Merge remote-tracking branch 'upstream/master' into lens/cumulative-sum

.github/CODEOWNERS

@@ -119,18 +119,18 @@
 #CC# /x-pack/plugins/beats_management/ @elastic/beats
 
 # Canvas
-/src/plugins/dashboard/ @elastic/kibana-app
-/src/plugins/input_control_vis/ @elastic/kibana-app
-/src/plugins/vis_type_markdown/ @elastic/kibana-app
+/src/plugins/dashboard/ @elastic/kibana-canvas
+/src/plugins/input_control_vis/ @elastic/kibana-canvas
+/src/plugins/vis_type_markdown/ @elastic/kibana-canvas
 /x-pack/plugins/canvas/  @elastic/kibana-canvas
-/x-pack/plugins/dashboard_enhanced/ @elastic/kibana-app
+/x-pack/plugins/dashboard_enhanced/ @elastic/kibana-canvas
 /x-pack/test/functional/apps/canvas/  @elastic/kibana-canvas
-#CC# /src/legacy/core_plugins/kibana/public/dashboard/ @elastic/kibana-app
-#CC# /src/legacy/core_plugins/input_control_vis @elastic/kibana-app
+#CC# /src/legacy/core_plugins/kibana/public/dashboard/ @elastic/kibana-canvas
+#CC# /src/legacy/core_plugins/input_control_vis @elastic/kibana-canvas
 #CC# /src/plugins/kibana_react/public/code_editor/ @elastic/kibana-canvas
 #CC# /x-pack/legacy/plugins/canvas/ @elastic/kibana-canvas
-#CC# /x-pack/plugins/dashboard_mode @elastic/kibana-app
-#CC# /x-pack/legacy/plugins/dashboard_mode/ @elastic/kibana-app
+#CC# /x-pack/plugins/dashboard_mode @elastic/kibana-canvas
+#CC# /x-pack/legacy/plugins/dashboard_mode/ @elastic/kibana-canvas
 
 # Core UI
 # Exclude tutorials folder for now because they are not owned by Kibana app and most will move out soon

.github/ISSUE_TEMPLATE/security_solution_bug_report.md

@@ -2,7 +2,7 @@
 name: Bug report for Security Solution
 about: Help us identify bugs in Elastic Security, SIEM, and Endpoint so we can fix them!
 title: '[Security Solution]'
-labels: 'Team: Security Solution'
+labels: Team: SecuritySolution
 ---
 
 **Describe the bug:**

docs/api/saved-objects.asciidoc

@@ -28,6 +28,8 @@ The following saved objects APIs are available:
 
 * <<saved-objects-api-resolve-import-errors, Resolve import errors API>> to resolve errors from the import API
 
+* <<saved-objects-api-rotate-encryption-key, Rotate encryption key API>> to rotate the encryption key for encrypted saved objects
+
 include::saved-objects/get.asciidoc[]
 include::saved-objects/bulk_get.asciidoc[]
 include::saved-objects/find.asciidoc[]
@@ -38,3 +40,4 @@ include::saved-objects/delete.asciidoc[]
 include::saved-objects/export.asciidoc[]
 include::saved-objects/import.asciidoc[]
 include::saved-objects/resolve_import_errors.asciidoc[]
+include::saved-objects/rotate_encryption_key.asciidoc[]

