Merge branch '8.x' into backport/8.x/pr-202133

.buildkite/ftr_oblt_stateful_configs.yml

@@ -32,6 +32,7 @@ enabled:
   - x-pack/test/api_integration/apis/synthetics/config.ts
   - x-pack/test/api_integration/apis/uptime/config.ts
   - x-pack/test/api_integration/apis/entity_manager/config.ts
+  - x-pack/test/api_integration/apis/streams/config.ts
   - x-pack/test/apm_api_integration/basic/config.ts
   - x-pack/test/apm_api_integration/cloud/config.ts
   - x-pack/test/apm_api_integration/rules/config.ts

.buildkite/ftr_security_serverless_configs.yml

@@ -70,7 +70,8 @@ disabled:
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/large_prebuilt_rules_package/trial_license_complete_tier/configs/serverless.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/configs/serverless.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/update_prebuilt_rules_package/trial_license_complete_tier/configs/serverless.config.ts
-  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/trial_license_complete_tier/configs/serverless.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/configs/serverless.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/serverless.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/configs/serverless.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/configs/serverless.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/configs/serverless.config.ts

.buildkite/ftr_security_stateful_configs.yml

@@ -58,7 +58,8 @@ enabled:
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/large_prebuilt_rules_package/trial_license_complete_tier/configs/ess.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/configs/ess.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/update_prebuilt_rules_package/trial_license_complete_tier/configs/ess.config.ts
-  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/trial_license_complete_tier/configs/ess.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/configs/ess.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/ess.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/configs/ess.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/configs/ess.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/configs/ess.config.ts

.github/CODEOWNERS

@@ -768,6 +768,7 @@ src/plugins/saved_objects @elastic/kibana-core
 packages/kbn-saved-objects-settings @elastic/appex-sharedux
 src/plugins/saved_objects_tagging_oss @elastic/appex-sharedux
 x-pack/plugins/saved_objects_tagging @elastic/appex-sharedux
+packages/kbn-saved-search-component @elastic/obs-ux-logs-team
 src/plugins/saved_search @elastic/kibana-data-discovery
 examples/screenshot_mode_example @elastic/appex-sharedux
 src/plugins/screenshot_mode @elastic/appex-sharedux
@@ -1182,6 +1183,8 @@ x-pack/test_serverless/**/test_suites/observability/ai_assistant @elastic/obs-ai
 /x-pack/plugins/observability_solution/infra/server/services @elastic/obs-ux-infra_services-team
 /x-pack/plugins/observability_solution/infra/server/usage @elastic/obs-ux-infra_services-team
 /x-pack/plugins/observability_solution/infra/server/utils @elastic/obs-ux-infra_services-team
+/x-pack/test_serverless/functional/test_suites/observability/infra @elastic/obs-ux-infra_services-team
+/x-pack/test/api_integration/services/infraops_source_configuration.ts @elastic/obs-ux-infra_services-team @elastic/obs-ux-logs-team # Assigned per https://github.com/elastic/kibana/pull/34916
 
 ## Logs UI code exceptions -> @elastic/obs-ux-logs-team
 /x-pack/test_serverless/functional/page_objects/svl_oblt_onboarding_stream_log_file.ts @elastic/obs-ux-logs-team

