/public';
-import type { UsageCollectionSetup } from '@kbn/usage-collection-plugin/public';
 import type { UiActionsStart, UiActionsSetup } from '@kbn/ui-actions-plugin/public';
 import type { SavedObjectsStart } from '@kbn/saved-objects-plugin/public';
 import type { FieldFormatsStart } from '@kbn/field-formats-plugin/public';
@@ -50,7 +49,6 @@ import type { NavigationPublicPluginStart as NavigationStart } from '@kbn/naviga
 import type { SharePluginSetup, SharePluginStart } from '@kbn/share-plugin/public';
 import type { UrlForwardingSetup, UrlForwardingStart } from '@kbn/url-forwarding-plugin/public';
 import type { PresentationUtilPluginStart } from '@kbn/presentation-util-plugin/public';
-import type { UsageCollectionStart } from '@kbn/usage-collection-plugin/public';
 import type { ScreenshotModePluginStart } from '@kbn/screenshot-mode-plugin/public';
 import type { HomePublicPluginSetup } from '@kbn/home-plugin/public';
 import type { SpacesPluginStart } from '@kbn/spaces-plugin/public';
@@ -78,7 +76,6 @@ import {
   setHttp,
   setSearch,
   setSavedObjects,
-  setUsageCollector,
   setExpressions,
   setUiActions,
   setTimeFilter,
@@ -112,7 +109,6 @@ export interface VisualizationsSetupDeps {
   expressions: ExpressionsSetup;
   inspector: InspectorSetup;
   uiActions: UiActionsSetup;
-  usageCollection: UsageCollectionSetup;
   urlForwarding: UrlForwardingSetup;
   home?: HomePublicPluginSetup;
   share?: SharePluginSetup;
@@ -136,7 +132,6 @@ export interface VisualizationsStartDeps {
   savedObjectsTaggingOss?: SavedObjectTaggingOssPluginStart;
   share?: SharePluginStart;
   urlForwarding: UrlForwardingStart;
-  usageCollection?: UsageCollectionStart;
   screenshotMode: ScreenshotModePluginStart;
   fieldFormats: FieldFormatsStart;
 }
@@ -171,7 +166,6 @@ export class VisualizationsPlugin
     {
       expressions,
       embeddable,
-      usageCollection,
       data,
       home,
       urlForwarding,
@@ -289,7 +283,6 @@ export class VisualizationsPlugin
           setHeaderActionMenu: params.setHeaderActionMenu,
           savedObjectsTagging: pluginsStart.savedObjectsTaggingOss?.getTaggingApi(),
           presentationUtil: pluginsStart.presentationUtil,
-          usageCollection: pluginsStart.usageCollection,
           getKibanaVersion: () => this.initializerContext.env.packageInfo.version,
           spaces: pluginsStart.spaces,
           visEditorsRegistry,
@@ -335,7 +328,6 @@ export class VisualizationsPlugin
     }
 
     setUISettings(core.uiSettings);
-    setUsageCollector(usageCollection);
     setTheme(core.theme);
 
     expressions.registerFunction(rangeExpressionFunction);
@@ -361,7 +353,6 @@ export class VisualizationsPlugin
       savedObjects,
       spaces,
       savedObjectsTaggingOss,
-      usageCollection,
       fieldFormats,
     }: VisualizationsStartDeps
   ): VisualizationsStart {
diff --git a/src/plugins/visualizations/public/services.ts b/src/plugins/visualizations/public/services.ts
index df2ed019c308b..f87597b07462b 100644
--- a/src/plugins/visualizations/public/services.ts
+++ b/src/plugins/visualizations/public/services.ts
@@ -20,7 +20,6 @@ import type {
   ExecutionContextSetup,
 } from '@kbn/core/public';
 import type { DataPublicPluginStart, TimefilterContract } from '@kbn/data-plugin/public';
-import type { UsageCollectionSetup } from '@kbn/usage-collection-plugin/public';
 import type { ExpressionsStart } from '@kbn/expressions-plugin/public';
 import type { FieldFormatsStart } from '@kbn/field-formats-plugin/public';
 import type { UiActionsStart } from '@kbn/ui-actions-plugin/public';
@@ -54,11 +53,6 @@ export const [getTimeFilter, setTimeFilter] = createGetterSetter<TimefilterContr
 
 export const [getSearch, setSearch] = createGetterSetter<DataPublicPluginStart['search']>('Search');
 
-export const [getUsageCollector, setUsageCollector] = createGetterSetter<UsageCollectionSetup>(
-  'UsageCollection',
-  false
-);
-
 export const [getExpressions, setExpressions] = createGetterSetter<ExpressionsStart>('Expressions');
 
 export const [getUiActions, setUiActions] = createGetterSetter<UiActionsStart>('UiActions');
diff --git a/src/plugins/visualizations/public/visualize_app/types.ts b/src/plugins/visualizations/public/visualize_app/types.ts
index cf46e0fc4ff1e..e7e213d3a6416 100644
--- a/src/plugins/visualizations/public/visualize_app/types.ts
+++ b/src/plugins/visualizations/public/visualize_app/types.ts
@@ -37,7 +37,6 @@ import type { UrlForwardingStart } from '@kbn/url-forwarding-plugin/public';
 import type { PresentationUtilPluginStart } from '@kbn/presentation-util-plugin/public';
 import type { SpacesPluginStart } from '@kbn/spaces-plugin/public';
 import type { SavedObjectsTaggingApi } from '@kbn/saved-objects-tagging-oss-plugin/public';
-import type { UsageCollectionStart } from '@kbn/usage-collection-plugin/public';
 import type { SavedSearch } from '@kbn/discover-plugin/public';
 import type {
   Vis,
@@ -107,7 +106,6 @@ export interface VisualizeServices extends CoreStart {
   setHeaderActionMenu: AppMountParameters['setHeaderActionMenu'];
   savedObjectsTagging?: SavedObjectsTaggingApi;
   presentationUtil: PresentationUtilPluginStart;
-  usageCollection?: UsageCollectionStart;
   getKibanaVersion: () => string;
   spaces?: SpacesPluginStart;
   theme: ThemeServiceStart;
diff --git a/src/plugins/visualizations/public/visualize_app/utils/get_table_columns.tsx b/src/plugins/visualizations/public/visualize_app/utils/get_table_columns.tsx
index 5775d4e5bf535..a2b75d5868b64 100644
--- a/src/plugins/visualizations/public/visualize_app/utils/get_table_columns.tsx
+++ b/src/plugins/visualizations/public/visualize_app/utils/get_table_columns.tsx
@@ -7,7 +7,6 @@
  */
 
 import React from 'react';
-import { METRIC_TYPE } from '@kbn/analytics';
 import {
   EuiBetaBadge,
   EuiButton,
@@ -25,16 +24,6 @@ import type { SavedObjectsTaggingApi } from '@kbn/saved-objects-tagging-oss-plug
 import { RedirectAppLinks } from '@kbn/kibana-react-plugin/public';
 import { VisualizationListItem } from '../..';
 import { getVisualizeListItemLink } from './get_visualize_list_item_link';
-import { getUsageCollector } from '../../services';
-import { VISUALIZE_APP_NAME } from '../../../common/constants';
-
-const doTelemetryForAddEvent = (visType?: string) => {
-  const usageCollection = getUsageCollector();
-
-  if (usageCollection && visType) {
-    usageCollection.reportUiCounter(VISUALIZE_APP_NAME, METRIC_TYPE.CLICK, `${visType}:add`);
-  }
-};
 
 const getBadge = (item: VisualizationListItem) => {
   if (item.stage === 'beta') {
@@ -106,12 +95,8 @@ export const getTableColumns = (
         // In case an error occurs i.e. the vis has wrong type, we render the vis but without the link
         !error ? (
           <RedirectAppLinks application={application} className="visListingTable__titleLink">
-            {/* eslint-disable-next-line @elastic/eui/href-or-on-click */}
             <EuiLink
               href={getVisualizeListItemLink(application, kbnUrlStateStorage, editApp, editUrl)}
-              onClick={() => {
-                doTelemetryForAddEvent(typeof type === 'string' ? type : type?.name);
-              }}
               data-test-subj={`visListingTitleLink-${title.split(' ').join('-')}`}
             >
               {field}
diff --git a/src/plugins/visualizations/public/visualize_app/utils/get_top_nav_config.tsx b/src/plugins/visualizations/public/visualize_app/utils/get_top_nav_config.tsx
index 0fb7f9b818260..8b9b42201a442 100644
--- a/src/plugins/visualizations/public/visualize_app/utils/get_top_nav_config.tsx
+++ b/src/plugins/visualizations/public/visualize_app/utils/get_top_nav_config.tsx
@@ -9,7 +9,6 @@
 import React from 'react';
 import moment from 'moment';
 import { i18n } from '@kbn/i18n';
-import { METRIC_TYPE } from '@kbn/analytics';
 import { EuiBetaBadgeProps } from '@elastic/eui';
 import { parse } from 'query-string';
 
@@ -40,7 +39,7 @@ import {
   VisualizeAppStateContainer,
   VisualizeEditorVisInstance,
 } from '../types';
-import { VISUALIZE_APP_NAME, VisualizeConstants } from '../../../common/constants';
+import { VisualizeConstants } from '../../../common/constants';
 import { getEditBreadcrumbs } from './breadcrumbs';
 import { VISUALIZE_APP_LOCATOR, VisualizeLocatorParams } from '../../../common/locator';
 import { getUiActions } from '../../services';
@@ -121,7 +120,6 @@ export const getTopNavConfig = (
     i18n: { Context: I18nContext },
     savedObjectsTagging,
     presentationUtil,
-    usageCollection,
     getKibanaVersion,
     savedObjects,
   }: VisualizeServices
@@ -129,16 +127,6 @@ export const getTopNavConfig = (
   const { vis, embeddableHandler } = visInstance;
   const savedVis = visInstance.savedVis;
 
-  const doTelemetryForSaveEvent = (visType: string) => {
-    if (usageCollection) {
-      usageCollection.reportUiCounter(
-        originatingApp ?? VISUALIZE_APP_NAME,
-        METRIC_TYPE.CLICK,
-        `${visType}:save`
-      );
-    }
-  };
-
   /**
    * Called when the user clicks "Save" button.
    */
@@ -523,8 +511,6 @@ export const getTopNavConfig = (
                   return { id: true };
                 }
 
-                doTelemetryForSaveEvent(vis.type.name);
-
                 // We're adding the viz to a library so we need to save it and then
                 // add to a dashboard if necessary
                 const response = await doSave(saveOptions);
@@ -642,8 +628,6 @@ export const getTopNavConfig = (
               }
             },
             run: async () => {
-              doTelemetryForSaveEvent(vis.type.name);
-
               if (!savedVis?.id) {
                 return createVisReference();
               }
diff --git a/src/plugins/visualizations/public/wizard/new_vis_modal.tsx b/src/plugins/visualizations/public/wizard/new_vis_modal.tsx
index 839ba364719a2..4ceb93b7ec061 100644
--- a/src/plugins/visualizations/public/wizard/new_vis_modal.tsx
+++ b/src/plugins/visualizations/public/wizard/new_vis_modal.tsx
@@ -18,7 +18,6 @@ import {
   SavedObjectsStart,
   DocLinksStart,
 } from '@kbn/core/public';
-import { UsageCollectionSetup } from '@kbn/usage-collection-plugin/public';
 import { EmbeddableStateTransfer } from '@kbn/embeddable-plugin/public';
 import { SearchSelection } from './search_selection';
 import { GroupSelection } from './group_selection';
@@ -36,7 +35,6 @@ interface TypeSelectionProps {
   uiSettings: IUiSettingsClient;
   docLinks: DocLinksStart;
   savedObjects: SavedObjectsStart;
-  usageCollection?: UsageCollectionSetup;
   application: ApplicationStart;
   outsideVisualizeApp?: boolean;
   stateTransfer?: EmbeddableStateTransfer;
@@ -75,11 +73,6 @@ class NewVisModal extends React.Component<TypeSelectionProps, TypeSelectionState
       showGroups: !this.props.showAggsSelection,
       visType: this.props.selectedVisType,
     };
-
-    this.trackUiMetric = this.props.usageCollection?.reportUiCounter.bind(
-      this.props.usageCollection,
-      'visualize'
-    );
   }
 
   public render() {
diff --git a/src/plugins/visualizations/public/wizard/show_new_vis.tsx b/src/plugins/visualizations/public/wizard/show_new_vis.tsx
index 2df53fbfd078e..b702cb5aa4209 100644
--- a/src/plugins/visualizations/public/wizard/show_new_vis.tsx
+++ b/src/plugins/visualizations/public/wizard/show_new_vis.tsx
@@ -16,7 +16,6 @@ import {
   getSavedObjects,
   getTypes,
   getUISettings,
-  getUsageCollector,
   getApplication,
   getEmbeddable,
   getDocLinks,
@@ -83,7 +82,6 @@ export function showNewVisModal({
             addBasePath={getHttp().basePath.prepend}
             uiSettings={getUISettings()}
             savedObjects={getSavedObjects()}
-            usageCollection={getUsageCollector()}
             application={getApplication()}
             docLinks={getDocLinks()}
             showAggsSelection={showAggsSelection}
diff --git a/src/plugins/visualizations/server/plugin.ts b/src/plugins/visualizations/server/plugin.ts
index 09ba5c2699519..cc444a18b723a 100644
--- a/src/plugins/visualizations/server/plugin.ts
+++ b/src/plugins/visualizations/server/plugin.ts
@@ -17,10 +17,8 @@ import type {
   Plugin,
   Logger,
 } from '@kbn/core/server';
-import type { UsageCollectionSetup } from '@kbn/usage-collection-plugin/server';
 import type { EmbeddableSetup } from '@kbn/embeddable-plugin/server';
 import { VISUALIZE_ENABLE_LABS_SETTING } from '../common/constants';
-import { registerVisualizationsCollector } from './usage_collector';
 import { capabilitiesProvider } from './capabilities_provider';
 
 import type { VisualizationsPluginSetup, VisualizationsPluginStart } from './types';
@@ -39,7 +37,6 @@ export class VisualizationsPlugin
   public setup(
     core: CoreSetup,
     plugins: {
-      usageCollection?: UsageCollectionSetup;
       embeddable: EmbeddableSetup;
       data: DataPluginSetup;
     }
@@ -66,10 +63,6 @@ export class VisualizationsPlugin
       },
     });
 