docs/api/saved-objects/rotate_encryption_key.asciidoc

@@ -0,0 +1,110 @@
+[role="xpack"]
+[[saved-objects-api-rotate-encryption-key]]
+=== Rotate encryption key API
+++++
+<titleabbrev>Rotate encryption key</titleabbrev>
+++++
+
+experimental[] Rotate the encryption key for encrypted saved objects.
+
+If a saved object cannot be decrypted using the primary encryption key, then {kib} will attempt to decrypt it using the specified <<xpack-encryptedSavedObjects-keyRotation-decryptionOnlyKeys, decryption-only keys>>. In most of the cases this overhead is negligible, but if you're dealing with a large number of saved objects and experiencing performance issues, you may want to rotate the encryption key.
+
+[IMPORTANT]
+============================================================================
+Bulk key rotation can consume a considerable amount of resources and hence only user with a `superuser` role can trigger it.
+============================================================================
+
+[[saved-objects-api-rotate-encryption-key-request]]
+==== Request
+
+`POST <kibana host>:<port>/api/encrypted_saved_objects/_rotate_key`
+
+[[saved-objects-api-rotate-encryption-key-request-query-params]]
+==== Query parameters
+
+`type`::
+(Optional, string) Limits encryption key rotation only to the saved objects with the specified type. By default, {kib} tries to rotate the encryption key for all saved object types that may contain encrypted attributes.
+
+`batchSize`::
+(Optional, number) Specifies a maximum number of saved objects that {kib} can process in a single batch. Bulk key rotation is an iterative process since {kib} may not be able to fetch and process all required saved objects in one go and splits processing into consequent batches. By default, the batch size is 10000, which is also a maximum allowed value.
+
+[[saved-objects-api-rotate-encryption-key-response-body]]
+==== Response body
+
+`total`::
+(number) Indicates the total number of _all_ encrypted saved objects (optionally filtered by the requested `type`), regardless of the key {kib} used for encryption.
+
+`successful`::
+(number) Indicates the total number of _all_ encrypted saved objects (optionally filtered by the requested `type`), regardless of the key {kib} used for encryption.
++
+NOTE: In most cases, `total` will be greater than `successful` even if `failed` is zero. The reason is that {kib} may not need or may not be able to rotate encryption keys for all encrypted saved objects.
+
+`failed`::
+(number) Indicates the number of the saved objects that were still encrypted with one of the old encryption keys that {kib} failed to re-encrypt with the primary key.
+
+[[saved-objects-api-rotate-encryption-key-response-codes]]
+==== Response code
+
+`200`::
+Indicates a successful call.
+
+`400`::
+Indicates that either query parameters are wrong or <<xpack-encryptedSavedObjects-keyRotation-decryptionOnlyKeys, decryption-only keys>> aren't configured.
+
+`429`::
+Indicates that key rotation is already in progress.
+
+[[saved-objects-api-rotate-encryption-key-example]]
+==== Examples
+
+[[saved-objects-api-rotate-encryption-key-example-1]]
+===== Encryption key rotation with default parameters
+
+[source,sh]
+--------------------------------------------------
+$ curl -X POST /api/encrypted_saved_objects/_rotate_key
+--------------------------------------------------
+// KIBANA
+
+The API returns the following:
+
+[source,sh]
+--------------------------------------------------
+{
+  "total": 1000,
+  "successful": 300,
+  "failed": 0
+}
+--------------------------------------------------
+
+The result indicates that the encryption key was successfully rotated for 300 out of 1000 saved objects with encrypted attributes, and 700 of the saved objects either didn't require key rotation, or were encrypted with an unknown encryption key.
+
+[[saved-objects-api-rotate-encryption-key-example-2]]
+===== Encryption key rotation for the specific type with reduce batch size
+
+[IMPORTANT]
+============================================================================
+Default parameters are optimized for speed. Change the parameters only when necessary. However, if you're experiencing any issues with this API, you may want to decrease a batch size or rotate the encryption keys for the specific types only. In this case, you may need to run key rotation multiple times in a row.
+============================================================================
+
+In this example, key rotation is performed for all saved objects with the `alert` type in batches of 5000.
+
+[source,sh]
+--------------------------------------------------
+$ curl -X POST /api/encrypted_saved_objects/_rotate_key?type=alert&batchSize=5000
+--------------------------------------------------
+// KIBANA
+
+The API returns the following:
+
+[source,sh]
+--------------------------------------------------
+{
+  "total": 100,
+  "successful": 100,
+  "failed": 0
+}
+--------------------------------------------------
+
+The result indicates that the encryption key was successfully rotated for all 100 saved objects with the `alert` type.
+

docs/development/plugins/expressions/public/kibana-plugin-plugins-expressions-public.executor.md