oas_docs/output/kibana.yaml

@@ -11011,41 +11011,6 @@ paths:
       summary: Start an Entity Engine
       tags:
         - Security Entity Analytics API
-  /api/entity_store/engines/{entityType}/stats:
-    post:
-      operationId: GetEntityEngineStats
-      parameters:
-        - description: The entity type of the engine (either 'user' or 'host').
-          in: path
-          name: entityType
-          required: true
-          schema:
-            $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType'
-      responses:
-        '200':
-          content:
-            application/json; Elastic-Api-Version=2023-10-31:
-              schema:
-                type: object
-                properties:
-                  indexPattern:
-                    $ref: '#/components/schemas/Security_Entity_Analytics_API_IndexPattern'
-                  indices:
-                    items:
-                      type: object
-                    type: array
-                  status:
-                    $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineStatus'
-                  transforms:
-                    items:
-                      type: object
-                    type: array
-                  type:
-                    $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType'
-          description: Successful response
-      summary: Get Entity Engine stats
-      tags:
-        - Security Entity Analytics API
   /api/entity_store/engines/{entityType}/stop:
     post:
       operationId: StopEntityEngine
@@ -11196,6 +11161,12 @@ paths:
   /api/entity_store/status:
     get:
       operationId: GetEntityStoreStatus
+      parameters:
+        - description: If true returns a detailed status of the engine including all it's components
+          in: query
+          name: include_components
+          schema:
+            type: boolean
       responses:
         '200':
           content:
@@ -11205,10 +11176,20 @@ paths:
                 properties:
                   engines:
                     items:
-                      $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineDescriptor'
+                      allOf:
+                        - $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineDescriptor'
+                        - type: object
+                          properties:
+                            components:
+                              items:
+                                $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineComponentStatus'
+                              type: array
                     type: array
                   status:
                     $ref: '#/components/schemas/Security_Entity_Analytics_API_StoreStatus'
+                required:
+                  - status
+                  - engines
           description: Successful response
       summary: Get the status of the Entity Store
       tags:
@@ -38949,6 +38930,47 @@ components:
               $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel'
           required:
             - criticality_level
+    Security_Entity_Analytics_API_EngineComponentResource:
+      enum:
+        - entity_engine
+        - entity_definition
+        - index
+        - component_template
+        - index_template
+        - ingest_pipeline
+        - enrich_policy
+        - task
+        - transform
+      type: string
+    Security_Entity_Analytics_API_EngineComponentStatus:
+      type: object
+      properties:
+        errors:
+          items:
+            type: object
+            properties:
+              message:
+                type: string
+              title:
+                type: string
+          type: array
+        health:
+          enum:
+            - green
+            - yellow
+            - red
+            - unknown
+          type: string
+        id:
+          type: string
+        installed:
+          type: boolean
+        resource:
+          $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineComponentResource'
+      required:
+        - id
+        - installed
+        - resource
     Security_Entity_Analytics_API_EngineDataviewUpdateResult:
       type: object
       properties:

package.json

@@ -783,6 +783,7 @@
     "@kbn/saved-objects-settings": "link:packages/kbn-saved-objects-settings",
     "@kbn/saved-objects-tagging-oss-plugin": "link:src/plugins/saved_objects_tagging_oss",
     "@kbn/saved-objects-tagging-plugin": "link:x-pack/plugins/saved_objects_tagging",
+    "@kbn/saved-search-component": "link:packages/kbn-saved-search-component",
     "@kbn/saved-search-plugin": "link:src/plugins/saved_search",
     "@kbn/screenshot-mode-example-plugin": "link:examples/screenshot_mode_example",
     "@kbn/screenshot-mode-plugin": "link:src/plugins/screenshot_mode",

packages/kbn-alerting-types/search_strategy_types.ts

@@ -8,7 +8,6 @@
  */
 
 import type { IEsSearchRequest, IEsSearchResponse } from '@kbn/search-types';
-import type { ValidFeatureId } from '@kbn/rule-data-utils';
 import type {
   MappingRuntimeFields,
   QueryDslFieldAndFormat,
@@ -18,7 +17,8 @@ import type {
 import type { Alert } from './alert_type';
 
 export type RuleRegistrySearchRequest = IEsSearchRequest & {
-  featureIds: ValidFeatureId[];
+  ruleTypeIds: string[];
+  consumers?: string[];
   fields?: QueryDslFieldAndFormat[];
   query?: Pick<QueryDslQueryContainer, 'bool' | 'ids'>;
   sort?: SortCombinations[];

packages/kbn-alerts-as-data-utils/src/schemas/generated/observability_threshold_schema.ts