-    if (plugins.usageCollection) {
-      registerVisualizationsCollector(plugins.usageCollection);
-    }
-
     plugins.embeddable.registerEmbeddableFactory(
       makeVisualizeEmbeddableFactory(getSearchSourceMigrations)()
     );
diff --git a/src/plugins/visualizations/server/usage_collector/get_past_days.test.ts b/src/plugins/visualizations/server/usage_collector/get_past_days.test.ts
deleted file mode 100644
index bdcef507742bf..0000000000000
--- a/src/plugins/visualizations/server/usage_collector/get_past_days.test.ts
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0 and the Server Side Public License, v 1; you may not use this file except
- * in compliance with, at your election, the Elastic License 2.0 or the Server
- * Side Public License, v 1.
- */
-
-import moment from 'moment';
-import { getPastDays } from './get_past_days';
-
-describe('getPastDays', () => {
-  test('Returns 2 days that have passed from the current date', () => {
-    const pastDate = moment().subtract(2, 'days').startOf('day').toString();
-
-    expect(getPastDays(pastDate)).toEqual(2);
-  });
-
-  test('Returns 30 days that have passed from the current date', () => {
-    const pastDate = moment().subtract(30, 'days').startOf('day').toString();
-
-    expect(getPastDays(pastDate)).toEqual(30);
-  });
-});
diff --git a/src/plugins/visualizations/server/usage_collector/get_past_days.ts b/src/plugins/visualizations/server/usage_collector/get_past_days.ts
deleted file mode 100644
index 2ffd09ba3c7d9..0000000000000
--- a/src/plugins/visualizations/server/usage_collector/get_past_days.ts
+++ /dev/null
@@ -1,14 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0 and the Server Side Public License, v 1; you may not use this file except
- * in compliance with, at your election, the Elastic License 2.0 or the Server
- * Side Public License, v 1.
- */
-
-export const getPastDays = (dateString: string): number => {
-  const date = new Date(dateString);
-  const today = new Date();
-  const diff = Math.abs(date.getTime() - today.getTime());
-  return Math.trunc(diff / (1000 * 60 * 60 * 24));
-};
diff --git a/src/plugins/visualizations/server/usage_collector/get_usage_collector.mock.ts b/src/plugins/visualizations/server/usage_collector/get_usage_collector.mock.ts
deleted file mode 100644
index b1dca4f7f71e4..0000000000000
--- a/src/plugins/visualizations/server/usage_collector/get_usage_collector.mock.ts
+++ /dev/null
@@ -1,13 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0 and the Server Side Public License, v 1; you may not use this file except
- * in compliance with, at your election, the Elastic License 2.0 or the Server
- * Side Public License, v 1.
- */
-
-export const mockStats = { somestat: 1 };
-export const mockGetStats = jest.fn().mockResolvedValue(mockStats);
-jest.doMock('./get_usage_collector', () => ({
-  getStats: mockGetStats,
-}));
diff --git a/src/plugins/visualizations/server/usage_collector/get_usage_collector.test.ts b/src/plugins/visualizations/server/usage_collector/get_usage_collector.test.ts
deleted file mode 100644
index 38e0036feec24..0000000000000
--- a/src/plugins/visualizations/server/usage_collector/get_usage_collector.test.ts
+++ /dev/null
@@ -1,168 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0 and the Server Side Public License, v 1; you may not use this file except
- * in compliance with, at your election, the Elastic License 2.0 or the Server
- * Side Public License, v 1.
- */
-
-import moment from 'moment';
-import { getStats } from './get_usage_collector';
-import type { SavedObjectsClientContract } from '@kbn/core/server';
-
-const defaultMockSavedObjects = [
-  {
-    id: 'visualization:coolviz-123',
-    attributes: { visState: '{"type": "shell_beads"}' },
-    updated_at: moment().subtract(7, 'days').startOf('day').toString(),
-  },
-];
-
-const enlargedMockSavedObjects = [
-  // default space
-  {
-    id: 'visualization:coolviz-123',
-    namespaces: ['default'],
-    attributes: { visState: '{"type": "cave_painting"}' },
-    updated_at: moment().subtract(7, 'days').startOf('day').toString(),
-  },
-  {
-    id: 'visualization:coolviz-456',
-    namespaces: ['default'],
-    attributes: { visState: '{"type": "printing_press"}' },
-    updated_at: moment().subtract(20, 'days').startOf('day').toString(),
-  },
-  {
-    id: 'meat:visualization:coolviz-789',
-    namespaces: ['default'],
-    attributes: { visState: '{"type": "floppy_disk"}' },
-    updated_at: moment().subtract(2, 'months').startOf('day').toString(),
-  },
-  // meat space
-  {
-    id: 'meat:visualization:coolviz-789',
-    namespaces: ['meat'],
-    attributes: { visState: '{"type": "cave_painting"}' },
-    updated_at: moment().subtract(89, 'days').startOf('day').toString(),
-  },
-  {
-    id: 'meat:visualization:coolviz-789',
-    namespaces: ['meat'],
-    attributes: { visState: '{"type": "cuneiform"}' },
-    updated_at: moment().subtract(5, 'months').startOf('day').toString(),
-  },
-  {
-    id: 'meat:visualization:coolviz-789',
-    namespaces: ['meat'],
-    attributes: { visState: '{"type": "cuneiform"}' },
-    updated_at: moment().subtract(2, 'days').startOf('day').toString(),
-  },
-  {
-    id: 'meat:visualization:coolviz-789',
-    attributes: { visState: '{"type": "floppy_disk"}' },
-    updated_at: moment().subtract(7, 'days').startOf('day').toString(),
-  },
-  // cyber space
-  {
-    id: 'cyber:visualization:coolviz-789',
-    namespaces: ['cyber'],
-    attributes: { visState: '{"type": "floppy_disk"}' },
-    updated_at: moment().subtract(7, 'months').startOf('day').toString(),
-  },
-  {
-    id: 'cyber:visualization:coolviz-789',
-    namespaces: ['cyber'],
-    attributes: { visState: '{"type": "floppy_disk"}' },
-    updated_at: moment().subtract(3, 'days').startOf('day').toString(),
-  },
-  {
-    id: 'cyber:visualization:coolviz-123',
-    namespaces: ['cyber'],
-    attributes: { visState: '{"type": "cave_painting"}' },
-    updated_at: moment().subtract(15, 'days').startOf('day').toString(),
-  },
-];
-
-describe('Visualizations usage collector', () => {
-  const getMockCallCluster = (savedObjects: unknown[]) =>
-    ({
-      createPointInTimeFinder: jest.fn().mockResolvedValue({
-        close: jest.fn(),
-        find: function* asyncGenerator() {
-          yield { saved_objects: savedObjects };
-        },
-      }),
-    } as unknown as SavedObjectsClientContract);
-
-  test('Returns undefined when no results found (undefined)', async () => {
-    const result = await getStats(getMockCallCluster(undefined as any));
-
-    expect(result).toBeUndefined();
-  });
-
-  test('Returns undefined when no results found (0 results)', async () => {
-    const result = await getStats(getMockCallCluster([]));
-    expect(result).toBeUndefined();
-  });
-
-  test('Summarizes visualizations response data', async () => {
-    const result = await getStats(getMockCallCluster(defaultMockSavedObjects));
-
-    expect(result).toMatchObject({
-      shell_beads: {
-        spaces_avg: 1,
-        spaces_max: 1,
-        spaces_min: 1,
-        total: 1,
-        saved_7_days_total: 1,
-        saved_30_days_total: 1,
-        saved_90_days_total: 1,
-      },
-    });
-  });
-
-  test('Summarizes visualizations response data per Space', async () => {
-    const expectedStats = {
-      cave_painting: {
-        total: 3,
-        spaces_min: 1,
-        spaces_max: 1,
-        spaces_avg: 1,
-        saved_7_days_total: 1,
-        saved_30_days_total: 2,
-        saved_90_days_total: 3,
-      },
-      printing_press: {
-        total: 1,
-        spaces_min: 1,
-        spaces_max: 1,
-        spaces_avg: 1,
-        saved_7_days_total: 0,
-        saved_30_days_total: 1,
-        saved_90_days_total: 1,
-      },
-      cuneiform: {
-        total: 2,
-        spaces_min: 2,
-        spaces_max: 2,
-        spaces_avg: 2,
-        saved_7_days_total: 1,
-        saved_30_days_total: 1,
-        saved_90_days_total: 1,
-      },
-      floppy_disk: {
-        total: 4,
-        spaces_min: 2,
-        spaces_max: 2,
-        spaces_avg: 2,
-        saved_7_days_total: 2,
-        saved_30_days_total: 2,
-        saved_90_days_total: 3,
-      },
-    };
-
-    const result = await getStats(getMockCallCluster(enlargedMockSavedObjects));
-
-    expect(result).toMatchObject(expectedStats);
-  });
-});
diff --git a/src/plugins/visualizations/server/usage_collector/get_usage_collector.ts b/src/plugins/visualizations/server/usage_collector/get_usage_collector.ts
deleted file mode 100644
index f53b4b01864c5..0000000000000
--- a/src/plugins/visualizations/server/usage_collector/get_usage_collector.ts
+++ /dev/null
@@ -1,83 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0 and the Server Side Public License, v 1; you may not use this file except
- * in compliance with, at your election, the Elastic License 2.0 or the Server
- * Side Public License, v 1.
- */
-
-import { countBy, groupBy, mapValues, max, min, values } from 'lodash';
-import type { SavedObjectsClientContract, SavedObjectsFindResult } from '@kbn/core/server';
-import { getPastDays } from './get_past_days';
-
-import type { SavedVisState } from '../../common';
-
-interface VisSummary {
-  type: string;
-  space: string;
-  past_days: number;
-}
-
-export interface VisualizationUsage {
-  [x: string]: {
-    total: number;
-    spaces_min?: number;
-    spaces_max?: number;
-    spaces_avg: number;
-    saved_7_days_total: number;
-    saved_30_days_total: number;
-    saved_90_days_total: number;
-  };
-}
-
-/*
- * Parse the response data into telemetry payload
- */
-export async function getStats(
-  soClient: SavedObjectsClientContract
-): Promise<VisualizationUsage | undefined> {
-  const finder = await soClient.createPointInTimeFinder({
-    type: 'visualization',
-    perPage: 1000,
-    namespaces: ['*'],
-  });
-
-  const visSummaries: VisSummary[] = [];
-
-  for await (const response of finder.find()) {
-    (response.saved_objects || []).forEach((so: SavedObjectsFindResult<any>) => {
-      if (so.attributes?.visState) {
-        const visState: SavedVisState = JSON.parse(so.attributes.visState);
-
-        visSummaries.push({
-          type: visState.type ?? '_na_',
-          space: so.namespaces?.[0] ?? 'default',
-          past_days: getPastDays(so.updated_at!),
-        });
-      }
-    });
-  }
-  await finder.close();
-
-  if (visSummaries.length) {
-    // organize stats per type
-    const visTypes = groupBy(visSummaries, 'type');
-
-    // get the final result
-    return mapValues(visTypes, (curr) => {
-      const total = curr.length;
-      const spacesBreakdown = countBy(curr, 'space');
-      const spaceCounts: number[] = values(spacesBreakdown);
-
-      return {
-        total,
-        spaces_min: min(spaceCounts),
-        spaces_max: max(spaceCounts),
-        spaces_avg: total / spaceCounts.length,
-        saved_7_days_total: curr.filter((c) => c.past_days <= 7).length,
-        saved_30_days_total: curr.filter((c) => c.past_days <= 30).length,
-        saved_90_days_total: curr.filter((c) => c.past_days <= 90).length,
-      };
-    });
-  }
-}
diff --git a/src/plugins/visualizations/server/usage_collector/index.ts b/src/plugins/visualizations/server/usage_collector/index.ts
deleted file mode 100644
index ca19d049b31ad..0000000000000
--- a/src/plugins/visualizations/server/usage_collector/index.ts
+++ /dev/null
@@ -1,9 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0 and the Server Side Public License, v 1; you may not use this file except
- * in compliance with, at your election, the Elastic License 2.0 or the Server
- * Side Public License, v 1.
- */
-
-export { registerVisualizationsCollector } from './register_visualizations_collector';
diff --git a/src/plugins/visualizations/server/usage_collector/register_visualizations_collector.test.ts b/src/plugins/visualizations/server/usage_collector/register_visualizations_collector.test.ts
deleted file mode 100644
index 9f0fbd6571cde..0000000000000
--- a/src/plugins/visualizations/server/usage_collector/register_visualizations_collector.test.ts
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0 and the Server Side Public License, v 1; you may not use this file except
- * in compliance with, at your election, the Elastic License 2.0 or the Server
- * Side Public License, v 1.
- */
-import {
-  createUsageCollectionSetupMock,
-  createCollectorFetchContextMock,
-} from '@kbn/usage-collection-plugin/server/mocks';
-import { mockStats, mockGetStats } from './get_usage_collector.mock';
-import { registerVisualizationsCollector } from './register_visualizations_collector';
-
-describe('registerVisualizationsCollector', () => {
-  test('makes a usage collector and registers it`', () => {
-    const mockCollectorSet = createUsageCollectionSetupMock();
-    registerVisualizationsCollector(mockCollectorSet);
-    expect(mockCollectorSet.makeUsageCollector).toBeCalledTimes(1);
-    expect(mockCollectorSet.registerCollector).toBeCalledTimes(1);
-  });
-
-  test('makeUsageCollector configs fit the shape', () => {
-    const mockCollectorSet = createUsageCollectionSetupMock();
-    registerVisualizationsCollector(mockCollectorSet);
-    expect(mockCollectorSet.makeUsageCollector).toHaveBeenCalledWith({
-      type: 'visualization_types',
-      isReady: expect.any(Function),
-      fetch: expect.any(Function),
-      schema: expect.any(Object),
-    });
-    const usageCollectorConfig = mockCollectorSet.makeUsageCollector.mock.calls[0][0];
-    expect(usageCollectorConfig.isReady()).toBe(true);
-  });
-
-  test('makeUsageCollector config.isReady returns true', () => {
-    const mockCollectorSet = createUsageCollectionSetupMock();
-    registerVisualizationsCollector(mockCollectorSet);
-    const usageCollectorConfig = mockCollectorSet.makeUsageCollector.mock.calls[0][0];
-    expect(usageCollectorConfig.isReady()).toBe(true);
-  });
-
-  test('makeUsageCollector config.fetch calls getStats', async () => {
-    const mockCollectorSet = createUsageCollectionSetupMock();
-    registerVisualizationsCollector(mockCollectorSet);
-    const usageCollector = mockCollectorSet.makeUsageCollector.mock.results[0].value;
-    const mockCollectorFetchContext = createCollectorFetchContextMock();
-    const fetchResult = await usageCollector.fetch(mockCollectorFetchContext);
-    expect(mockGetStats).toBeCalledTimes(1);
-    expect(mockGetStats).toBeCalledWith(mockCollectorFetchContext.soClient);
-    expect(fetchResult).toBe(mockStats);
-  });
-});
diff --git a/src/plugins/visualizations/server/usage_collector/register_visualizations_collector.ts b/src/plugins/visualizations/server/usage_collector/register_visualizations_collector.ts
deleted file mode 100644
index bf00e83be4b87..0000000000000
--- a/src/plugins/visualizations/server/usage_collector/register_visualizations_collector.ts
+++ /dev/null
@@ -1,30 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0 and the Server Side Public License, v 1; you may not use this file except
- * in compliance with, at your election, the Elastic License 2.0 or the Server
- * Side Public License, v 1.
- */
-
-import type { UsageCollectionSetup } from '@kbn/usage-collection-plugin/server';
-import { getStats, VisualizationUsage } from './get_usage_collector';
-
-export function registerVisualizationsCollector(collectorSet: UsageCollectionSetup) {
-  const collector = collectorSet.makeUsageCollector<VisualizationUsage | undefined>({
-    type: 'visualization_types',
-    isReady: () => true,
-    schema: {
-      DYNAMIC_KEY: {
-        total: { type: 'long' },
-        spaces_min: { type: 'long' },
-        spaces_max: { type: 'long' },
-        spaces_avg: { type: 'long' },
-        saved_7_days_total: { type: 'long' },
-        saved_30_days_total: { type: 'long' },
-        saved_90_days_total: { type: 'long' },
-      },
-    },
-    fetch: async ({ soClient }) => await getStats(soClient),
-  });
-  collectorSet.registerCollector(collector);
-}
diff --git a/src/plugins/visualizations/tsconfig.json b/src/plugins/visualizations/tsconfig.json
index 9a9cb97d63764..e44374e23f623 100644
--- a/src/plugins/visualizations/tsconfig.json
+++ b/src/plugins/visualizations/tsconfig.json
@@ -22,7 +22,6 @@
     { "path": "../inspector/tsconfig.json" },
     { "path": "../saved_objects/tsconfig.json" },
     { "path": "../saved_objects_tagging_oss/tsconfig.json" },
-    { "path": "../usage_collection/tsconfig.json" },
     { "path": "../kibana_utils/tsconfig.json" },
     { "path": "../kibana_react/tsconfig.json" },
     { "path": "../discover/tsconfig.json" },

From ee3cfb6d7504585a0c704100c3000aff1defa3f7 Mon Sep 17 00:00:00 2001
From: Tetiana Kravchenko <tanya.kravchenko.v@gmail.com>
Date: Mon, 25 Jul 2022 12:08:04 +0200
Subject: [PATCH 11/12] elastic-agent manifests: align with elastic-agent repo;
 add comments (#136394)

* elastic-agent manifests: align with elastic-agent repo; add comments

Signed-off-by: Tetiana Kravchenko <tetiana.kravchenko@elastic.co>

* ad links to the elastic documentation

Signed-off-by: Tetiana Kravchenko <tetiana.kravchenko@elastic.co>

* elastic-agent manifests: align with elastic-agent repo; add comments

Signed-off-by: Tetiana Kravchenko <tetiana.kravchenko@elastic.co>

* ad links to the elastic documentation

Signed-off-by: Tetiana Kravchenko <tetiana.kravchenko@elastic.co>

* update comment on FLEET_ENROLLMENT_TOKEN

Signed-off-by: Tetiana Kravchenko <tetiana.kravchenko@elastic.co>

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
---
 .../server/services/elastic_agent_manifest.ts | 96 ++++++++++++-------
 1 file changed, 64 insertions(+), 32 deletions(-)

diff --git a/x-pack/plugins/fleet/server/services/elastic_agent_manifest.ts b/x-pack/plugins/fleet/server/services/elastic_agent_manifest.ts
index 9921a2d97cdd9..5d5693fcbe93e 100644
--- a/x-pack/plugins/fleet/server/services/elastic_agent_manifest.ts
+++ b/x-pack/plugins/fleet/server/services/elastic_agent_manifest.ts
@@ -6,6 +6,7 @@
  */
 
 export const elasticAgentStandaloneManifest = `---
+# For more information refer to https://www.elastic.co/guide/en/fleet/current/running-on-kubernetes-standalone.html
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
@@ -22,6 +23,8 @@ spec:
       labels:
         app: elastic-agent
     spec:
+      # Tolerations are needed to run Elastic Agent on Kubernetes master nodes.
+      # Agents running on master nodes collect metrics from the control plane components (scheduler, controller manager) of Kubernetes
       tolerations:
         - key: node-role.kubernetes.io/master
           effect: NoSchedule
@@ -37,8 +40,11 @@ spec:
             "-d", "'*'",
           ]
           env:
+            # The basic authentication username used to connect to Elasticsearch
+            # This user needs the privileges required to publish events to Elasticsearch.
             - name: ES_USERNAME
               value: "elastic"
+            # The basic authentication password used to connect to Elasticsearch
             - name: ES_PASSWORD
               value: "changeme"
             - name: NODE_NAME
@@ -67,6 +73,7 @@ spec:
               readOnly: true
             - name: etc-kubernetes
               mountPath: /hostfs/etc/kubernetes
+              readOnly: true
             - name: var-lib
               mountPath: /hostfs/var/lib
               readOnly: true
@@ -85,7 +92,7 @@ spec:
             - name: group
               mountPath: /hostfs/etc/group
               readOnly: true
-            - name: systemd
+            - name: etcsysmd
               mountPath: /hostfs/etc/systemd
               readOnly: true
       volumes:
@@ -96,15 +103,19 @@ spec:
         - name: proc
           hostPath:
             path: /proc
+        # Needed for cloudbeat
         - name: etc-kubernetes
           hostPath:
             path: /etc/kubernetes
+        # Needed for cloudbeat
         - name: var-lib
           hostPath:
             path: /var/lib
+        # Needed for cloudbeat
         - name: passwd
           hostPath:
             path: /etc/passwd
+        # Needed for cloudbeat
         - name: group
           hostPath:
             path: /etc/group
@@ -117,7 +128,8 @@ spec:
         - name: varlog
           hostPath:
             path: /var/log
-        - name: systemd
+        # Needed for cloudbeat
+        - name: etcsysmd
           hostPath:
             path: /etc/systemd
 ---
@@ -177,6 +189,7 @@ rules:
       - pods
       - services
       - configmaps
+      # Needed for cloudbeat
       - serviceaccounts
       - persistentvolumes
       - persistentvolumeclaims
@@ -208,12 +221,12 @@ rules:
       - nodes/stats
     verbs:
       - get
-  # required for apiserver
+  # Needed for apiserver
   - nonResourceURLs:
       - "/metrics"
     verbs:
       - get
-  # required for cloudbeat
+  # Needed for cloudbeat
   - apiGroups: ["rbac.authorization.k8s.io"]
     resources:
       - clusterrolebindings
@@ -221,11 +234,7 @@ rules:
       - rolebindings
       - roles
     verbs: ["get", "list", "watch"]
-  - apiGroups: ["networking.k8s.io"]
-    resources:
-      - ingressclasses
-      - ingresses
-    verbs: ["get", "list", "watch"]
+    # Needed for cloudbeat
   - apiGroups: ["policy"]
     resources:
       - podsecuritypolicies
@@ -235,7 +244,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   name: elastic-agent
-  # should be the namespace where elastic-agent is running
+  # Should be the namespace where elastic-agent is running
   namespace: kube-system
   labels:
     k8s-app: elastic-agent
@@ -272,6 +281,7 @@ metadata:
 `;
 