@@ -41,6 +41,6 @@ export declare class Executor<Context extends Record<string, unknown> = Record<s
 |  [inject(ast, references)](./kibana-plugin-plugins-expressions-public.executor.inject.md) |  |  |
 |  [registerFunction(functionDefinition)](./kibana-plugin-plugins-expressions-public.executor.registerfunction.md) |  |  |
 |  [registerType(typeDefinition)](./kibana-plugin-plugins-expressions-public.executor.registertype.md) |  |  |
-|  [run(ast, input, context)](./kibana-plugin-plugins-expressions-public.executor.run.md) |  | Execute expression and return result. |
+|  [run(ast, input, context, options)](./kibana-plugin-plugins-expressions-public.executor.run.md) |  | Execute expression and return result. |
 |  [telemetry(ast, telemetryData)](./kibana-plugin-plugins-expressions-public.executor.telemetry.md) |  |  |
 

docs/development/plugins/expressions/public/kibana-plugin-plugins-expressions-public.executor.run.md

@@ -9,7 +9,7 @@ Execute expression and return result.
 <b>Signature:</b>
 
 ```typescript
-run<Input, Output, ExtraContext extends Record<string, unknown> = Record<string, unknown>>(ast: string | ExpressionAstExpression, input: Input, context?: ExtraContext): Promise<Output>;
+run<Input, Output, ExtraContext extends Record<string, unknown> = Record<string, unknown>>(ast: string | ExpressionAstExpression, input: Input, context?: ExtraContext, options?: ExpressionExecOptions): Promise<Output>;
 ```
 
 ## Parameters
@@ -19,6 +19,7 @@ run<Input, Output, ExtraContext extends Record<string, unknown> = Record<string,
 |  ast | <code>string &#124; ExpressionAstExpression</code> |  |
 |  input | <code>Input</code> |  |
 |  context | <code>ExtraContext</code> |  |
+|  options | <code>ExpressionExecOptions</code> |  |
 
 <b>Returns:</b>
 

docs/development/plugins/expressions/public/kibana-plugin-plugins-expressions-public.expressionsservicestart.execute.md

@@ -9,5 +9,5 @@ Starts expression execution and immediately returns `ExecutionContract` instance
 <b>Signature:</b>
 
 ```typescript
-execute: <Input = unknown, Output = unknown, ExtraContext extends Record<string, unknown> = Record<string, unknown>>(ast: string | ExpressionAstExpression, input: Input, context?: ExtraContext) => ExecutionContract<ExtraContext, Input, Output>;
+execute: <Input = unknown, Output = unknown, ExtraContext extends Record<string, unknown> = Record<string, unknown>>(ast: string | ExpressionAstExpression, input: Input, context?: ExtraContext, options?: ExpressionExecOptions) => ExecutionContract<ExtraContext, Input, Output>;
 ```

docs/development/plugins/expressions/public/kibana-plugin-plugins-expressions-public.expressionsservicestart.md