 export const elasticAgentManagedManifest = `---
+# For more information refer to https://www.elastic.co/guide/en/fleet/current/running-on-kubernetes-managed-by-fleet.html
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
@@ -288,31 +298,41 @@ spec:
       labels:
         app: elastic-agent
     spec:
+      # Tolerations are needed to run Elastic Agent on Kubernetes master nodes.
+      # Agents running on master nodes collect metrics from the control plane components (scheduler, controller manager) of Kubernetes
       tolerations:
         - key: node-role.kubernetes.io/master
           effect: NoSchedule
       serviceAccountName: elastic-agent
       hostNetwork: true
+      # 'hostPID: true' enables the Elastic Security integration to observe all process exec events on the host.
+      # Sharing the host process ID namespace gives visibility of all processes running on the same host.
+      hostPID: true
       dnsPolicy: ClusterFirstWithHostNet
       containers:
         - name: elastic-agent
           image: docker.elastic.co/beats/elastic-agent:VERSION
           env:
+            # Set to 1 for enrollment into Fleet server. If not set, Elastic Agent is run in standalone mode
             - name: FLEET_ENROLL
               value: "1"
-            # Set to true in case of insecure or unverified HTTP
+            # Set to true to communicate with Fleet with either insecure HTTP or unverified HTTPS
             - name: FLEET_INSECURE
               value: "true"
-              # The ip:port pair of fleet server
+            # Fleet Server URL to enroll the Elastic Agent into
+            # FLEET_URL can be found in Kibana, go to Management > Fleet > Settings
             - name: FLEET_URL
               value: "https://fleet-server:8220"
-              # If left empty KIBANA_HOST, KIBANA_FLEET_USERNAME, KIBANA_FLEET_PASSWORD are needed
+            # Elasticsearch API key used to enroll Elastic Agents in Fleet (https://www.elastic.co/guide/en/fleet/current/fleet-enrollment-tokens.html#fleet-enrollment-tokens)
+            # If FLEET_ENROLLMENT_TOKEN is empty then KIBANA_HOST, KIBANA_FLEET_USERNAME, KIBANA_FLEET_PASSWORD are needed
             - name: FLEET_ENROLLMENT_TOKEN
               value: "token-id"
             - name: KIBANA_HOST
               value: "http://kibana:5601"
+            # The basic authentication username used to connect to Kibana and retrieve a service_token to enable Fleet
             - name: KIBANA_FLEET_USERNAME
               value: "elastic"
+            # The basic authentication password used to connect to Kibana and retrieve a service_token to enable Fleet
             - name: KIBANA_FLEET_PASSWORD
               value: "changeme"
             - name: NODE_NAME
@@ -337,6 +357,7 @@ spec:
               readOnly: true
             - name: etc-kubernetes
               mountPath: /hostfs/etc/kubernetes
+              readOnly: true
             - name: var-lib
               mountPath: /hostfs/var/lib
               readOnly: true
@@ -355,37 +376,51 @@ spec:
             - name: group
               mountPath: /hostfs/etc/group
               readOnly: true
-            - name: systemd
+            - name: etcsysmd
               mountPath: /hostfs/etc/systemd
               readOnly: true
+            - name: etc-mid
+              mountPath: /etc/machine-id
+              readOnly: true
       volumes:
         - name: proc
           hostPath:
             path: /proc
+        - name: cgroup
+          hostPath:
+            path: /sys/fs/cgroup
+        - name: varlibdockercontainers
+          hostPath:
+            path: /var/lib/docker/containers
+        - name: varlog
+          hostPath:
+            path: /var/log
+        # Needed for cloudbeat
         - name: etc-kubernetes
           hostPath:
             path: /etc/kubernetes
+        # Needed for cloudbeat
         - name: var-lib
           hostPath:
             path: /var/lib
+        # Needed for cloudbeat
         - name: passwd
           hostPath:
             path: /etc/passwd
+        # Needed for cloudbeat
         - name: group
           hostPath:
             path: /etc/group
-        - name: cgroup
-          hostPath:
-            path: /sys/fs/cgroup
-        - name: varlibdockercontainers
-          hostPath:
-            path: /var/lib/docker/containers
-        - name: varlog
-          hostPath:
-            path: /var/log
-        - name: systemd
+        # Needed for cloudbeat
+        - name: etcsysmd
           hostPath:
             path: /etc/systemd
+        # Mount /etc/machine-id from the host to determine host ID
+        # Needed for Elastic Security integration
+        - name: etc-mid
+          hostPath:
+            path: /etc/machine-id
+            type: File
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -443,6 +478,7 @@ rules:
       - pods
       - services
       - configmaps
+      # Needed for cloudbeat
       - serviceaccounts
       - persistentvolumes
       - persistentvolumeclaims
@@ -474,12 +510,12 @@ rules:
       - jobs
       - cronjobs
     verbs: [ "get", "list", "watch" ]
-  # required for apiserver
+  # Needed for apiserver
   - nonResourceURLs:
       - "/metrics"
     verbs:
       - get
-  # required for cloudbeat
+  # Needed for cloudbeat
   - apiGroups: ["rbac.authorization.k8s.io"]
     resources:
       - clusterrolebindings
@@ -487,11 +523,7 @@ rules:
       - rolebindings
       - roles
     verbs: ["get", "list", "watch"]
-  - apiGroups: ["networking.k8s.io"]
-    resources:
-      - ingressclasses
-      - ingresses
-    verbs: ["get", "list", "watch"]
+  # Needed for cloudbeat
   - apiGroups: ["policy"]
     resources:
       - podsecuritypolicies
@@ -501,7 +533,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   name: elastic-agent
-  # should be the namespace where elastic-agent is running
+  # Should be the namespace where elastic-agent is running
   namespace: kube-system
   labels:
     k8s-app: elastic-agent

From 51816a06317040dcd6a41ae55cbbff606f75a414 Mon Sep 17 00:00:00 2001
From: Alexey Antonov <alexwizp@gmail.com>
Date: Mon, 25 Jul 2022 13:09:29 +0300
Subject: [PATCH 12/12] [Step 2] VisEditors Telemetry enhancements (remove
 legacy Lens telemetries) (#135684)

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Joe Reuter <johannes.reuter@elastic.co>
---
 .../lens/public/app_plugin/lens_top_nav.tsx   |   3 -
 .../lens/public/app_plugin/mounter.tsx        |  12 +-
 .../app_plugin/save_modal_container.tsx       |   9 -
 .../lens/public/app_plugin/settings_menu.tsx  |   3 -
 x-pack/plugins/lens/public/async_services.ts  |   1 -
 .../lens/public/drag_drop/drag_drop.tsx       |   3 -
 .../config_panel/config_panel.tsx             |   2 -
 .../editor_frame/config_panel/layer_panel.tsx |   2 -
 .../editor_frame/editor_frame.tsx             |   2 -
 .../editor_frame/suggestion_panel.tsx         |   4 -
 .../workspace_panel/chart_switch.tsx          |   3 -
 .../workspace_panel/workspace_panel.tsx       |   6 +-
 .../change_indexpattern.tsx                   |   2 -
 .../indexpattern_datasource/datapanel.tsx     |   7 -
 .../dimension_panel/dimension_editor.tsx      |   6 -
 .../droppable/on_drop_handler.ts              |  13 -
 .../dimension_panel/field_select.tsx          |   2 -
 .../dimension_panel/reference_editor.tsx      |   2 -
 .../indexpattern_datasource/field_item.tsx    |   2 -
 .../indexpattern_datasource/help_popover.tsx  |  13 +-
 .../formula/editor/formula_editor.tsx         |   5 -
 .../public/lens_ui_telemetry/factory.test.ts  | 110 ---
 .../lens/public/lens_ui_telemetry/factory.ts  | 129 ---
 .../lens/public/lens_ui_telemetry/index.ts    |   8 -
 x-pack/plugins/lens/public/plugin.ts          |  13 +-
 .../subscribe_to_external_context.ts          |   2 -
 .../xy_config_panel/layer_header.tsx          |   2 -
 x-pack/plugins/lens/server/plugin.tsx         |  27 +-
 x-pack/plugins/lens/server/routes/index.ts    |   2 -
 .../plugins/lens/server/routes/telemetry.ts   |  93 ---
 .../plugins/lens/server/usage/collectors.ts   | 119 ---
 x-pack/plugins/lens/server/usage/index.ts     |   9 -
 .../lens/server/usage/multiterms_count.ts     | 106 ---
 .../usage/saved_objects_metric_factory.ts     |  84 --
 x-pack/plugins/lens/server/usage/schema.ts    | 262 ------
 x-pack/plugins/lens/server/usage/task.ts      | 215 -----
 x-pack/plugins/lens/server/usage/types.ts     |  47 --
 .../lens/server/usage/visualization_counts.ts |  73 --
 .../schema/xpack_plugins.json                 | 752 ------------------
 .../test/api_integration/apis/lens/index.ts   |   1 -
 .../api_integration/apis/lens/telemetry.ts    | 200 -----
 41 files changed, 7 insertions(+), 2349 deletions(-)
 delete mode 100644 x-pack/plugins/lens/public/lens_ui_telemetry/factory.test.ts
 delete mode 100644 x-pack/plugins/lens/public/lens_ui_telemetry/factory.ts
 delete mode 100644 x-pack/plugins/lens/public/lens_ui_telemetry/index.ts
 delete mode 100644 x-pack/plugins/lens/server/routes/telemetry.ts
 delete mode 100644 x-pack/plugins/lens/server/usage/collectors.ts
 delete mode 100644 x-pack/plugins/lens/server/usage/index.ts
 delete mode 100644 x-pack/plugins/lens/server/usage/multiterms_count.ts
 delete mode 100644 x-pack/plugins/lens/server/usage/saved_objects_metric_factory.ts
 delete mode 100644 x-pack/plugins/lens/server/usage/schema.ts
 delete mode 100644 x-pack/plugins/lens/server/usage/task.ts
 delete mode 100644 x-pack/plugins/lens/server/usage/types.ts
 delete mode 100644 x-pack/plugins/lens/server/usage/visualization_counts.ts
 delete mode 100644 x-pack/test/api_integration/apis/lens/telemetry.ts

diff --git a/x-pack/plugins/lens/public/app_plugin/lens_top_nav.tsx b/x-pack/plugins/lens/public/app_plugin/lens_top_nav.tsx
index f8dba39f20dd9..5dd2368d2b83a 100644
--- a/x-pack/plugins/lens/public/app_plugin/lens_top_nav.tsx
+++ b/x-pack/plugins/lens/public/app_plugin/lens_top_nav.tsx
@@ -15,7 +15,6 @@ import { tableHasFormulas } from '@kbn/data-plugin/common';
 import { exporters, getEsQueryConfig } from '@kbn/data-plugin/public';
 import type { DataView } from '@kbn/data-views-plugin/public';
 import { useKibana } from '@kbn/kibana-react-plugin/public';
-import { trackUiEvent } from '../lens_ui_telemetry';
 import type { StateSetter } from '../types';
 import {
   LensAppServices,
@@ -559,7 +558,6 @@ export const LensTopNavMenu = ({
       const currentRange = data.query.timefilter.timefilter.getTime();
       if (dateRange.from !== currentRange.from || dateRange.to !== currentRange.to) {
         data.query.timefilter.timefilter.setTime(dateRange);
-        trackUiEvent('app_date_change');
       } else {
         // Query has changed, renew the session id.
         // recalculate resolvedDateRange (relevant for relative time range)
@@ -567,7 +565,6 @@ export const LensTopNavMenu = ({
           searchSessionId: data.search.session.start(),
           resolvedDateRange: getResolvedDateRange(data.query.timefilter.timefilter),
         });
-        trackUiEvent('app_query_change');
       }
       if (newQuery) {
         if (!isEqual(newQuery, query)) {
diff --git a/x-pack/plugins/lens/public/app_plugin/mounter.tsx b/x-pack/plugins/lens/public/app_plugin/mounter.tsx
index 8502485f374e1..17e2ae3e0b2ed 100644
--- a/x-pack/plugins/lens/public/app_plugin/mounter.tsx
+++ b/x-pack/plugins/lens/public/app_plugin/mounter.tsx
@@ -29,7 +29,6 @@ import { ACTION_CONVERT_TO_LENS } from '@kbn/visualizations-plugin/public';
 import { KibanaContextProvider, KibanaThemeProvider } from '@kbn/kibana-react-plugin/public';
 import { EuiLoadingSpinner } from '@elastic/eui';
 import { syncQueryStateWithUrl } from '@kbn/data-plugin/public';
-import { LensReportManager, setReportManager, trackUiEvent } from '../lens_ui_telemetry';
 
 import { App } from './app';
 import { EditorFrameStart, LensTopNavMenuEntryGenerator } from '../types';
@@ -134,7 +133,7 @@ export async function mountApp(
 
   const lensServices = await getLensServices(coreStart, startDependencies, attributeService);
 
-  const { stateTransfer, data, storage } = lensServices;
+  const { stateTransfer, data } = lensServices;
 
   const embeddableEditorIncomingState = stateTransfer?.getIncomingEditorState(APP_ID);
 
@@ -154,13 +153,6 @@ export async function mountApp(
     i18n.translate('xpack.lens.pageTitle', { defaultMessage: 'Lens' })
   );
 
-  setReportManager(
-    new LensReportManager({
-      http: core.http,
-      storage,
-    })
-  );
-
   const getInitialInput = (id?: string, editByValue?: boolean): LensEmbeddableInput | undefined => {
     if (editByValue) {
       return embeddableEditorIncomingState?.valueInput as LensByValueInput;
@@ -282,7 +274,6 @@ export async function mountApp(
           initCallback();
         })();
       }, [initCallback, initialInput, props.history, redirectCallback]);
-      trackUiEvent('loaded');
 
       if (editorState === 'loading') {
         return <EuiLoadingSpinner />;
@@ -343,7 +334,6 @@ export async function mountApp(
   };
 
   function NotFound() {
-    trackUiEvent('loaded_404');
     return <FormattedMessage id="xpack.lens.app404" defaultMessage="404 Not Found" />;
   }
   // dispatch synthetic hash change event to update hash history objects
diff --git a/x-pack/plugins/lens/public/app_plugin/save_modal_container.tsx b/x-pack/plugins/lens/public/app_plugin/save_modal_container.tsx
index 9107141f655de..6769010d8f721 100644
--- a/x-pack/plugins/lens/public/app_plugin/save_modal_container.tsx
+++ b/x-pack/plugins/lens/public/app_plugin/save_modal_container.tsx
@@ -7,7 +7,6 @@
 
 import React, { useEffect, useState } from 'react';
 import { i18n } from '@kbn/i18n';
-import { METRIC_TYPE } from '@kbn/analytics';
 import { isFilterPinned } from '@kbn/es-query';
 
 import type { SavedObjectReference } from '@kbn/core/public';
@@ -17,7 +16,6 @@ import type { SaveProps } from './app';
 import { Document, checkForDuplicateTitle } from '../persistence';
 import type { LensByReferenceInput, LensEmbeddableInput } from '../embeddable';
 import { APP_ID, getFullPath, LENS_EMBEDDABLE_TYPE } from '../../common';
-import { trackUiEvent } from '../lens_ui_telemetry';
 import type { LensAppState } from '../state_management';
 import { getPersisted } from '../state_management/init_middleware/load_initial';
 
@@ -200,7 +198,6 @@ export const runSaveLensVisualization = async (
   const {
     chrome,
     initialInput,
-    originatingApp,
     lastKnownDoc,
     persistedDoc,
     savedObjectsClient,
@@ -208,7 +205,6 @@ export const runSaveLensVisualization = async (
     notifications,
     stateTransfer,
     attributeService,
-    usageCollection,
     savedObjectsTagging,
     getIsByValueMode,
     redirectToOrigin,
@@ -221,10 +217,6 @@ export const runSaveLensVisualization = async (
     return;
   }
 
-  if (usageCollection) {
-    usageCollection.reportUiCounter(originatingApp || 'visualize', METRIC_TYPE.CLICK, 'lens:save');
-  }
-
   let references = lastKnownDoc.references;
 
   if (savedObjectsTagging) {
@@ -345,7 +337,6 @@ export const runSaveLensVisualization = async (
   } catch (e) {
     // eslint-disable-next-line no-console
     console.dir(e);
-    trackUiEvent('save_failed');
     throw e;
   }
 };
diff --git a/x-pack/plugins/lens/public/app_plugin/settings_menu.tsx b/x-pack/plugins/lens/public/app_plugin/settings_menu.tsx
index cf5d00585090b..e4cd670286ef6 100644
--- a/x-pack/plugins/lens/public/app_plugin/settings_menu.tsx
+++ b/x-pack/plugins/lens/public/app_plugin/settings_menu.tsx
@@ -24,7 +24,6 @@ import {
   useLensDispatch,
   useLensSelector,
 } from '../state_management';
-import { trackUiEvent } from '../lens_ui_telemetry';
 import { writeToStorage } from '../settings_storage';
 import { AUTO_APPLY_DISABLED_STORAGE_KEY } from '../editor_frame_service/editor_frame/workspace_panel/workspace_panel_wrapper';
 
@@ -46,8 +45,6 @@ export function SettingsMenu({
   const dispatch = useLensDispatch();
 
   const toggleAutoApply = useCallback(() => {
-    trackUiEvent('toggle_autoapply');
-
     writeToStorage(
       new Storage(localStorage),
       AUTO_APPLY_DISABLED_STORAGE_KEY,
diff --git a/x-pack/plugins/lens/public/async_services.ts b/x-pack/plugins/lens/public/async_services.ts
index 09b434c648418..7c691dc431ab6 100644
--- a/x-pack/plugins/lens/public/async_services.ts
+++ b/x-pack/plugins/lens/public/async_services.ts
@@ -37,5 +37,4 @@ export * from './editor_frame_service';
 export * from './embeddable';
 export * from './app_plugin/mounter';
 export * from './lens_attribute_service';
-export * from './lens_ui_telemetry';
 export * from './app_plugin/save_modal_container';
diff --git a/x-pack/plugins/lens/public/drag_drop/drag_drop.tsx b/x-pack/plugins/lens/public/drag_drop/drag_drop.tsx
index d8a526380cd6d..83854b8328651 100644
--- a/x-pack/plugins/lens/public/drag_drop/drag_drop.tsx
+++ b/x-pack/plugins/lens/public/drag_drop/drag_drop.tsx
@@ -23,7 +23,6 @@ import {
   announce,
   Ghost,
 } from './providers';
-import { trackUiEvent } from '../lens_ui_telemetry';
 import { DropType } from '../types';
 
 export type DroppableEvent = React.DragEvent<HTMLElement>;
@@ -385,7 +384,6 @@ const DragInner = memo(function DragInner({
 
   const dropToActiveDropTarget = () => {
     if (activeDropTarget) {
-      trackUiEvent('drop_total');
       const { dropType, humanData, onDrop: onTargetDrop } = activeDropTarget;
       setTimeout(() => setA11yMessage(announce.dropped(value.humanData, humanData, dropType)));
       onTargetDrop(value, dropType);
@@ -953,7 +951,6 @@ const ReorderableDrop = memo(function ReorderableDrop(
     setKeyboardMode(false);
 
     if (onDrop && dragging) {
-      trackUiEvent('drop_total');
       onDrop(dragging, 'reorder');
       // setTimeout ensures it will run after dragEnd messaging
       setTimeout(() =>
diff --git a/x-pack/plugins/lens/public/editor_frame_service/editor_frame/config_panel/config_panel.tsx b/x-pack/plugins/lens/public/editor_frame_service/editor_frame/config_panel/config_panel.tsx
index e00998a507cc2..ce4fbbba70236 100644
--- a/x-pack/plugins/lens/public/editor_frame_service/editor_frame/config_panel/config_panel.tsx
+++ b/x-pack/plugins/lens/public/editor_frame_service/editor_frame/config_panel/config_panel.tsx
@@ -14,7 +14,6 @@ import {
 } from '@kbn/unified-search-plugin/public';
 import { Visualization } from '../../../types';
 import { LayerPanel } from './layer_panel';
-import { trackUiEvent } from '../../../lens_ui_telemetry';
 import { generateId } from '../../../id_generator';
 import { ConfigPanelWrapperProps } from './types';
 import { useFocusUpdate } from './use_focus_update';
@@ -222,7 +221,6 @@ export function LayerPanels(
         onAddLayerClick={(layerType) => {
           const layerId = generateId();
           dispatchLens(addLayer({ layerId, layerType }));
-          trackUiEvent('layer_added');
           setNextFocusedLayerId(layerId);
         }}
       />
diff --git a/x-pack/plugins/lens/public/editor_frame_service/editor_frame/config_panel/layer_panel.tsx b/x-pack/plugins/lens/public/editor_frame_service/editor_frame/config_panel/layer_panel.tsx
index 43ff541d9c92f..ecaf23bb34d41 100644
--- a/x-pack/plugins/lens/public/editor_frame_service/editor_frame/config_panel/layer_panel.tsx
+++ b/x-pack/plugins/lens/public/editor_frame_service/editor_frame/config_panel/layer_panel.tsx
@@ -28,7 +28,6 @@ import {
 } from '../../../types';
 import { DragDropIdentifier, ReorderProvider } from '../../../drag_drop';
 import { LayerSettings } from './layer_settings';
-import { trackUiEvent } from '../../../lens_ui_telemetry';
 import { LayerPanelProps, ActiveDimensionState } from './types';
 import { DimensionContainer } from './dimension_container';
 import { RemoveLayerButton } from './remove_layer_button';
@@ -456,7 +455,6 @@ export function LayerPanel(
                                   });
                                 }}
                                 onRemoveClick={(id: string) => {
-                                  trackUiEvent('indexpattern_dimension_removed');
                                   if (datasourceId && layerDatasource) {
                                     props.updateAll(
                                       datasourceId,
diff --git a/x-pack/plugins/lens/public/editor_frame_service/editor_frame/editor_frame.tsx b/x-pack/plugins/lens/public/editor_frame_service/editor_frame/editor_frame.tsx
index 1b91d78f8f6f1..072db723ff326 100644
--- a/x-pack/plugins/lens/public/editor_frame_service/editor_frame/editor_frame.tsx
+++ b/x-pack/plugins/lens/public/editor_frame_service/editor_frame/editor_frame.tsx
@@ -17,7 +17,6 @@ import { WorkspacePanel } from './workspace_panel';
 import { DragDropIdentifier, RootDragDropProvider } from '../../drag_drop';
 import { EditorFrameStartPlugins } from '../service';
 import { getTopSuggestionForField, switchToSuggestion } from './suggestion_helpers';
-import { trackUiEvent } from '../../lens_ui_telemetry';
 import {
   useLensSelector,
   useLensDispatch,
@@ -78,7 +77,6 @@ export function EditorFrame(props: EditorFrameProps) {
     (field) => {
       const suggestion = getSuggestionForField.current!(field);
       if (suggestion) {
-        trackUiEvent('drop_onto_workspace');
         switchToSuggestion(dispatchLens, suggestion, { clearStagedPreview: true });
       }
     },
diff --git a/x-pack/plugins/lens/public/editor_frame_service/editor_frame/suggestion_panel.tsx b/x-pack/plugins/lens/public/editor_frame_service/editor_frame/suggestion_panel.tsx
index f3f4ed3c39e4e..67403b93d7b8c 100644
--- a/x-pack/plugins/lens/public/editor_frame_service/editor_frame/suggestion_panel.tsx
+++ b/x-pack/plugins/lens/public/editor_frame_service/editor_frame/suggestion_panel.tsx
@@ -40,7 +40,6 @@ import {
 } from '../../types';
 import { getSuggestions, switchToSuggestion } from './suggestion_helpers';
 import { getDatasourceExpressionsByLayers } from './expression_helpers';
-import { trackUiEvent, trackSuggestionEvent } from '../../lens_ui_telemetry';
 import {
   getMissingIndexPattern,
   validateDatasourceAndVisualization,
@@ -345,7 +344,6 @@ export function SuggestionPanel({
 
   function rollbackToCurrentVisualization() {
     if (lastSelectedSuggestion !== -1) {
-      trackSuggestionEvent('back_to_current');
       setLastSelectedSuggestion(-1);
       dispatchLens(rollbackSuggestion());
       dispatchLens(applyChanges());
@@ -411,7 +409,6 @@ export function SuggestionPanel({
               ExpressionRenderer={AutoRefreshExpressionRenderer}
               key={index}
               onSelect={() => {
-                trackUiEvent('suggestion_clicked');
                 if (lastSelectedSuggestion === index) {
                   rollbackToCurrentVisualization();
                 } else {
@@ -455,7 +452,6 @@ export function SuggestionPanel({
                 size="xs"
                 iconType="refresh"
                 onClick={() => {
-                  trackUiEvent('suggestion_confirmed');
                   dispatchLens(submitSuggestion());
                 }}
               >
diff --git a/x-pack/plugins/lens/public/editor_frame_service/editor_frame/workspace_panel/chart_switch.tsx b/x-pack/plugins/lens/public/editor_frame_service/editor_frame/workspace_panel/chart_switch.tsx
index a611d6d43638d..8c41fc5da8aae 100644
--- a/x-pack/plugins/lens/public/editor_frame_service/editor_frame/workspace_panel/chart_switch.tsx
+++ b/x-pack/plugins/lens/public/editor_frame_service/editor_frame/workspace_panel/chart_switch.tsx
@@ -30,7 +30,6 @@ import {
   Suggestion,
 } from '../../../types';
 import { getSuggestions, switchToSuggestion } from '../suggestion_helpers';
-import { trackUiEvent } from '../../../lens_ui_telemetry';
 import {
   insertLayer,
   removeLayers,
@@ -124,8 +123,6 @@ export const ChartSwitch = memo(function ChartSwitch(props: Props) {
   const commitSelection = (selection: VisualizationSelection) => {
     setFlyoutOpen(false);
 
-    trackUiEvent(`chart_switch`);
-
     switchToSuggestion(
       dispatchLens,
       {
diff --git a/x-pack/plugins/lens/public/editor_frame_service/editor_frame/workspace_panel/workspace_panel.tsx b/x-pack/plugins/lens/public/editor_frame_service/editor_frame/workspace_panel/workspace_panel.tsx
index e45f23941b070..b18e007077553 100644
--- a/x-pack/plugins/lens/public/editor_frame_service/editor_frame/workspace_panel/workspace_panel.tsx
+++ b/x-pack/plugins/lens/public/editor_frame_service/editor_frame/workspace_panel/workspace_panel.tsx
@@ -47,7 +47,6 @@ import {
 import { DragDrop, DragContext, DragDropIdentifier } from '../../../drag_drop';
 import { switchToSuggestion } from '../suggestion_helpers';
 import { buildExpression } from '../expression_helpers';
-import { trackUiEvent } from '../../../lens_ui_telemetry';
 import { WorkspacePanelWrapper } from './workspace_panel_wrapper';
 import { DropIllustration } from '../../../assets/drop_illustration';
 import applyChangesIllustrationDark from '../../../assets/render_dark@2x.png';
@@ -358,11 +357,9 @@ export const InnerWorkspacePanel = React.memo(function InnerWorkspacePanel({
 
   const onDrop = useCallback(() => {
     if (suggestionForDraggedField) {
-      trackUiEvent('drop_onto_workspace');
-      trackUiEvent(expressionExists ? 'drop_non_empty' : 'drop_empty');
       switchToSuggestion(dispatchLens, suggestionForDraggedField, { clearStagedPreview: true });
     }
-  }, [suggestionForDraggedField, expressionExists, dispatchLens]);
+  }, [suggestionForDraggedField, dispatchLens]);
 
   const IS_DARK_THEME = core.uiSettings.get('theme:darkMode');
 
@@ -625,7 +622,6 @@ export const VisualizationWrapper = ({
           <EuiButton
             data-test-subj="errorFixAction"
             onClick={async () => {
-              trackUiEvent('error_fix_action');
               const newState = await validationError.fixAction?.newState({
                 ...framePublicAPI,
                 ...context,
diff --git a/x-pack/plugins/lens/public/indexpattern_datasource/change_indexpattern.tsx b/x-pack/plugins/lens/public/indexpattern_datasource/change_indexpattern.tsx
index ae087221fd49a..256f452c2ab2a 100644
--- a/x-pack/plugins/lens/public/indexpattern_datasource/change_indexpattern.tsx
+++ b/x-pack/plugins/lens/public/indexpattern_datasource/change_indexpattern.tsx
@@ -11,7 +11,6 @@ import { EuiPopover, EuiPopoverTitle, EuiSelectableProps } from '@elastic/eui';
 import { ToolbarButton, ToolbarButtonProps } from '@kbn/kibana-react-plugin/public';
 import { DataViewsList } from '@kbn/unified-search-plugin/public';
 import { IndexPatternRef } from './types';
-import { trackUiEvent } from '../lens_ui_telemetry';
 
 export type ChangeIndexPatternTriggerProps = ToolbarButtonProps & {
   label: string;
@@ -81,7 +80,6 @@ export function ChangeIndexPattern({
           <DataViewsList
             dataViewsList={indexPatternRefs}
             onChangeDataView={(newId) => {
-              trackUiEvent('indexpattern_changed');
               onChangeIndexPattern(newId);
               setPopoverIsOpen(false);
             }}
diff --git a/x-pack/plugins/lens/public/indexpattern_datasource/datapanel.tsx b/x-pack/plugins/lens/public/indexpattern_datasource/datapanel.tsx
index 551e3f85a64fb..d907c25cbaf14 100644
--- a/x-pack/plugins/lens/public/indexpattern_datasource/datapanel.tsx
+++ b/x-pack/plugins/lens/public/indexpattern_datasource/datapanel.tsx
@@ -42,7 +42,6 @@ import type {
   IndexPatternField,
   IndexPatternRef,
 } from './types';
-import { trackUiEvent } from '../lens_ui_telemetry';
 import { loadIndexPatterns, syncExistingFields } from './loader';
 import { fieldExists } from './pure_helpers';
 import { Loader } from '../loader';
@@ -533,7 +532,6 @@ export const InnerIndexPatternDataPanel = function InnerIndexPatternDataPanel({
     () =>
       editPermission
         ? async (fieldName?: string, uiAction: 'edit' | 'add' = 'edit') => {
-            trackUiEvent(`open_field_editor_${uiAction}`);
             const indexPatternInstance = await dataViews.get(currentIndexPattern.id);
             closeFieldEditor.current = indexPatternFieldEditor.openEditor({
               ctx: {
@@ -541,7 +539,6 @@ export const InnerIndexPatternDataPanel = function InnerIndexPatternDataPanel({
               },
               fieldName,
               onSave: async () => {
-                trackUiEvent(`save_field_${uiAction}`);
                 await refreshFieldList();
               },
             });
@@ -554,7 +551,6 @@ export const InnerIndexPatternDataPanel = function InnerIndexPatternDataPanel({
     () =>
       editPermission
         ? async (fieldName: string) => {
-            trackUiEvent('open_field_delete_modal');
             const indexPatternInstance = await dataViews.get(currentIndexPattern.id);
             closeFieldEditor.current = indexPatternFieldEditor.openDeleteModal({
               ctx: {
@@ -562,7 +558,6 @@ export const InnerIndexPatternDataPanel = function InnerIndexPatternDataPanel({
               },
               fieldName,
               onDelete: async () => {
-                trackUiEvent('delete_field');
                 await refreshFieldList();
               },
             });
@@ -616,7 +611,6 @@ export const InnerIndexPatternDataPanel = function InnerIndexPatternDataPanel({
                 defaultMessage: 'Clear name and type filters',
               }),
               onClick: () => {
-                trackUiEvent('indexpattern_filters_cleared');
                 clearLocalState();
               },
             }}
@@ -679,7 +673,6 @@ export const InnerIndexPatternDataPanel = function InnerIndexPatternDataPanel({
                     icon={localState.typeFilter.includes(type) ? 'check' : 'empty'}
                     data-test-subj={`typeFilter-${type}`}
                     onClick={() => {
-                      trackUiEvent('indexpattern_type_filter_toggled');
                       setLocalState((s) => ({
                         ...s,
                         typeFilter: localState.typeFilter.includes(type)
diff --git a/x-pack/plugins/lens/public/indexpattern_datasource/dimension_panel/dimension_editor.tsx b/x-pack/plugins/lens/public/indexpattern_datasource/dimension_panel/dimension_editor.tsx
index 559c3ef7fff44..e1884808910d1 100644
--- a/x-pack/plugins/lens/public/indexpattern_datasource/dimension_panel/dimension_editor.tsx
+++ b/x-pack/plugins/lens/public/indexpattern_datasource/dimension_panel/dimension_editor.tsx
@@ -37,7 +37,6 @@ import { hasField } from '../pure_utils';
 import { fieldIsInvalid } from '../utils';
 import { BucketNestingEditor } from './bucket_nesting_editor';
 import type { IndexPattern, IndexPatternField, IndexPatternLayer } from '../types';
-import { trackUiEvent } from '../../lens_ui_telemetry';
 import { FormatSelector } from './format_selector';
 import { ReferenceEditor } from './reference_editor';
 import { TimeScaling } from './time_scaling';
@@ -193,7 +192,6 @@ export function DimensionEditor(props: DimensionEditorProps) {
 
   const addStaticValueColumn = (prevLayer = props.state.layers[props.layerId]) => {
     if (selectedColumn?.operationType !== staticValueOperationName) {
-      trackUiEvent(`indexpattern_dimension_operation_static_value`);
       const layer = insertOrReplaceColumn({
         layer: prevLayer,
         indexPattern: currentIndexPattern,
@@ -429,7 +427,6 @@ export function DimensionEditor(props: DimensionEditorProps) {
               setTemporaryState('none');
             }
             setStateWrapper(newLayer);
-            trackUiEvent(`indexpattern_dimension_operation_${operationType}`);
             return;
           } else if (!selectedColumn || !compatibleWithCurrentField) {
             const possibleFields = fieldByOperation[operationType] || new Set();
@@ -465,7 +462,6 @@ export function DimensionEditor(props: DimensionEditorProps) {
               setTemporaryState('none');
             }
             setStateWrapper(newLayer);
-            trackUiEvent(`indexpattern_dimension_operation_${operationType}`);
             return;
           }
 
@@ -607,7 +603,6 @@ export function DimensionEditor(props: DimensionEditorProps) {
                     );
                   }}
                   onChooseField={(choice: FieldChoiceWithOperationType) => {
-                    trackUiEvent('indexpattern_dimension_field_changed');
                     updateLayer(
                       insertOrReplaceColumn({
                         layer,
@@ -791,7 +786,6 @@ export function DimensionEditor(props: DimensionEditorProps) {
             visualizationGroups: dimensionGroups,
           });
           setStateWrapper(newLayer);
-          trackUiEvent(`indexpattern_dimension_operation_formula`);
         }
       },
       label: i18n.translate('xpack.lens.indexPattern.formulaLabel', {
diff --git a/x-pack/plugins/lens/public/indexpattern_datasource/dimension_panel/droppable/on_drop_handler.ts b/x-pack/plugins/lens/public/indexpattern_datasource/dimension_panel/droppable/on_drop_handler.ts
index 3d57e21e73387..b2c24cd5bf438 100644
--- a/x-pack/plugins/lens/public/indexpattern_datasource/dimension_panel/droppable/on_drop_handler.ts
+++ b/x-pack/plugins/lens/public/indexpattern_datasource/dimension_panel/droppable/on_drop_handler.ts
@@ -27,7 +27,6 @@ import { mergeLayer, mergeLayers } from '../../state_helpers';
 import { isDraggedField } from '../../pure_utils';
 import { getNewOperation, getField } from './get_drop_props';
 import { IndexPatternPrivateState, DraggedField, DataViewDragDropOperation } from '../../types';
-import { trackUiEvent } from '../../../lens_ui_telemetry';
 
 interface DropHandlerProps<T = DataViewDragDropOperation> {
   state: IndexPatternPrivateState;
@@ -156,10 +155,6 @@ function onFieldDrop(props: DropHandlerProps<DraggedField>, shouldAddField?: boo
     shouldCombineField: shouldAddField,
     initialParams,
   });
-
-  trackUiEvent('drop_onto_dimension');
-  const hasData = Object.values(state.layers).some(({ columns }) => columns.length);
-  trackUiEvent(hasData ? 'drop_non_empty' : 'drop_empty');
   setState(mergeLayer({ state, layerId: target.layerId, newLayer }));
   return true;
 }
@@ -271,8 +266,6 @@ function onMoveIncompatible(
       targetGroup: target.groupId,
       shouldResetLabel: true,
     });
-
-    trackUiEvent('drop_onto_dimension');
     setState(
       mergeLayer({
         state,
@@ -292,8 +285,6 @@ function onMoveIncompatible(
       targetGroup: target.groupId,
       shouldResetLabel: true,
     });
-
-    trackUiEvent('drop_onto_dimension');
     setState(
       mergeLayers({
         state,
@@ -352,8 +343,6 @@ function onSwapIncompatible({
       targetGroup: source.groupId,
       shouldResetLabel: true,
     });
-
-    trackUiEvent('drop_onto_dimension');
     setState(
       mergeLayer({
         state,
@@ -373,8 +362,6 @@ function onSwapIncompatible({
       targetGroup: source.groupId,
       shouldResetLabel: true,
     });
-
-    trackUiEvent('drop_onto_dimension');
     setState(
       mergeLayers({
         state,
diff --git a/x-pack/plugins/lens/public/indexpattern_datasource/dimension_panel/field_select.tsx b/x-pack/plugins/lens/public/indexpattern_datasource/dimension_panel/field_select.tsx
index 16e70f5657db0..6ed035afbc4f3 100644
--- a/x-pack/plugins/lens/public/indexpattern_datasource/dimension_panel/field_select.tsx
+++ b/x-pack/plugins/lens/public/indexpattern_datasource/dimension_panel/field_select.tsx
@@ -10,7 +10,6 @@ import { partition } from 'lodash';
 import React, { useMemo } from 'react';
 import { i18n } from '@kbn/i18n';
 import { EuiComboBoxOptionOption, EuiComboBoxProps } from '@elastic/eui';
-import { trackUiEvent } from '../../lens_ui_telemetry';
 import { fieldExists } from '../pure_helpers';
 import type { OperationType } from '../indexpattern';
 import type { OperationSupportMatrix } from './operation_support';
@@ -162,7 +161,6 @@ export function FieldSelect({
       options={memoizedFieldOptions as Array<FieldOption<FieldChoiceWithOperationType>>}
       onChoose={(choice) => {
         if (choice && choice.field !== selectedField) {
-          trackUiEvent('indexpattern_dimension_field_changed');
           onChoose(choice);
         }
       }}
diff --git a/x-pack/plugins/lens/public/indexpattern_datasource/dimension_panel/reference_editor.tsx b/x-pack/plugins/lens/public/indexpattern_datasource/dimension_panel/reference_editor.tsx
index 57782fa157ca7..580d74e3ab63d 100644
--- a/x-pack/plugins/lens/public/indexpattern_datasource/dimension_panel/reference_editor.tsx
+++ b/x-pack/plugins/lens/public/indexpattern_datasource/dimension_panel/reference_editor.tsx
@@ -33,7 +33,6 @@ import type {
   IndexPatternLayer,
   IndexPatternPrivateState,
 } from '../types';
-import { trackUiEvent } from '../../lens_ui_telemetry';
 import type { ParamEditorCustomProps } from '../../types';
 import type { IndexPatternDimensionEditorProps } from './dimension_panel';
 import { FormRow } from '../operations/definitions/shared_components';
@@ -281,7 +280,6 @@ export const ReferenceEditor = (props: ReferenceEditorProps) => {
                     : undefined;
 
                 onChooseFunction(operationType, field);
-                trackUiEvent(`indexpattern_dimension_operation_${operationType}`);
                 return;
               }}
             />
diff --git a/x-pack/plugins/lens/public/indexpattern_datasource/field_item.tsx b/x-pack/plugins/lens/public/indexpattern_datasource/field_item.tsx
index a0c2a182bee62..316f9c87c7c29 100644
--- a/x-pack/plugins/lens/public/indexpattern_datasource/field_item.tsx
+++ b/x-pack/plugins/lens/public/indexpattern_datasource/field_item.tsx
@@ -48,7 +48,6 @@ import { DatasourceDataPanelProps, DataType } from '../types';
 import { BucketedAggregation, DOCUMENT_FIELD_NAME, FieldStatsResponse } from '../../common';
 import { IndexPattern, IndexPatternField, DraggedField } from './types';
 import { LensFieldIcon } from '../shared_components/field_picker/lens_field_icon';
-import { trackUiEvent } from '../lens_ui_telemetry';
 import { VisualizeGeoFieldButton } from './visualize_geo_field_button';
 import { getVisualizeGeoFieldMessage } from '../utils';
 