@@ -16,12 +16,12 @@ export interface ExpressionsServiceStart
 
 |  Property | Type | Description |
 |  --- | --- | --- |
-|  [execute](./kibana-plugin-plugins-expressions-public.expressionsservicestart.execute.md) | <code>&lt;Input = unknown, Output = unknown, ExtraContext extends Record&lt;string, unknown&gt; = Record&lt;string, unknown&gt;&gt;(ast: string &#124; ExpressionAstExpression, input: Input, context?: ExtraContext) =&gt; ExecutionContract&lt;ExtraContext, Input, Output&gt;</code> | Starts expression execution and immediately returns <code>ExecutionContract</code> instance that tracks the progress of the execution and can be used to interact with the execution. |
+|  [execute](./kibana-plugin-plugins-expressions-public.expressionsservicestart.execute.md) | <code>&lt;Input = unknown, Output = unknown, ExtraContext extends Record&lt;string, unknown&gt; = Record&lt;string, unknown&gt;&gt;(ast: string &#124; ExpressionAstExpression, input: Input, context?: ExtraContext, options?: ExpressionExecOptions) =&gt; ExecutionContract&lt;ExtraContext, Input, Output&gt;</code> | Starts expression execution and immediately returns <code>ExecutionContract</code> instance that tracks the progress of the execution and can be used to interact with the execution. |
 |  [fork](./kibana-plugin-plugins-expressions-public.expressionsservicestart.fork.md) | <code>() =&gt; ExpressionsService</code> | Create a new instance of <code>ExpressionsService</code>. The new instance inherits all state of the original <code>ExpressionsService</code>, including all expression types, expression functions and context. Also, all new types and functions registered in the original services AFTER the forking event will be available in the forked instance. However, all new types and functions registered in the forked instances will NOT be available to the original service. |
 |  [getFunction](./kibana-plugin-plugins-expressions-public.expressionsservicestart.getfunction.md) | <code>(name: string) =&gt; ReturnType&lt;Executor['getFunction']&gt;</code> | Get a registered <code>ExpressionFunction</code> by its name, which was registered using the <code>registerFunction</code> method. The returned <code>ExpressionFunction</code> instance is an internal representation of the function in Expressions service - do not mutate that object. |
 |  [getRenderer](./kibana-plugin-plugins-expressions-public.expressionsservicestart.getrenderer.md) | <code>(name: string) =&gt; ReturnType&lt;ExpressionRendererRegistry['get']&gt;</code> | Get a registered <code>ExpressionRenderer</code> by its name, which was registered using the <code>registerRenderer</code> method. The returned <code>ExpressionRenderer</code> instance is an internal representation of the renderer in Expressions service - do not mutate that object. |
 |  [getType](./kibana-plugin-plugins-expressions-public.expressionsservicestart.gettype.md) | <code>(name: string) =&gt; ReturnType&lt;Executor['getType']&gt;</code> | Get a registered <code>ExpressionType</code> by its name, which was registered using the <code>registerType</code> method. The returned <code>ExpressionType</code> instance is an internal representation of the type in Expressions service - do not mutate that object. |
-|  [run](./kibana-plugin-plugins-expressions-public.expressionsservicestart.run.md) | <code>&lt;Input, Output, ExtraContext extends Record&lt;string, unknown&gt; = Record&lt;string, unknown&gt;&gt;(ast: string &#124; ExpressionAstExpression, input: Input, context?: ExtraContext) =&gt; Promise&lt;Output&gt;</code> | Executes expression string or a parsed expression AST and immediately returns the result.<!-- -->Below example will execute <code>sleep 100 &#124; clog</code> expression with <code>123</code> initial input to the first function.
+|  [run](./kibana-plugin-plugins-expressions-public.expressionsservicestart.run.md) | <code>&lt;Input, Output, ExtraContext extends Record&lt;string, unknown&gt; = Record&lt;string, unknown&gt;&gt;(ast: string &#124; ExpressionAstExpression, input: Input, context?: ExtraContext, options?: ExpressionExecOptions) =&gt; Promise&lt;Output&gt;</code> | Executes expression string or a parsed expression AST and immediately returns the result.<!-- -->Below example will execute <code>sleep 100 &#124; clog</code> expression with <code>123</code> initial input to the first function.
 ```ts
 expressions.run('sleep 100 | clog', 123);
 

docs/development/plugins/expressions/public/kibana-plugin-plugins-expressions-public.expressionsservicestart.run.md

@@ -24,5 +24,5 @@ expressions.run('...', null, { elasticsearchClient });
 <b>Signature:</b>
 