@@ -187,7 +186,6 @@ export const InnerFieldItem = function InnerFieldItem(props: FieldItemProps) {
   function togglePopover() {
     setOpen(!infoIsOpen);
     if (!infoIsOpen) {
-      trackUiEvent('indexpattern_field_info_click');
       fetchData();
     }
   }
diff --git a/x-pack/plugins/lens/public/indexpattern_datasource/help_popover.tsx b/x-pack/plugins/lens/public/indexpattern_datasource/help_popover.tsx
index a1bbc7ccd55f1..803899b3028fd 100644
--- a/x-pack/plugins/lens/public/indexpattern_datasource/help_popover.tsx
+++ b/x-pack/plugins/lens/public/indexpattern_datasource/help_popover.tsx
@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import React, { ReactNode, useEffect } from 'react';
+import React, { ReactNode } from 'react';
 import {
   EuiIcon,
   EuiLink,
@@ -17,7 +17,6 @@ import {
   EuiPopoverTitle,
   EuiText,
 } from '@elastic/eui';
-import { trackUiEvent } from '../lens_ui_telemetry';
 import './help_popover.scss';
 
 export const HelpPopoverButton = ({
@@ -53,11 +52,6 @@ export const HelpPopover = ({
   isOpen: EuiPopoverProps['isOpen'];
   title?: string;
 }) => {
-  useEffect(() => {
-    if (isOpen) {
-      trackUiEvent('open_help_popover');
-    }
-  }, [isOpen]);
   return (
     <EuiPopover
       anchorPosition={anchorPosition}
@@ -93,11 +87,6 @@ export const WrappingHelpPopover = ({
   isOpen: EuiWrappingPopoverProps['isOpen'];
   title?: string;
 }) => {
-  useEffect(() => {
-    if (isOpen) {
-      trackUiEvent('open_help_popover');
-    }
-  }, [isOpen]);
   return (
     <EuiWrappingPopover
       anchorPosition={anchorPosition}
diff --git a/x-pack/plugins/lens/public/indexpattern_datasource/operations/definitions/formula/editor/formula_editor.tsx b/x-pack/plugins/lens/public/indexpattern_datasource/operations/definitions/formula/editor/formula_editor.tsx
index fcec1168a7474..de3987287e902 100644
--- a/x-pack/plugins/lens/public/indexpattern_datasource/operations/definitions/formula/editor/formula_editor.tsx
+++ b/x-pack/plugins/lens/public/indexpattern_datasource/operations/definitions/formula/editor/formula_editor.tsx
@@ -41,7 +41,6 @@ import {
 } from './math_completion';
 import { LANGUAGE_ID } from './math_tokenization';
 import { MemoizedFormulaHelp } from './formula_help';
-import { trackUiEvent } from '../../../../../lens_ui_telemetry';
 
 import './formula.scss';
 import { FormulaIndexPatternColumn } from '../formula';
@@ -700,7 +699,6 @@ export function FormulaEditor({
                       toggleFullscreen();
                       // Help text opens when entering full screen, and closes when leaving full screen
                       setIsHelpOpen(!isFullscreen);
-                      trackUiEvent('toggle_formula_fullscreen');
                     }}
                     iconType={isFullscreen ? 'fullScreenExit' : 'fullScreen'}
                     size="xs"
@@ -823,9 +821,6 @@ export function FormulaEditor({
                           <EuiButtonIcon
                             className="lnsFormula__editorHelp lnsFormula__editorHelp--overlay"
                             onClick={() => {
-                              if (!isHelpOpen) {
-                                trackUiEvent('open_formula_popover');
-                              }
                               setIsHelpOpen(!isHelpOpen);
                             }}
                             iconType="documentation"
diff --git a/x-pack/plugins/lens/public/lens_ui_telemetry/factory.test.ts b/x-pack/plugins/lens/public/lens_ui_telemetry/factory.test.ts
deleted file mode 100644
index 080e2cf5d495f..0000000000000
--- a/x-pack/plugins/lens/public/lens_ui_telemetry/factory.test.ts
+++ /dev/null
@@ -1,110 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import {
-  LensReportManager,
-  setReportManager,
-  stopReportManager,
-  trackUiEvent,
-  trackSuggestionEvent,
-} from './factory';
-import { coreMock } from '@kbn/core/public/mocks';
-import { HttpSetup } from '@kbn/core/public';
-import { IStorageWrapper } from '@kbn/kibana-utils-plugin/public';
-
-jest.useFakeTimers();
-
-const createMockStorage = () => {
-  let lastData = { events: {}, suggestionEvents: {} };
-  return {
-    get: jest.fn().mockImplementation(() => lastData),
-    set: jest.fn().mockImplementation((key, value) => {
-      lastData = value;
-    }),
-    remove: jest.fn(),
-    clear: jest.fn(),
-  };
-};
-
-describe('Lens UI telemetry', () => {
-  let storage: jest.Mocked<IStorageWrapper>;
-  let http: jest.Mocked<HttpSetup>;
-  let dateSpy: jest.SpyInstance;
-
-  beforeEach(() => {
-    dateSpy = jest
-      .spyOn(Date, 'now')
-      .mockImplementation(() => new Date(Date.UTC(2019, 9, 23)).valueOf());
-
-    storage = createMockStorage();
-    http = coreMock.createSetup().http;
-    http.post.mockClear();
-    const fakeManager = new LensReportManager({
-      http,
-      storage,
-    });
-    setReportManager(fakeManager);
-  });
-
-  afterEach(() => {
-    stopReportManager();
-    dateSpy.mockRestore();
-  });
-
-  it('should write immediately and track local state', () => {
-    trackUiEvent('loaded');
-
-    expect(storage.set).toHaveBeenCalledWith('lens-ui-telemetry', {
-      events: expect.any(Object),
-      suggestionEvents: {},
-    });
-
-    trackSuggestionEvent('reload');
-
-    expect(storage.set).toHaveBeenLastCalledWith('lens-ui-telemetry', {
-      events: expect.any(Object),
-      suggestionEvents: expect.any(Object),
-    });
-  });
-
-  it('should post the results after waiting 10 seconds, if there is data', async () => {
-    jest.runOnlyPendingTimers();
-
-    http.post.mockResolvedValue({});
-
-    expect(http.post).not.toHaveBeenCalled();
-    expect(storage.set).toHaveBeenCalledTimes(0);
-
-    trackUiEvent('load');
-    expect(storage.set).toHaveBeenCalledTimes(1);
-
-    jest.runOnlyPendingTimers();
-
-    expect(http.post).toHaveBeenCalledWith(`/api/lens/stats`, {
-      body: JSON.stringify({
-        events: {
-          '2019-10-23': {
-            load: 1,
-          },
-        },
-        suggestionEvents: {},
-      }),
-    });
-  });
-
-  it('should keep its local state after an http error', () => {
-    http.post.mockRejectedValue('http error');
-
-    trackUiEvent('load');
-    expect(storage.set).toHaveBeenCalledTimes(1);
-
-    jest.runOnlyPendingTimers();
-
-    expect(http.post).toHaveBeenCalled();
-    expect(storage.set).toHaveBeenCalledTimes(1);
-  });
-});
diff --git a/x-pack/plugins/lens/public/lens_ui_telemetry/factory.ts b/x-pack/plugins/lens/public/lens_ui_telemetry/factory.ts
deleted file mode 100644
index bad1bad481e8b..0000000000000
--- a/x-pack/plugins/lens/public/lens_ui_telemetry/factory.ts
+++ /dev/null
@@ -1,129 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import moment from 'moment';
-import { HttpSetup } from '@kbn/core/public';
-
-import { IStorageWrapper } from '@kbn/kibana-utils-plugin/public';
-import { BASE_API_URL } from '../../common';
-
-const STORAGE_KEY = 'lens-ui-telemetry';
-
-let reportManager: LensReportManager;
-
-export function setReportManager(newManager: LensReportManager) {
-  if (reportManager) {
-    reportManager.stop();
-  }
-  reportManager = newManager;
-}
-
-export function stopReportManager() {
-  if (reportManager) {
-    reportManager.stop();
-  }
-}
-
-export function trackUiEvent(name: string) {
-  if (reportManager) {
-    reportManager.trackEvent(name);
-  }
-}
-
-export function trackSuggestionEvent(name: string) {
-  if (reportManager) {
-    reportManager.trackSuggestionEvent(name);
-  }
-}
-
-export class LensReportManager {
-  private events: Record<string, Record<string, number>> = {};
-  private suggestionEvents: Record<string, Record<string, number>> = {};
-
-  private storage: IStorageWrapper;
-  private http: HttpSetup;
-  private timer: ReturnType<typeof setInterval>;
-
-  constructor({ storage, http }: { storage: IStorageWrapper; http: HttpSetup }) {
-    this.storage = storage;
-    this.http = http;
-
-    this.readFromStorage();
-
-    this.timer = setInterval(() => {
-      this.postToServer();
-    }, 10000);
-  }
-
-  public trackEvent(name: string) {
-    this.readFromStorage();
-    this.trackTo(this.events, name);
-  }
-
-  public trackSuggestionEvent(name: string) {
-    this.readFromStorage();
-    this.trackTo(this.suggestionEvents, name);
-  }
-
-  public stop() {
-    if (this.timer) {
-      clearInterval(this.timer);
-    }
-  }
-
-  private readFromStorage() {
-    const data = this.storage.get(STORAGE_KEY);
-    if (data && typeof data.events === 'object' && typeof data.suggestionEvents === 'object') {
-      this.events = data.events;
-      this.suggestionEvents = data.suggestionEvents;
-    }
-  }
-
-  private async postToServer() {
-    this.readFromStorage();
-    if (Object.keys(this.events).length || Object.keys(this.suggestionEvents).length) {
-      try {
-        await this.http.post(`${BASE_API_URL}/stats`, {
-          body: JSON.stringify({
-            events: this.events,
-            suggestionEvents: this.suggestionEvents,
-          }),
-        });
-        this.events = {};
-        this.suggestionEvents = {};
-        this.write();
-      } catch (e) {
-        // Silent error because events will be reported during the next timer
-
-        // If posting stats is forbidden for the current user, stop attempting to send them,
-        // but keep them in storage to push in case the user logs in with sufficient permissions at some point.
-        if (e.response && e.response.status === 403) {
-          this.stop();
-        }
-      }
-    }
-  }
-
-  private trackTo(target: Record<string, Record<string, number>>, name: string) {
-    const date = moment().utc().format('YYYY-MM-DD');
-    if (!target[date]) {
-      target[date] = {
-        [name]: 1,
-      };
-    } else if (!target[date][name]) {
-      target[date][name] = 1;
-    } else {
-      target[date][name] += 1;
-    }
-
-    this.write();
-  }
-
-  private write() {
-    this.storage.set(STORAGE_KEY, { events: this.events, suggestionEvents: this.suggestionEvents });
-  }
-}
diff --git a/x-pack/plugins/lens/public/lens_ui_telemetry/index.ts b/x-pack/plugins/lens/public/lens_ui_telemetry/index.ts
deleted file mode 100644
index 974d07503a376..0000000000000
--- a/x-pack/plugins/lens/public/lens_ui_telemetry/index.ts
+++ /dev/null
@@ -1,8 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-export * from './factory';
diff --git a/x-pack/plugins/lens/public/plugin.ts b/x-pack/plugins/lens/public/plugin.ts
index a312f338f8504..8dd2a5278d8ce 100644
--- a/x-pack/plugins/lens/public/plugin.ts
+++ b/x-pack/plugins/lens/public/plugin.ts
@@ -231,8 +231,6 @@ export class LensPlugin {
   private hasDiscoverAccess: boolean = false;
   private dataViewsService: DataViewsPublicPluginStart | undefined;
 
-  private stopReportManager?: () => void;
-
   setup(
     core: CoreSetup<LensPluginStartDependencies, void>,
     {
@@ -335,10 +333,7 @@ export class LensPlugin {
           eventAnnotation
         );
 
-        const { mountApp, stopReportManager, getLensAttributeService } = await import(
-          './async_services'
-        );
-        this.stopReportManager = stopReportManager;
+        const { mountApp, getLensAttributeService } = await import('./async_services');
 
         const frameStart = this.editorFrameService!.start(coreStart, deps);
         return mountApp(core, params, {
@@ -508,9 +503,5 @@ export class LensPlugin {
     };
   }
 
-  stop() {
-    if (this.stopReportManager) {
-      this.stopReportManager();
-    }
-  }
+  stop() {}
 }
diff --git a/x-pack/plugins/lens/public/state_management/context_middleware/subscribe_to_external_context.ts b/x-pack/plugins/lens/public/state_management/context_middleware/subscribe_to_external_context.ts
index 60a4f5670070e..abc3f388db5e9 100644
--- a/x-pack/plugins/lens/public/state_management/context_middleware/subscribe_to_external_context.ts
+++ b/x-pack/plugins/lens/public/state_management/context_middleware/subscribe_to_external_context.ts
@@ -8,7 +8,6 @@
 import { delay, finalize, switchMap, tap } from 'rxjs/operators';
 import { debounce, isEqual } from 'lodash';
 import { waitUntilNextSessionCompletes$, DataPublicPluginStart } from '@kbn/data-plugin/public';
-import { trackUiEvent } from '../../lens_ui_telemetry';
 import { setState, LensGetState, LensDispatch } from '..';
 import { getResolvedDateRange } from '../../utils';
 
@@ -53,7 +52,6 @@ export function subscribeToExternalContext(
   const filterSubscription = filterManager.getUpdates$().subscribe({
     next: () => {
       debounceDispatchFromExternal();
-      trackUiEvent('app_filters_updated');
     },
   });
 
diff --git a/x-pack/plugins/lens/public/xy_visualization/xy_config_panel/layer_header.tsx b/x-pack/plugins/lens/public/xy_visualization/xy_config_panel/layer_header.tsx
index d3a7552954d13..d5523a0b10914 100644
--- a/x-pack/plugins/lens/public/xy_visualization/xy_config_panel/layer_header.tsx
+++ b/x-pack/plugins/lens/public/xy_visualization/xy_config_panel/layer_header.tsx
@@ -12,7 +12,6 @@ import { ToolbarButton } from '@kbn/kibana-react-plugin/public';
 import type { VisualizationLayerWidgetProps, VisualizationType } from '../../types';
 import { State, visualizationTypes, SeriesType } from '../types';
 import { isHorizontalChart, isHorizontalSeries } from '../state_helpers';
-import { trackUiEvent } from '../../lens_ui_telemetry';
 import { StaticHeader } from '../../shared_components';
 import { LensIconChartBarReferenceLine } from '../../assets/chart_bar_reference_line';
 import { LensIconChartBarAnnotations } from '../../assets/chart_bar_annotations';
@@ -107,7 +106,6 @@ function DataLayerHeader(props: VisualizationLayerWidgetProps<State>) {
               return;
             }
             const id = chosenType.value!;
-            trackUiEvent('xy_change_layer_display');
             props.setState(updateLayer(state, { ...layer, seriesType: id as SeriesType }, index));
             setPopoverIsOpen(false);
           }}
diff --git a/x-pack/plugins/lens/server/plugin.tsx b/x-pack/plugins/lens/server/plugin.tsx
index f7b39832eca03..5671eb833ef66 100644
--- a/x-pack/plugins/lens/server/plugin.tsx
+++ b/x-pack/plugins/lens/server/plugin.tsx
@@ -5,8 +5,7 @@
  * 2.0.
  */
 
-import { Plugin, CoreSetup, CoreStart, PluginInitializerContext, Logger } from '@kbn/core/server';
-import { UsageCollectionSetup } from '@kbn/usage-collection-plugin/server';
+import { Plugin, CoreSetup, CoreStart, PluginInitializerContext } from '@kbn/core/server';
 import { PluginStart as DataViewsServerPluginStart } from '@kbn/data-views-plugin/server';
 import {
   PluginStart as DataPluginStart,
@@ -23,18 +22,12 @@ import {
 import { EmbeddableSetup } from '@kbn/embeddable-plugin/server';
 import { setupRoutes } from './routes';
 import { getUiSettings } from './ui_settings';
-import {
-  registerLensUsageCollector,
-  initializeLensTelemetry,
-  scheduleLensTelemetry,
-} from './usage';
 import { setupSavedObjects } from './saved_objects';
 import { setupExpressions } from './expressions';
 import { makeLensEmbeddableFactory } from './embeddable/make_lens_embeddable_factory';
 import type { CustomVisualizationMigrations } from './migrations/types';
 
 export interface PluginSetupContract {
-  usageCollection?: UsageCollectionSetup;
   taskManager?: TaskManagerSetupContract;
   embeddable: EmbeddableSetup;
   expressions: ExpressionsServerSetup;
@@ -63,12 +56,9 @@ export interface LensServerPluginSetup {
 }
 
 export class LensServerPlugin implements Plugin<LensServerPluginSetup, {}, {}, {}> {
-  private readonly telemetryLogger: Logger;
   private customVisualizationMigrations: CustomVisualizationMigrations = {};
 
-  constructor(private initializerContext: PluginInitializerContext) {
-    this.telemetryLogger = initializerContext.logger.get('usage');
-  }
+  constructor(private initializerContext: PluginInitializerContext) {}
 
   setup(core: CoreSetup<PluginStartContract>, plugins: PluginSetupContract) {
     const getFilterMigrations = plugins.data.query.filterManager.getAllMigrations.bind(
@@ -79,16 +69,6 @@ export class LensServerPlugin implements Plugin<LensServerPluginSetup, {}, {}, {
     setupExpressions(core, plugins.expressions);
     core.uiSettings.register(getUiSettings());
 
-    if (plugins.usageCollection && plugins.taskManager) {
-      registerLensUsageCollector(
-        plugins.usageCollection,
-        core
-          .getStartServices()
-          .then(([_, { taskManager }]) => taskManager as TaskManagerStartContract)
-      );
-      initializeLensTelemetry(this.telemetryLogger, core, plugins.taskManager);
-    }
-
     const lensEmbeddableFactory = makeLensEmbeddableFactory(
       getFilterMigrations,
       this.customVisualizationMigrations
@@ -109,9 +89,6 @@ export class LensServerPlugin implements Plugin<LensServerPluginSetup, {}, {}, {
   }
 
   start(core: CoreStart, plugins: PluginStartContract) {
-    if (plugins.taskManager) {
-      scheduleLensTelemetry(this.telemetryLogger, plugins.taskManager);
-    }
     return {};
   }
 
diff --git a/x-pack/plugins/lens/server/routes/index.ts b/x-pack/plugins/lens/server/routes/index.ts
index d040812c27264..bb6986cd7d2d2 100644
--- a/x-pack/plugins/lens/server/routes/index.ts
+++ b/x-pack/plugins/lens/server/routes/index.ts
@@ -9,10 +9,8 @@ import { CoreSetup, Logger } from '@kbn/core/server';
 import { PluginStartContract } from '../plugin';
 import { existingFieldsRoute } from './existing_fields';
 import { initFieldsRoute } from './field_stats';
-import { initLensUsageRoute } from './telemetry';
 