 ```typescript
-run: <Input, Output, ExtraContext extends Record<string, unknown> = Record<string, unknown>>(ast: string | ExpressionAstExpression, input: Input, context?: ExtraContext) => Promise<Output>;
+run: <Input, Output, ExtraContext extends Record<string, unknown> = Record<string, unknown>>(ast: string | ExpressionAstExpression, input: Input, context?: ExtraContext, options?: ExpressionExecOptions) => Promise<Output>;
 ```

docs/development/plugins/expressions/public/kibana-plugin-plugins-expressions-public.iexpressionloaderparams.debug.md

@@ -0,0 +1,11 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-plugins-expressions-public](./kibana-plugin-plugins-expressions-public.md) &gt; [IExpressionLoaderParams](./kibana-plugin-plugins-expressions-public.iexpressionloaderparams.md) &gt; [debug](./kibana-plugin-plugins-expressions-public.iexpressionloaderparams.debug.md)
+
+## IExpressionLoaderParams.debug property
+
+<b>Signature:</b>
+
+```typescript
+debug?: boolean;
+```

docs/development/plugins/expressions/public/kibana-plugin-plugins-expressions-public.iexpressionloaderparams.md

@@ -17,6 +17,7 @@ export interface IExpressionLoaderParams
 |  [context](./kibana-plugin-plugins-expressions-public.iexpressionloaderparams.context.md) | <code>ExpressionValue</code> |  |
 |  [customFunctions](./kibana-plugin-plugins-expressions-public.iexpressionloaderparams.customfunctions.md) | <code>[]</code> |  |
 |  [customRenderers](./kibana-plugin-plugins-expressions-public.iexpressionloaderparams.customrenderers.md) | <code>[]</code> |  |
+|  [debug](./kibana-plugin-plugins-expressions-public.iexpressionloaderparams.debug.md) | <code>boolean</code> |  |
 |  [disableCaching](./kibana-plugin-plugins-expressions-public.iexpressionloaderparams.disablecaching.md) | <code>boolean</code> |  |
 |  [inspectorAdapters](./kibana-plugin-plugins-expressions-public.iexpressionloaderparams.inspectoradapters.md) | <code>Adapters</code> |  |
 |  [onRenderError](./kibana-plugin-plugins-expressions-public.iexpressionloaderparams.onrendererror.md) | <code>RenderErrorHandlerFnType</code> |  |

docs/development/plugins/expressions/server/kibana-plugin-plugins-expressions-server.executor.md

@@ -41,6 +41,6 @@ export declare class Executor<Context extends Record<string, unknown> = Record<s
 |  [inject(ast, references)](./kibana-plugin-plugins-expressions-server.executor.inject.md) |  |  |
 |  [registerFunction(functionDefinition)](./kibana-plugin-plugins-expressions-server.executor.registerfunction.md) |  |  |
 |  [registerType(typeDefinition)](./kibana-plugin-plugins-expressions-server.executor.registertype.md) |  |  |
-|  [run(ast, input, context)](./kibana-plugin-plugins-expressions-server.executor.run.md) |  | Execute expression and return result. |
+|  [run(ast, input, context, options)](./kibana-plugin-plugins-expressions-server.executor.run.md) |  | Execute expression and return result. |
 |  [telemetry(ast, telemetryData)](./kibana-plugin-plugins-expressions-server.executor.telemetry.md) |  |  |
 

docs/development/plugins/expressions/server/kibana-plugin-plugins-expressions-server.executor.run.md

@@ -9,7 +9,7 @@ Execute expression and return result.
 <b>Signature:</b>
 
 ```typescript
-run<Input, Output, ExtraContext extends Record<string, unknown> = Record<string, unknown>>(ast: string | ExpressionAstExpression, input: Input, context?: ExtraContext): Promise<Output>;
+run<Input, Output, ExtraContext extends Record<string, unknown> = Record<string, unknown>>(ast: string | ExpressionAstExpression, input: Input, context?: ExtraContext, options?: ExpressionExecOptions): Promise<Output>;
 ```
 
 ## Parameters
@@ -19,6 +19,7 @@ run<Input, Output, ExtraContext extends Record<string, unknown> = Record<string,
 |  ast | <code>string &#124; ExpressionAstExpression</code> |  |
 |  input | <code>Input</code> |  |
 |  context | <code>ExtraContext</code> |  |
+|  options | <code>ExpressionExecOptions</code> |  |
 
 <b>Returns:</b>
 

docs/plugins/known-plugins.asciidoc

@@ -14,7 +14,6 @@ This list of plugins is not guaranteed to work on your version of Kibana. Instea
 * https://github.com/sivasamyk/logtrail[LogTrail] - View, analyze, search and tail log events in realtime with a developer/sysadmin friendly interface
 * https://github.com/wtakase/kibana-own-home[Own Home] (wtakase) - enables multi-tenancy
 * https://github.com/asileon/kibana_shard_allocation[Shard Allocation] (asileon) - visualize elasticsearch shard allocation
-* https://github.com/samtecspg/conveyor[Conveyor] - Simple (GUI) interface for importing data into Elasticsearch.
 * https://github.com/wazuh/wazuh-kibana-app[Wazuh] - Wazuh provides host-based security visibility using lightweight multi-platform agents.
 * https://github.com/TrumanDu/indices_view[Indices View] - View indices related information.
 * https://github.com/johtani/analyze-api-ui-plugin[Analyze UI] (johtani) - UI for elasticsearch _analyze API