 export function setupRoutes(setup: CoreSetup<PluginStartContract>, logger: Logger) {
   existingFieldsRoute(setup, logger);
   initFieldsRoute(setup);
-  initLensUsageRoute(setup);
 }
diff --git a/x-pack/plugins/lens/server/routes/telemetry.ts b/x-pack/plugins/lens/server/routes/telemetry.ts
deleted file mode 100644
index 01c843cf5489d..0000000000000
--- a/x-pack/plugins/lens/server/routes/telemetry.ts
+++ /dev/null
@@ -1,93 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { errors } from '@elastic/elasticsearch';
-import { CoreSetup } from '@kbn/core/server';
-import { schema } from '@kbn/config-schema';
-import { SavedObjectsErrorHelpers } from '@kbn/core/server';
-import { BASE_API_URL } from '../../common';
-import { PluginStartContract } from '../plugin';
-
-// This route is responsible for taking a batch of click events from the browser
-// and writing them to saved objects
-export async function initLensUsageRoute(setup: CoreSetup<PluginStartContract>) {
-  const router = setup.http.createRouter();
-  router.post(
-    {
-      path: `${BASE_API_URL}/stats`,
-      validate: {
-        body: schema.object({
-          events: schema.mapOf(schema.string(), schema.mapOf(schema.string(), schema.number())),
-          suggestionEvents: schema.mapOf(
-            schema.string(),
-            schema.mapOf(schema.string(), schema.number())
-          ),
-        }),
-      },
-    },
-    async (context, req, res) => {
-      const { events, suggestionEvents } = req.body;
-
-      try {
-        const client = (await context.core).savedObjects.client;
-
-        const allEvents: Array<{
-          type: 'lens-ui-telemetry';
-          attributes: {};
-        }> = [];
-
-        events.forEach((subMap, date) => {
-          subMap.forEach((count, key) => {
-            allEvents.push({
-              type: 'lens-ui-telemetry',
-              attributes: {
-                name: key,
-                date,
-                count,
-                type: 'regular',
-              },
-            });
-          });
-        });
-        suggestionEvents.forEach((subMap, date) => {
-          subMap.forEach((count, key) => {
-            allEvents.push({
-              type: 'lens-ui-telemetry',
-              attributes: {
-                name: key,
-                date,
-                count,
-                type: 'suggestion',
-              },
-            });
-          });
-        });
-
-        if (allEvents.length) {
-          await client.bulkCreate(allEvents);
-        }
-
-        return res.ok({ body: {} });
-      } catch (e) {
-        if (SavedObjectsErrorHelpers.isForbiddenError(e)) {
-          return res.forbidden();
-        }
-        if (e instanceof errors.ResponseError && e.statusCode === 404) {
-          return res.notFound();
-        }
-        if (e.isBoom) {
-          if (e.output.statusCode === 404) {
-            return res.notFound();
-          }
-          throw new Error(e.output.message);
-        } else {
-          throw e;
-        }
-      }
-    }
-  );
-}
diff --git a/x-pack/plugins/lens/server/usage/collectors.ts b/x-pack/plugins/lens/server/usage/collectors.ts
deleted file mode 100644
index b857b31129398..0000000000000
--- a/x-pack/plugins/lens/server/usage/collectors.ts
+++ /dev/null
@@ -1,119 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import moment from 'moment';
-import { get } from 'lodash';
-import { UsageCollectionSetup } from '@kbn/usage-collection-plugin/server';
-import { TaskManagerStartContract } from '@kbn/task-manager-plugin/server';
-
-import { LensUsage, LensTelemetryState } from './types';
-import { lensUsageSchema } from './schema';
-
-const emptyUsageCollection = {
-  saved_multiterms_overall: {},
-  saved_multiterms_30_days: {},
-  saved_multiterms_90_days: {},
-  saved_overall: {},
-  saved_30_days: {},
-  saved_90_days: {},
-  saved_overall_total: 0,
-  saved_30_days_total: 0,
-  saved_90_days_total: 0,
-  events_30_days: {},
-  events_90_days: {},
-  suggestion_events_30_days: {},
-  suggestion_events_90_days: {},
-};
-
-export function registerLensUsageCollector(
-  usageCollection: UsageCollectionSetup,
-  taskManager: Promise<TaskManagerStartContract>
-) {
-  const lensUsageCollector = usageCollection.makeUsageCollector<LensUsage>({
-    type: 'lens',
-    async fetch() {
-      try {
-        const docs = await getLatestTaskState(await taskManager);
-        // get the accumulated state from the recurring task
-        const state: LensTelemetryState = get(docs, '[0].state');
-
-        const events = getDataByDate(state.byDate);
-        const suggestions = getDataByDate(state.suggestionsByDate);
-
-        return {
-          ...emptyUsageCollection,
-          ...state.saved,
-          ...state.multiterms,
-          events_30_days: events.last30,
-          events_90_days: events.last90,
-          suggestion_events_30_days: suggestions.last30,
-          suggestion_events_90_days: suggestions.last90,
-        };
-      } catch (err) {
-        return emptyUsageCollection;
-      }
-    },
-    isReady: async () => {
-      await taskManager;
-      return true;
-    },
-    schema: lensUsageSchema,
-  });
-
-  usageCollection.registerCollector(lensUsageCollector);
-}
-
-function addEvents(prevEvents: Record<string, number>, newEvents: Record<string, number>) {
-  Object.keys(newEvents).forEach((key) => {
-    prevEvents[key] = (prevEvents[key] || 0) + newEvents[key];
-  });
-}
-
-async function getLatestTaskState(taskManager: TaskManagerStartContract) {
-  try {
-    const result = await taskManager.fetch({
-      query: { bool: { filter: { term: { _id: `task:Lens-lens_telemetry` } } } },
-    });
-    return result.docs;
-  } catch (err) {
-    const errMessage = err && err.message ? err.message : err.toString();
-    /*
-      The usage service WILL to try to fetch from this collector before the task manager has been initialized, because the
-      task manager has to wait for all plugins to initialize first. It's fine to ignore it as next time around it will be
-      initialized (or it will throw a different type of error)
-    */
-    if (!errMessage.includes('NotInitialized')) {
-      throw err;
-    }
-  }
-
-  return null;
-}
-
-function getDataByDate(dates: Record<string, Record<string, number>>) {
-  const byDate = Object.keys(dates || {}).map((dateStr) => parseInt(dateStr, 10));
-
-  const last30: Record<string, number> = {};
-  const last90: Record<string, number> = {};
-
-  const last30Timestamp = moment().subtract(30, 'days').unix();
-  const last90Timestamp = moment().subtract(90, 'days').unix();
-
-  byDate.forEach((dateKey) => {
-    if (dateKey >= last30Timestamp) {
-      addEvents(last30, dates[dateKey]);
-      addEvents(last90, dates[dateKey]);
-    } else if (dateKey > last90Timestamp) {
-      addEvents(last90, dates[dateKey]);
-    }
-  });
-
-  return {
-    last30,
-    last90,
-  };
-}
diff --git a/x-pack/plugins/lens/server/usage/index.ts b/x-pack/plugins/lens/server/usage/index.ts
deleted file mode 100644
index ea657f59cd77a..0000000000000
--- a/x-pack/plugins/lens/server/usage/index.ts
+++ /dev/null
@@ -1,9 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-export * from './collectors';
-export * from './task';
diff --git a/x-pack/plugins/lens/server/usage/multiterms_count.ts b/x-pack/plugins/lens/server/usage/multiterms_count.ts
deleted file mode 100644
index 26ebbb8393892..0000000000000
--- a/x-pack/plugins/lens/server/usage/multiterms_count.ts
+++ /dev/null
@@ -1,106 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { ElasticsearchClient } from '@kbn/core/server';
-import { createMetricQuery } from './saved_objects_metric_factory';
-import { LensMultitermsUsage } from './types';
-
-export async function getMultitermsCounts(
-  getEsClient: () => Promise<ElasticsearchClient>,
-  kibanaIndex: string
-): Promise<LensMultitermsUsage> {
-  // eslint-disable-next-line @typescript-eslint/no-explicit-any
-  function bucketsToObject(arg: any) {
-    const obj: Record<string, number> = {};
-    if (arg.multitermsDocs.doc_count > 0) {
-      obj.multiterms_docs = arg.multitermsDocs.doc_count;
-      obj.multiterms_terms_count = arg.multitermsTermsCount.value;
-      obj.multiterms_operations_count = arg.multitermsOperationsCount.value;
-    }
-    return obj;
-  }
-
-  const forEachMultitermsOperationScript = (operationToApply: string) => {
-    return `
-      try {
-          if(doc['lens.state'].size() == 0) return;
-          HashMap layers = params['_source'].get('lens').get('state').get('datasourceStates').get('indexpattern').get('layers');
-          for(layerId in layers.keySet()) {
-              HashMap columns = layers.get(layerId).get('columns');
-              for(columnId in columns.keySet()) {
-                  if(columns.get(columnId).get('operationType') == 'terms'){
-                      if(columns.get(columnId).get('params').get('secondaryFields').size() > 0){
-                          ${operationToApply}
-                      }
-                  }
-              }
-          }
-      } catch(Exception e) {}`;
-  };
-
-  const fn = createMetricQuery(getEsClient, kibanaIndex);
-
-  const result = await fn({
-    aggregations: {
-      multitermsOperationsCount: {
-        sum: {
-          field: 'multiterms_operations_count',
-        },
-      },
-      multitermsTermsCount: {
-        sum: {
-          field: 'multiterms_count',
-        },
-      },
-      multitermsDocs: {
-        filter: {
-          match: {
-            operation_type: 'multiterms',
-          },
-        },
-      },
-    },
-    runtimeMappings: {
-      operation_type: {
-        type: 'keyword',
-        script: {
-          lang: 'painless',
-          source: forEachMultitermsOperationScript("emit('multiterms');"),
-        },
-      },
-      multiterms_count: {
-        type: 'double',
-        script: {
-          lang: 'painless',
-          source: `
-            double terms = 0;
-            ${forEachMultitermsOperationScript(
-              "terms += columns.get(columnId).get('params').get('secondaryFields').size() + 1;"
-            )}
-            emit(terms);`,
-        },
-      },
-      multiterms_operations_count: {
-        type: 'double',
-        script: {
-          lang: 'painless',
-          source: `
-          double operations = 0;
-          ${forEachMultitermsOperationScript('operations += 1;')}
-          emit(operations);`,
-        },
-      },
-    },
-    bucketsToObject,
-  });
-  // remap the result with the multiterms shape
-  return {
-    saved_multiterms_overall: result.saved_overall,
-    saved_multiterms_30_days: result.saved_30_days,
-    saved_multiterms_90_days: result.saved_90_days,
-  };
-}
diff --git a/x-pack/plugins/lens/server/usage/saved_objects_metric_factory.ts b/x-pack/plugins/lens/server/usage/saved_objects_metric_factory.ts
deleted file mode 100644
index 890c2ec29decc..0000000000000
--- a/x-pack/plugins/lens/server/usage/saved_objects_metric_factory.ts
+++ /dev/null
@@ -1,84 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import {
-  AggregationsAggregationContainer,
-  MappingRuntimeFields,
-} from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
-import { ElasticsearchClient } from '@kbn/core/server';
-import { GenericSavedUsage } from './types';
-
-export function createMetricQuery(
-  getEsClient: () => Promise<ElasticsearchClient>,
-  kibanaIndex: string
-) {
-  return async function ({
-    aggregations,
-    runtimeMappings,
-    bucketsToObject,
-  }: {
-    aggregations: Record<string, AggregationsAggregationContainer>;
-    runtimeMappings?: MappingRuntimeFields;
-    bucketsToObject?: (arg: unknown) => Record<string, number>;
-  }): Promise<GenericSavedUsage> {
-    const esClient = await getEsClient();
-    const results = await esClient.search({
-      index: kibanaIndex,
-      body: {
-        query: {
-          bool: {
-            filter: [{ term: { type: 'lens' } }],
-          },
-        },
-        aggs: {
-          groups: {
-            filters: {
-              filters: {
-                last30: { bool: { filter: { range: { updated_at: { gte: 'now-30d' } } } } },
-                last90: { bool: { filter: { range: { updated_at: { gte: 'now-90d' } } } } },
-                overall: { match_all: {} },
-              },
-            },
-            aggs: {
-              ...aggregations,
-            },
-          },
-        },
-        runtime_mappings: {
-          ...runtimeMappings,
-        },
-        size: 0,
-      },
-    });
-
-    // @ts-expect-error specify aggregations type explicitly
-    const buckets = results.aggregations.groups.buckets;
-
-    // eslint-disable-next-line @typescript-eslint/no-explicit-any
-    function bucketsToObjectFallback(arg: any) {
-      const obj: Record<string, number> = {};
-      const key = Object.keys(arg).find((argKey) => arg[argKey]?.buckets?.length);
-      if (key) {
-        arg[key].buckets.forEach((bucket: { key: string; doc_count: number }) => {
-          obj[bucket.key] = bucket.doc_count + (obj[bucket.key] ?? 0);
-        });
-      }
-      return obj;
-    }
-
-    const mapFn = bucketsToObject ?? bucketsToObjectFallback;
-
-    return {
-      saved_overall: mapFn(buckets.overall),
-      saved_30_days: mapFn(buckets.last30),
-      saved_90_days: mapFn(buckets.last90),
-      saved_overall_total: buckets.overall.doc_count,
-      saved_30_days_total: buckets.last30.doc_count,
-      saved_90_days_total: buckets.last90.doc_count,
-    };
-  };
-}
diff --git a/x-pack/plugins/lens/server/usage/schema.ts b/x-pack/plugins/lens/server/usage/schema.ts
deleted file mode 100644
index 08264de0be416..0000000000000
--- a/x-pack/plugins/lens/server/usage/schema.ts
+++ /dev/null
@@ -1,262 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { MakeSchemaFrom } from '@kbn/usage-collection-plugin/server';
-import { LensUsage } from './types';
-
-const eventsSchema: MakeSchemaFrom<LensUsage['events_30_days']> = {
-  app_query_change: { type: 'long' },
-  open_help_popover: {
-    type: 'long',
-    _meta: { description: 'Number of times the user opened one of the in-product help popovers.' },
-  },
-  error_fix_action: {
-    type: 'long',
-    _meta: {
-      description:
-        'Number of times the user used the fix action of an error displayed in the workspace.',
-    },
-  },
-  open_formula_popover: {
-    type: 'long',
-    _meta: { description: 'Number of times the user opened the in-product formula help popover.' },
-  },
-  toggle_autoapply: {
-    type: 'long',
-    _meta: {
-      description: 'Number of times the user toggled auto-apply.',
-    },
-  },
-  toggle_fullscreen_formula: {
-    type: 'long',
-    _meta: {
-      description: 'Number of times the user toggled fullscreen mode on formula.',
-    },
-  },
-  indexpattern_field_info_click: { type: 'long' },
-  loaded: { type: 'long' },
-  app_filters_updated: { type: 'long' },
-  app_date_change: { type: 'long' },
-  save_failed: { type: 'long' },
-  loaded_404: { type: 'long' },
-  drop_total: { type: 'long' },
-  chart_switch: { type: 'long' },
-  suggestion_confirmed: { type: 'long' },
-  suggestion_clicked: { type: 'long' },
-  drop_onto_workspace: { type: 'long' },
-  drop_non_empty: { type: 'long' },
-  drop_empty: { type: 'long' },
-  indexpattern_changed: { type: 'long' },
-  indexpattern_filters_cleared: { type: 'long' },
-  indexpattern_type_filter_toggled: { type: 'long' },
-  indexpattern_existence_toggled: { type: 'long' },
-  indexpattern_show_all_fields_clicked: { type: 'long' },
-  drop_onto_dimension: { type: 'long' },
-  indexpattern_dimension_removed: { type: 'long' },
-  indexpattern_dimension_field_changed: { type: 'long' },
-  xy_change_layer_display: { type: 'long' },
-  xy_layer_removed: { type: 'long' },
-  xy_layer_added: { type: 'long' },
-  open_field_editor_edit: {
-    type: 'long',
-    _meta: {
-      description:
-        'Number of times the user opened the editor flyout to edit a field from within Lens.',
-    },
-  },
-  open_field_editor_add: {
-    type: 'long',
-    _meta: {
-      description:
-        'Number of times the user opened the editor flyout to add a field from within Lens.',
-    },
-  },
-  save_field_edit: {
-    type: 'long',
-    _meta: {
-      description: 'Number of times the user edited a field from within Lens.',
-    },
-  },
-  save_field_add: {
-    type: 'long',
-    _meta: {
-      description: 'Number of times the user added a field from within Lens.',
-    },
-  },
-  open_field_delete_modal: {
-    type: 'long',
-    _meta: {
-      description: 'Number of times the user opened the field delete modal from within Lens.',
-    },
-  },
-  delete_field: {
-    type: 'long',
-    _meta: {
-      description: 'Number of times the user deleted a field from within Lens.',
-    },
-  },
-  indexpattern_dimension_operation_terms: {
-    type: 'long',
-    _meta: {
-      description: 'Number of times the top values function was selected',
-    },
-  },
-  indexpattern_dimension_operation_date_histogram: {
-    type: 'long',
-    _meta: {
-      description: 'Number of times the date histogram function was selected',
-    },
-  },
-  indexpattern_dimension_operation_avg: {
-    type: 'long',
-    _meta: {
-      description: 'Number of times the average function was selected',
-    },
-  },
-  indexpattern_dimension_operation_min: {
-    type: 'long',
-    _meta: {
-      description: 'Number of times the min function was selected',
-    },
-  },
-  indexpattern_dimension_operation_max: {
-    type: 'long',
-    _meta: {
-      description: 'Number of times the max function was selected',
-    },
-  },
-  indexpattern_dimension_operation_sum: {
-    type: 'long',
-    _meta: {
-      description: 'Number of times the sum function was selected',
-    },
-  },
-  indexpattern_dimension_operation_count: {
-    type: 'long',
-    _meta: {
-      description: 'Number of times the count function was selected',
-    },
-  },
-  indexpattern_dimension_operation_cardinality: {
-    type: 'long',
-    _meta: {
-      description: 'Number of times the cardinality function was selected',
-    },
-  },
-  indexpattern_dimension_operation_filters: {
-    type: 'long',
-    _meta: {
-      description: 'Number of times the filters function was selected',
-    },
-  },
-  indexpattern_dimension_operation_range: {
-    type: 'long',
-    _meta: { description: 'Number of times the range function was selected' },
-  },
-  indexpattern_dimension_operation_median: {
-    type: 'long',
-    _meta: { description: 'Number of times the median function was selected' },
-  },
-  indexpattern_dimension_operation_percentile: {
-    type: 'long',
-    _meta: { description: 'Number of times the percentile function was selected' },
-  },
-  indexpattern_dimension_operation_last_value: {
-    type: 'long',
-    _meta: { description: 'Number of times the last value function was selected' },
-  },
-  indexpattern_dimension_operation_cumulative_sum: {
-    type: 'long',
-    _meta: { description: 'Number of times the cumulative sum function was selected' },
-  },
-  indexpattern_dimension_operation_counter_rate: {
-    type: 'long',
-    _meta: { description: 'Number of times the counter rate function was selected' },
-  },
-  indexpattern_dimension_operation_derivative: {
-    type: 'long',
-    _meta: { description: 'Number of times the derivative function was selected' },
-  },
-  indexpattern_dimension_operation_moving_average: {
-    type: 'long',
-    _meta: { description: 'Number of times the moving average function was selected' },
-  },
-  indexpattern_dimension_operation_formula: {
-    type: 'long',
-    _meta: { description: 'Number of times the formula function was selected' },
-  },
-};
-
-const suggestionEventsSchema: MakeSchemaFrom<LensUsage['suggestion_events_30_days']> = {
-  back_to_current: { type: 'long' },
-  reload: { type: 'long' },
-};
-
-const savedSchema: MakeSchemaFrom<LensUsage['saved_overall']> = {
-  bar: { type: 'long' },
-  bar_horizontal: { type: 'long' },
-  line: { type: 'long' },
-  area: { type: 'long' },
-  bar_stacked: { type: 'long' },
-  bar_percentage_stacked: { type: 'long' },
-  bar_horizontal_stacked: { type: 'long' },
-  bar_horizontal_percentage_stacked: { type: 'long' },
-  area_stacked: { type: 'long' },
-  area_percentage_stacked: { type: 'long' },
-  lnsDatatable: { type: 'long' },
-  lnsPie: { type: 'long' },
-  lnsMetric: { type: 'long' },
-  formula: {
-    type: 'long',
-    _meta: {
-      description: 'Number of saved lens visualizations which are using at least one formula',
-    },
-  },
-};
-
-const savedMultitermsSchema: MakeSchemaFrom<LensUsage['saved_multiterms_overall']> = {
-  multiterms_docs: {
-    type: 'long',
-    _meta: {
-      description:
-        'Number of saved lens visualizations which are using at least one multiterms operation',
-    },
-  },
-  multiterms_terms_count: {
-    type: 'long',
-    _meta: {
-      description: 'Sum of terms used for multiterms operations of saved lens visualizations',
-    },
-  },
-  multiterms_operations_count: {
-    type: 'long',
-    _meta: {
-      description: 'Sum of operations using multiterms of saved lens visualizations',
-    },
-  },
-};
-
-export const lensUsageSchema: MakeSchemaFrom<LensUsage> = {
-  // LensClickUsage
-  events_30_days: eventsSchema,
-  events_90_days: eventsSchema,
-  suggestion_events_30_days: suggestionEventsSchema,
-  suggestion_events_90_days: suggestionEventsSchema,
-
-  // LensVisualizationUsage
-  saved_overall_total: { type: 'long' },
-  saved_30_days_total: { type: 'long' },
-  saved_90_days_total: { type: 'long' },
-
-  saved_overall: savedSchema,
-  saved_30_days: savedSchema,
-  saved_90_days: savedSchema,
-
-  saved_multiterms_overall: savedMultitermsSchema,
-  saved_multiterms_30_days: savedMultitermsSchema,
-  saved_multiterms_90_days: savedMultitermsSchema,
-};
diff --git a/x-pack/plugins/lens/server/usage/task.ts b/x-pack/plugins/lens/server/usage/task.ts
deleted file mode 100644
index f4a805bef7401..0000000000000
--- a/x-pack/plugins/lens/server/usage/task.ts
+++ /dev/null
@@ -1,215 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { CoreSetup, Logger, ElasticsearchClient } from '@kbn/core/server';
-import moment from 'moment';
-import {
-  RunContext,
-  TaskManagerSetupContract,
-  TaskManagerStartContract,
-} from '@kbn/task-manager-plugin/server';
-
-import { ESSearchResponse } from '@kbn/core/types/elasticsearch';
-import { getVisualizationCounts } from './visualization_counts';
-import { getMultitermsCounts } from './multiterms_count';
-
-// This task is responsible for running daily and aggregating all the Lens click event objects
-// into daily rolled-up documents, which will be used in reporting click stats
-
-const TELEMETRY_TASK_TYPE = 'lens_telemetry';
-
-export const TASK_ID = `Lens-${TELEMETRY_TASK_TYPE}`;
-
-export function initializeLensTelemetry(
-  logger: Logger,
-  core: CoreSetup,
-  taskManager: TaskManagerSetupContract
-) {
-  registerLensTelemetryTask(logger, core, taskManager);
-}
-
-export function scheduleLensTelemetry(logger: Logger, taskManager?: TaskManagerStartContract) {
-  if (taskManager) {
-    scheduleTasks(logger, taskManager);
-  }
-}
-
-function registerLensTelemetryTask(
-  logger: Logger,
-  core: CoreSetup,
-  taskManager: TaskManagerSetupContract
-) {
-  taskManager.registerTaskDefinitions({
-    [TELEMETRY_TASK_TYPE]: {
-      title: 'Lens usage fetch task',
-      timeout: '1m',
-      createTaskRunner: telemetryTaskRunner(logger, core),
-    },
-  });
-}
-
-async function scheduleTasks(logger: Logger, taskManager: TaskManagerStartContract) {
-  try {
-    await taskManager.ensureScheduled({
-      id: TASK_ID,
-      taskType: TELEMETRY_TASK_TYPE,
-      state: { byDate: {}, suggestionsByDate: {}, saved: {}, runs: 0 },
-      params: {},
-    });
-  } catch (e) {
-    logger.debug(`Error scheduling task, received ${e.message}`);
-  }
-}
-
-export async function getDailyEvents(
-  kibanaIndex: string,
-  getEsClient: () => Promise<ElasticsearchClient>
-): Promise<{
-  byDate: Record<string, Record<string, number>>;
-  suggestionsByDate: Record<string, Record<string, number>>;
-}> {
-  const esClient = await getEsClient();
-  const aggs = {
-    daily: {
-      date_histogram: {
-        field: 'lens-ui-telemetry.date',
-        calendar_interval: '1d' as const,
-        min_doc_count: 1,
-      },
-      aggs: {
-        groups: {
-          filters: {
-            filters: {
-              suggestionEvents: {
-                bool: {
-                  filter: {
-                    term: { 'lens-ui-telemetry.type': 'suggestion' },
-                  },
-                },
-              },
-              regularEvents: {
-                bool: {
-                  must_not: {
-                    term: { 'lens-ui-telemetry.type': 'suggestion' },
-                  },
-                },
-              },
-            },
-          },
-          aggs: {
-            names: {
-              terms: { field: 'lens-ui-telemetry.name', size: 100 },
-              aggs: {
-                sums: { sum: { field: 'lens-ui-telemetry.count' } },
-              },
-            },
-          },
-        },
-      },
-    },
-  };
-
-  const metrics = await esClient.search<ESSearchResponse<unknown, { body: { aggs: typeof aggs } }>>(
-    {
-      index: kibanaIndex,
-      body: {
-        query: {
-          bool: {
-            filter: [
-              { term: { type: 'lens-ui-telemetry' } },
-              { range: { 'lens-ui-telemetry.date': { gte: 'now-90d/d' } } },
-            ],
-          },
-        },
-        aggs,
-      },
-      size: 0,
-    }
-  );
-
-  const byDateByType: Record<string, Record<string, number>> = {};
-  const suggestionsByDate: Record<string, Record<string, number>> = {};
-
-  // @ts-expect-error no way to declare aggregations for search response
-  metrics.aggregations!.daily.buckets.forEach((daily) => {
-    const byType: Record<string, number> = byDateByType[daily.key] || {};
-    // @ts-expect-error no way to declare aggregations for search response
-    daily.groups.buckets.regularEvents.names.buckets.forEach((bucket) => {
-      byType[bucket.key] = (bucket.sums.value || 0) + (byType[daily.key] || 0);
-    });
-    byDateByType[daily.key] = byType;
-
-    const suggestionsByType: Record<string, number> = suggestionsByDate[daily.key] || {};
-    // @ts-expect-error no way to declare aggregations for search response
-    daily.groups.buckets.suggestionEvents.names.buckets.forEach((bucket) => {
-      suggestionsByType[bucket.key] =
-        (bucket.sums.value || 0) + (suggestionsByType[daily.key] || 0);
-    });
-    suggestionsByDate[daily.key] = suggestionsByType;
-  });
-
-  // Always delete old date because we don't report it
-  await esClient.deleteByQuery({
-    index: kibanaIndex,
-    wait_for_completion: true,
-    body: {
-      query: {
-        bool: {
-          filter: [
-            { term: { type: 'lens-ui-telemetry' } },
-            { range: { 'lens-ui-telemetry.date': { lt: 'now-90d/d' } } },
-          ],
-        },
-      },
-    },
-  });
-
-  return {
-    byDate: byDateByType,
-    suggestionsByDate,
-  };
-}
-
-export function telemetryTaskRunner(logger: Logger, core: CoreSetup) {
-  return ({ taskInstance }: RunContext) => {
-    const { state } = taskInstance;
-    const getEsClient = async () => {
-      const [coreStart] = await core.getStartServices();
-      return coreStart.elasticsearch.client.asInternalUser;
-    };
-
-    return {
-      async run() {
-        const kibanaIndex = core.savedObjects.getKibanaIndex();
-
-        return Promise.all([
-          getDailyEvents(kibanaIndex, getEsClient),
-          getVisualizationCounts(getEsClient, kibanaIndex),
-          getMultitermsCounts(getEsClient, kibanaIndex),
-        ])
-          .then(([lensTelemetry, lensVisualizations, lensMultiterms]) => {
-            return {
-              state: {
-                runs: (state.runs || 0) + 1,
-                byDate: (lensTelemetry && lensTelemetry.byDate) || {},
-                suggestionsByDate: (lensTelemetry && lensTelemetry.suggestionsByDate) || {},
-                saved: lensVisualizations,
-                multiterms: lensMultiterms,
-              },
-              runAt: getNextMidnight(),
-            };
-          })
-          .catch((errMsg) => logger.warn(`Error executing lens telemetry task: ${errMsg}`));
-      },
-      async cancel() {},
-    };
-  };
-}
-
-function getNextMidnight() {
-  return moment().add(1, 'day').startOf('day').toDate();
-}
diff --git a/x-pack/plugins/lens/server/usage/types.ts b/x-pack/plugins/lens/server/usage/types.ts
deleted file mode 100644
index f440232b233c3..0000000000000
--- a/x-pack/plugins/lens/server/usage/types.ts
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-export interface LensTelemetryState {
-  runs: number;
-  byDate: Record<string, Record<string, number>>;
-  suggestionsByDate: Record<string, Record<string, number>>;
-  saved: LensVisualizationUsage;
-  multiterms: LensMultitermsUsage;
-}
-
-export interface LensVisualizationUsage {
-  saved_overall: Record<string, number>;
-  saved_30_days: Record<string, number>;
-  saved_90_days: Record<string, number>;
-  saved_overall_total: number;
-  saved_30_days_total: number;
-  saved_90_days_total: number;
-}
-
-export interface LensMultitermsUsage {
-  saved_multiterms_overall: Record<string, number>;
-  saved_multiterms_30_days: Record<string, number>;
-  saved_multiterms_90_days: Record<string, number>;
-}
-
-export interface LensClickUsage {
-  events_30_days: Record<string, number>;
-  events_90_days: Record<string, number>;
-  suggestion_events_30_days: Record<string, number>;
-  suggestion_events_90_days: Record<string, number>;
-}
-
-export interface GenericSavedUsage {
-  saved_overall: Record<string, number>;
-  saved_30_days: Record<string, number>;
-  saved_90_days: Record<string, number>;
-  saved_overall_total: number;
-  saved_30_days_total: number;
-  saved_90_days_total: number;
-}
-
-export type LensUsage = LensVisualizationUsage & LensMultitermsUsage & LensClickUsage;
diff --git a/x-pack/plugins/lens/server/usage/visualization_counts.ts b/x-pack/plugins/lens/server/usage/visualization_counts.ts
deleted file mode 100644
index 34d9c2c4ee49e..0000000000000
--- a/x-pack/plugins/lens/server/usage/visualization_counts.ts
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { ElasticsearchClient } from '@kbn/core/server';
-import { createMetricQuery } from './saved_objects_metric_factory';
-import { LensVisualizationUsage } from './types';
-
-export function getVisualizationCounts(
-  getEsClient: () => Promise<ElasticsearchClient>,
-  kibanaIndex: string
-): Promise<LensVisualizationUsage> {
-  // eslint-disable-next-line @typescript-eslint/no-explicit-any
-  function bucketsToObject(arg: any) {
-    const obj: Record<string, number> = {};
-    arg.byType.buckets.forEach((bucket: { key: string; doc_count: number }) => {
-      obj[bucket.key] = bucket.doc_count + (obj[bucket.key] ?? 0);
-    });
-    if (arg.usesFormula.doc_count > 0) {
-      obj.formula = arg.usesFormula.doc_count;
-    }
-    return obj;
-  }
-
-  return createMetricQuery(
-    getEsClient,
-    kibanaIndex
-  )({
-    aggregations: {
-      byType: {
-        terms: {
-          // The script relies on having flattened keyword mapping for the Lens saved object,
-          // without this kind of mapping we would not be able to access `lens.state` in painless
-          script: `
-          String visType = doc['lens.visualizationType'].value;
-          String niceType = visType == 'lnsXY' ? doc['lens.state.visualization.preferredSeriesType'].value : visType;
-          return niceType;
-          `,
-          size: 100,
-        },
-      },
-      usesFormula: {
-        filter: {
-          match: {
-            operation_type: 'formula',
-          },
-        },
-      },
-    },
-    runtimeMappings: {
-      operation_type: {
-        type: 'keyword',
-        script: {
-          lang: 'painless',
-          source: `try {
-            if(doc['lens.state'].size() == 0) return;
-            HashMap layers = params['_source'].get('lens').get('state').get('datasourceStates').get('indexpattern').get('layers');
-            for(layerId in layers.keySet()) {
-              HashMap columns = layers.get(layerId).get('columns');
-              for(columnId in columns.keySet()) {
-                emit(columns.get(columnId).get('operationType'))
-              }
-            }
-          } catch(Exception e) {}`,
-        },
-      },
-    },
-    bucketsToObject,
-  });
-}
diff --git a/x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json b/x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json
index e18b16b14c224..59095497d03e2 100644
--- a/x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json
+++ b/x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json
@@ -4921,758 +4921,6 @@
         }
       }
     },
-    "lens": {
-      "properties": {
-        "events_30_days": {
-          "properties": {
-            "app_query_change": {
-              "type": "long"
-            },
-            "open_help_popover": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the user opened one of the in-product help popovers."
-              }
-            },
-            "error_fix_action": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the user used the fix action of an error displayed in the workspace."
-              }
-            },
-            "open_formula_popover": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the user opened the in-product formula help popover."
-              }
-            },
-            "toggle_autoapply": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the user toggled auto-apply."
-              }
-            },
-            "toggle_fullscreen_formula": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the user toggled fullscreen mode on formula."
-              }
-            },
-            "indexpattern_field_info_click": {
-              "type": "long"
-            },
-            "loaded": {
-              "type": "long"
-            },
-            "app_filters_updated": {
-              "type": "long"
-            },
-            "app_date_change": {
-              "type": "long"
-            },
-            "save_failed": {
-              "type": "long"
-            },
-            "loaded_404": {
-              "type": "long"
-            },
-            "drop_total": {
-              "type": "long"
-            },
-            "chart_switch": {
-              "type": "long"
-            },
-            "suggestion_confirmed": {
-              "type": "long"
-            },
-            "suggestion_clicked": {
-              "type": "long"
-            },
-            "drop_onto_workspace": {
-              "type": "long"
-            },
-            "drop_non_empty": {
-              "type": "long"
-            },
-            "drop_empty": {
-              "type": "long"
-            },
-            "indexpattern_changed": {
-              "type": "long"
-            },
-            "indexpattern_filters_cleared": {
-              "type": "long"
-            },
-            "indexpattern_type_filter_toggled": {
-              "type": "long"
-            },
-            "indexpattern_existence_toggled": {
-              "type": "long"
-            },
-            "indexpattern_show_all_fields_clicked": {
-              "type": "long"
-            },
-            "drop_onto_dimension": {
-              "type": "long"
-            },
-            "indexpattern_dimension_removed": {
-              "type": "long"
-            },
-            "indexpattern_dimension_field_changed": {
-              "type": "long"
-            },
-            "xy_change_layer_display": {
-              "type": "long"
-            },
-            "xy_layer_removed": {
-              "type": "long"
-            },
-            "xy_layer_added": {
-              "type": "long"
-            },
-            "open_field_editor_edit": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the user opened the editor flyout to edit a field from within Lens."
-              }
-            },
-            "open_field_editor_add": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the user opened the editor flyout to add a field from within Lens."
-              }
-            },
-            "save_field_edit": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the user edited a field from within Lens."
-              }
-            },
-            "save_field_add": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the user added a field from within Lens."
-              }
-            },
-            "open_field_delete_modal": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the user opened the field delete modal from within Lens."
-              }
-            },
-            "delete_field": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the user deleted a field from within Lens."
-              }
-            },
-            "indexpattern_dimension_operation_terms": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the top values function was selected"
-              }
-            },
-            "indexpattern_dimension_operation_date_histogram": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the date histogram function was selected"
-              }
-            },
-            "indexpattern_dimension_operation_avg": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the average function was selected"
-              }
-            },
-            "indexpattern_dimension_operation_min": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the min function was selected"
-              }
-            },
-            "indexpattern_dimension_operation_max": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the max function was selected"
-              }
-            },
-            "indexpattern_dimension_operation_sum": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the sum function was selected"
-              }
-            },
-            "indexpattern_dimension_operation_count": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the count function was selected"
-              }
-            },
-            "indexpattern_dimension_operation_cardinality": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the cardinality function was selected"
-              }
-            },
-            "indexpattern_dimension_operation_filters": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the filters function was selected"
-              }
-            },
-            "indexpattern_dimension_operation_range": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the range function was selected"
-              }
-            },
-            "indexpattern_dimension_operation_median": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the median function was selected"
-              }
-            },
-            "indexpattern_dimension_operation_percentile": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the percentile function was selected"
-              }
-            },
-            "indexpattern_dimension_operation_last_value": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the last value function was selected"
-              }
-            },
-            "indexpattern_dimension_operation_cumulative_sum": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the cumulative sum function was selected"
-              }
-            },
-            "indexpattern_dimension_operation_counter_rate": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the counter rate function was selected"
-              }
-            },
-            "indexpattern_dimension_operation_derivative": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the derivative function was selected"
-              }
-            },
-            "indexpattern_dimension_operation_moving_average": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the moving average function was selected"
-              }
-            },
-            "indexpattern_dimension_operation_formula": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the formula function was selected"
-              }
-            }
-          }
-        },
-        "events_90_days": {
-          "properties": {
-            "app_query_change": {
-              "type": "long"
-            },
-            "open_help_popover": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the user opened one of the in-product help popovers."
-              }
-            },
-            "error_fix_action": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the user used the fix action of an error displayed in the workspace."
-              }
-            },
-            "open_formula_popover": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the user opened the in-product formula help popover."
-              }
-            },
-            "toggle_autoapply": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the user toggled auto-apply."
-              }
-            },
-            "toggle_fullscreen_formula": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the user toggled fullscreen mode on formula."
-              }
-            },
-            "indexpattern_field_info_click": {
-              "type": "long"
-            },
-            "loaded": {
-              "type": "long"
-            },
-            "app_filters_updated": {
-              "type": "long"
-            },
-            "app_date_change": {
-              "type": "long"
-            },
-            "save_failed": {
-              "type": "long"
-            },
-            "loaded_404": {
-              "type": "long"
-            },
-            "drop_total": {
-              "type": "long"
-            },
-            "chart_switch": {
-              "type": "long"
-            },
-            "suggestion_confirmed": {
-              "type": "long"
-            },
-            "suggestion_clicked": {
-              "type": "long"
-            },
-            "drop_onto_workspace": {
-              "type": "long"
-            },
-            "drop_non_empty": {
-              "type": "long"
-            },
-            "drop_empty": {
-              "type": "long"
-            },
-            "indexpattern_changed": {
-              "type": "long"
-            },
-            "indexpattern_filters_cleared": {
-              "type": "long"
-            },
-            "indexpattern_type_filter_toggled": {
-              "type": "long"
-            },
-            "indexpattern_existence_toggled": {
-              "type": "long"
-            },
-            "indexpattern_show_all_fields_clicked": {
-              "type": "long"
-            },
-            "drop_onto_dimension": {
-              "type": "long"
-            },
-            "indexpattern_dimension_removed": {
-              "type": "long"
-            },
-            "indexpattern_dimension_field_changed": {
-              "type": "long"
-            },
-            "xy_change_layer_display": {
-              "type": "long"
-            },
-            "xy_layer_removed": {
-              "type": "long"
-            },
-            "xy_layer_added": {
-              "type": "long"
-            },
-            "open_field_editor_edit": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the user opened the editor flyout to edit a field from within Lens."
-              }
-            },
-            "open_field_editor_add": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the user opened the editor flyout to add a field from within Lens."
-              }
-            },
-            "save_field_edit": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the user edited a field from within Lens."
-              }
-            },
-            "save_field_add": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the user added a field from within Lens."
-              }
-            },
-            "open_field_delete_modal": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the user opened the field delete modal from within Lens."
-              }
-            },
-            "delete_field": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the user deleted a field from within Lens."
-              }
-            },
-            "indexpattern_dimension_operation_terms": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the top values function was selected"
-              }
-            },
-            "indexpattern_dimension_operation_date_histogram": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the date histogram function was selected"
-              }
-            },
-            "indexpattern_dimension_operation_avg": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the average function was selected"
-              }
-            },
-            "indexpattern_dimension_operation_min": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the min function was selected"
-              }
-            },
-            "indexpattern_dimension_operation_max": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the max function was selected"
-              }
-            },
-            "indexpattern_dimension_operation_sum": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the sum function was selected"
-              }
-            },
-            "indexpattern_dimension_operation_count": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the count function was selected"
-              }
-            },
-            "indexpattern_dimension_operation_cardinality": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the cardinality function was selected"
-              }
-            },
-            "indexpattern_dimension_operation_filters": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the filters function was selected"
-              }
-            },
-            "indexpattern_dimension_operation_range": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the range function was selected"
-              }
-            },
-            "indexpattern_dimension_operation_median": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the median function was selected"
-              }
-            },
-            "indexpattern_dimension_operation_percentile": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the percentile function was selected"
-              }
-            },
-            "indexpattern_dimension_operation_last_value": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the last value function was selected"
-              }
-            },
-            "indexpattern_dimension_operation_cumulative_sum": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the cumulative sum function was selected"
-              }
-            },
-            "indexpattern_dimension_operation_counter_rate": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the counter rate function was selected"
-              }
-            },
-            "indexpattern_dimension_operation_derivative": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the derivative function was selected"
-              }
-            },
-            "indexpattern_dimension_operation_moving_average": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the moving average function was selected"
-              }
-            },
-            "indexpattern_dimension_operation_formula": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of times the formula function was selected"
-              }
-            }
-          }
-        },
-        "suggestion_events_30_days": {
-          "properties": {
-            "back_to_current": {
-              "type": "long"
-            },
-            "reload": {
-              "type": "long"
-            }
-          }
-        },
-        "suggestion_events_90_days": {
-          "properties": {
-            "back_to_current": {
-              "type": "long"
-            },
-            "reload": {
-              "type": "long"
-            }
-          }
-        },
-        "saved_overall_total": {
-          "type": "long"
-        },
-        "saved_30_days_total": {
-          "type": "long"
-        },
-        "saved_90_days_total": {
-          "type": "long"
-        },
-        "saved_overall": {
-          "properties": {
-            "bar": {
-              "type": "long"
-            },
-            "bar_horizontal": {
-              "type": "long"
-            },
-            "line": {
-              "type": "long"
-            },
-            "area": {
-              "type": "long"
-            },
-            "bar_stacked": {
-              "type": "long"
-            },
-            "bar_percentage_stacked": {
-              "type": "long"
-            },
-            "bar_horizontal_stacked": {
-              "type": "long"
-            },
-            "bar_horizontal_percentage_stacked": {
-              "type": "long"
-            },
-            "area_stacked": {
-              "type": "long"
-            },
-            "area_percentage_stacked": {
-              "type": "long"
-            },
-            "lnsDatatable": {
-              "type": "long"
-            },
-            "lnsPie": {
-              "type": "long"
-            },
-            "lnsMetric": {
-              "type": "long"
-            },
-            "formula": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of saved lens visualizations which are using at least one formula"
-              }
-            }
-          }
-        },
-        "saved_30_days": {
-          "properties": {
-            "bar": {
-              "type": "long"
-            },
-            "bar_horizontal": {
-              "type": "long"
-            },
-            "line": {
-              "type": "long"
-            },
-            "area": {
-              "type": "long"
-            },
-            "bar_stacked": {
-              "type": "long"
-            },
-            "bar_percentage_stacked": {
-              "type": "long"
-            },
-            "bar_horizontal_stacked": {
-              "type": "long"
-            },
-            "bar_horizontal_percentage_stacked": {
-              "type": "long"
-            },
-            "area_stacked": {
-              "type": "long"
-            },
-            "area_percentage_stacked": {
-              "type": "long"
-            },
-            "lnsDatatable": {
-              "type": "long"
-            },
-            "lnsPie": {
-              "type": "long"
-            },
-            "lnsMetric": {
-              "type": "long"
-            },
-            "formula": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of saved lens visualizations which are using at least one formula"
-              }
-            }
-          }
-        },
-        "saved_90_days": {
-          "properties": {
-            "bar": {
-              "type": "long"
-            },
-            "bar_horizontal": {
-              "type": "long"
-            },
-            "line": {
-              "type": "long"
-            },
-            "area": {
-              "type": "long"
-            },
-            "bar_stacked": {
-              "type": "long"
-            },
-            "bar_percentage_stacked": {
-              "type": "long"
-            },
-            "bar_horizontal_stacked": {
-              "type": "long"
-            },
-            "bar_horizontal_percentage_stacked": {
-              "type": "long"
-            },
-            "area_stacked": {
-              "type": "long"
-            },
-            "area_percentage_stacked": {
-              "type": "long"
-            },
-            "lnsDatatable": {
-              "type": "long"
-            },
-            "lnsPie": {
-              "type": "long"
-            },
-            "lnsMetric": {
-              "type": "long"
-            },
-            "formula": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of saved lens visualizations which are using at least one formula"
-              }
-            }
-          }
-        },
-        "saved_multiterms_overall": {
-          "properties": {
-            "multiterms_docs": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of saved lens visualizations which are using at least one multiterms operation"
-              }
-            },
-            "multiterms_terms_count": {
-              "type": "long",
-              "_meta": {
-                "description": "Sum of terms used for multiterms operations of saved lens visualizations"
-              }
-            },
-            "multiterms_operations_count": {
-              "type": "long",
-              "_meta": {
-                "description": "Sum of operations using multiterms of saved lens visualizations"
-              }
-            }
-          }
-        },
-        "saved_multiterms_30_days": {
-          "properties": {
-            "multiterms_docs": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of saved lens visualizations which are using at least one multiterms operation"
-              }
-            },
-            "multiterms_terms_count": {
-              "type": "long",
-              "_meta": {
-                "description": "Sum of terms used for multiterms operations of saved lens visualizations"
-              }
-            },
-            "multiterms_operations_count": {
-              "type": "long",
-              "_meta": {
-                "description": "Sum of operations using multiterms of saved lens visualizations"
-              }
-            }
-          }
-        },
-        "saved_multiterms_90_days": {
-          "properties": {
-            "multiterms_docs": {
-              "type": "long",
-              "_meta": {
-                "description": "Number of saved lens visualizations which are using at least one multiterms operation"
-              }
-            },
-            "multiterms_terms_count": {
-              "type": "long",
-              "_meta": {
-                "description": "Sum of terms used for multiterms operations of saved lens visualizations"
-              }
-            },
-            "multiterms_operations_count": {
-              "type": "long",
-              "_meta": {
-                "description": "Sum of operations using multiterms of saved lens visualizations"
-              }
-            }
-          }
-        }
-      }
-    },
     "maps": {
       "properties": {
         "indexPatternsWithGeoFieldCount": {
diff --git a/x-pack/test/api_integration/apis/lens/index.ts b/x-pack/test/api_integration/apis/lens/index.ts
index 04508f011158a..8d74ad475511f 100644
--- a/x-pack/test/api_integration/apis/lens/index.ts
+++ b/x-pack/test/api_integration/apis/lens/index.ts
@@ -12,6 +12,5 @@ export default function lensApiIntegrationTests({ loadTestFile }: FtrProviderCon
     loadTestFile(require.resolve('./existing_fields'));
     loadTestFile(require.resolve('./legacy_existing_fields'));
     loadTestFile(require.resolve('./field_stats'));
-    loadTestFile(require.resolve('./telemetry'));
   });
 }
diff --git a/x-pack/test/api_integration/apis/lens/telemetry.ts b/x-pack/test/api_integration/apis/lens/telemetry.ts
deleted file mode 100644
index e1bae98269d4e..0000000000000
--- a/x-pack/test/api_integration/apis/lens/telemetry.ts
+++ /dev/null
@@ -1,200 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import moment from 'moment';
-import expect from '@kbn/expect';
-
-import { getDailyEvents } from '@kbn/lens-plugin/server/usage/task';
-import { getVisualizationCounts } from '@kbn/lens-plugin/server/usage/visualization_counts';
-import { FtrProviderContext } from '../../ftr_provider_context';
-
-const COMMON_HEADERS = {
-  'kbn-xsrf': 'some-xsrf-token',
-};
-
-export default ({ getService }: FtrProviderContext) => {
-  const supertest = getService('supertest');
-  const es = getService('es');
-  const kibanaServer = getService('kibanaServer');
-
-  async function assertExpectedSavedObjects(num: number) {
-    // Make sure that new/deleted docs are available to search
-    await es.indices.refresh({
-      index: '.kibana',
-    });
-
-    const { count } = await es.count({
-      index: '.kibana',
-      q: 'type:lens-ui-telemetry',
-    });
-
-    expect(count).to.be(num);
-  }
-
-  describe('lens telemetry', () => {
-    beforeEach(async () => {
-      await es.deleteByQuery({
-        index: '.kibana',
-        q: 'type:lens-ui-telemetry',
-        wait_for_completion: true,
-        refresh: true,
-        body: {},
-      });
-    });
-
-    afterEach(async () => {
-      await es.deleteByQuery({
-        index: '.kibana',
-        q: 'type:lens-ui-telemetry',
-        wait_for_completion: true,
-        refresh: true,
-        body: {},
-      });
-    });
-
-    it('should do nothing on empty post', async () => {
-      await supertest
-        .post('/api/lens/stats')
-        .set(COMMON_HEADERS)
-        .send({
-          events: {},
-          suggestionEvents: {},
-        })
-        .expect(200);
-
-      await assertExpectedSavedObjects(0);
-    });
-
-    it('should write a document per results', async () => {
-      await supertest
-        .post('/api/lens/stats')
-        .set(COMMON_HEADERS)
-        .send({
-          events: {
-            '2019-10-13': { loaded: 5, dragged: 2 },
-            '2019-10-14': { loaded: 1 },
-          },
-          suggestionEvents: {
-            '2019-10-13': { switched: 2 },
-          },
-        })
-        .expect(200);
-
-      await assertExpectedSavedObjects(4);
-    });
-
-    it('should delete older telemetry documents while running', async () => {
-      const olderDate = moment().subtract(100, 'days').valueOf();
-
-      // @ts-ignore optional type: string
-      await es.index({
-        index: '.kibana',
-        body: {
-          type: 'lens-ui-telemetry',
-          'lens-ui-telemetry': {
-            date: olderDate,
-            name: 'load',
-            type: 'regular',
-            count: 5,
-          },
-        },
-        refresh: 'wait_for',
-      });
-
-      const result = await getDailyEvents('.kibana', () => Promise.resolve(es));
-
-      expect(result).to.eql({
-        byDate: {},
-        suggestionsByDate: {},
-      });
-
-      await assertExpectedSavedObjects(0);
-    });
-
-    it('should aggregate the individual events into daily totals by type', async () => {
-      // Dates are set to midnight in the aggregation, so let's make this easier for the test
-      const date1 = moment().utc().subtract(10, 'days').startOf('day').valueOf();
-      const date2 = moment().utc().subtract(20, 'days').startOf('day').valueOf();
-
-      function getEvent(name: string, date: number, type = 'regular') {
-        return {
-          type: 'lens-ui-telemetry',
-          'lens-ui-telemetry': {
-            date,
-            name,
-            type,
-            count: 5,
-          },
-        };
-      }
-
-      await es.bulk({
-        refresh: 'wait_for',
-        body: [
-          { index: { _index: '.kibana' } },
-          getEvent('load', date1),
-          { index: { _index: '.kibana' } },
-          getEvent('load', date1),
-          { index: { _index: '.kibana' } },
-          getEvent('load', date1),
-          { index: { _index: '.kibana' } },
-          getEvent('load', date2),
-          { index: { _index: '.kibana' } },
-          getEvent('revert', date1, 'suggestion'),
-        ],
-      });
-      const result = await getDailyEvents('.kibana', () => Promise.resolve(es));
-
-      expect(result).to.eql({
-        byDate: {
-          [date1]: {
-            load: 15,
-          },
-          [date2]: {
-            load: 5,
-          },
-        },
-        suggestionsByDate: {
-          [date1]: {
-            revert: 5,
-          },
-          [date2]: {},
-        },
-      });
-
-      await assertExpectedSavedObjects(5);
-    });
-
-    it('should collect telemetry on saved visualization types with a painless script', async () => {
-      await kibanaServer.importExport.load(
-        'x-pack/test/functional/fixtures/kbn_archiver/lens/lens_basic.json'
-      );
-
-      const results = await getVisualizationCounts(() => Promise.resolve(es), '.kibana');
-
-      expect(results).to.have.keys([
-        'saved_overall',
-        'saved_30_days',
-        'saved_90_days',
-        'saved_overall_total',
-        'saved_30_days_total',
-        'saved_90_days_total',
-      ]);
-
-      expect(results.saved_overall).to.eql({
-        lnsMetric: 1,
-        bar_stacked: 1,
-        lnsPie: 1,
-      });
-      expect(results.saved_overall_total).to.eql(3);
-
-      await kibanaServer.importExport.unload(
-        'x-pack/test/functional/fixtures/kbn_archiver/lens/lens_basic.json'
-      );
-    });
-  });
-};