@@ -0,0 +1,90 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the "Elastic License
+ * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
+ * Public License v 1"; you may not use this file except in compliance with, at
+ * your election, the "Elastic License 2.0", the "GNU Affero General Public
+ * License v3.0 only", or the "Server Side Public License, v 1".
+ */
+// ---------------------------------- WARNING ----------------------------------
+// this file was generated, and should not be edited by hand
+// ---------------------------------- WARNING ----------------------------------
+import * as rt from 'io-ts';
+import { Either } from 'fp-ts/lib/Either';
+import { AlertSchema } from './alert_schema';
+import { EcsSchema } from './ecs_schema';
+const ISO_DATE_PATTERN = /^d{4}-d{2}-d{2}Td{2}:d{2}:d{2}.d{3}Z$/;
+export const IsoDateString = new rt.Type<string, string, unknown>(
+  'IsoDateString',
+  rt.string.is,
+  (input, context): Either<rt.Errors, string> => {
+    if (typeof input === 'string' && ISO_DATE_PATTERN.test(input)) {
+      return rt.success(input);
+    } else {
+      return rt.failure(input, context);
+    }
+  },
+  rt.identity
+);
+export type IsoDateStringC = typeof IsoDateString;
+export const schemaUnknown = rt.unknown;
+export const schemaUnknownArray = rt.array(rt.unknown);
+export const schemaString = rt.string;
+export const schemaStringArray = rt.array(schemaString);
+export const schemaNumber = rt.number;
+export const schemaNumberArray = rt.array(schemaNumber);
+export const schemaDate = rt.union([IsoDateString, schemaNumber]);
+export const schemaDateArray = rt.array(schemaDate);
+export const schemaDateRange = rt.partial({
+  gte: schemaDate,
+  lte: schemaDate,
+});
+export const schemaDateRangeArray = rt.array(schemaDateRange);
+export const schemaStringOrNumber = rt.union([schemaString, schemaNumber]);
+export const schemaStringOrNumberArray = rt.array(schemaStringOrNumber);
+export const schemaBoolean = rt.boolean;
+export const schemaBooleanArray = rt.array(schemaBoolean);
+const schemaGeoPointCoords = rt.type({
+  type: schemaString,
+  coordinates: schemaNumberArray,
+});
+const schemaGeoPointString = schemaString;
+const schemaGeoPointLatLon = rt.type({
+  lat: schemaNumber,
+  lon: schemaNumber,
+});
+const schemaGeoPointLocation = rt.type({
+  location: schemaNumberArray,
+});
+const schemaGeoPointLocationString = rt.type({
+  location: schemaString,
+});
+export const schemaGeoPoint = rt.union([
+  schemaGeoPointCoords,
+  schemaGeoPointString,
+  schemaGeoPointLatLon,
+  schemaGeoPointLocation,
+  schemaGeoPointLocationString,
+]);
+export const schemaGeoPointArray = rt.array(schemaGeoPoint);
+// prettier-ignore
+const ObservabilityThresholdAlertRequired = rt.type({
+});
+// prettier-ignore
+const ObservabilityThresholdAlertOptional = rt.partial({
+  'kibana.alert.context': schemaUnknown,
+  'kibana.alert.evaluation.threshold': schemaStringOrNumber,
+  'kibana.alert.evaluation.value': schemaStringOrNumber,
+  'kibana.alert.evaluation.values': schemaStringOrNumberArray,
+  'kibana.alert.group': rt.array(
+    rt.partial({
+      field: schemaStringArray,
+      value: schemaStringArray,
+    })
+  ),
+});
+
+// prettier-ignore
+export const ObservabilityThresholdAlertSchema = rt.intersection([ObservabilityThresholdAlertRequired, ObservabilityThresholdAlertOptional, AlertSchema, EcsSchema]);
+// prettier-ignore
+export type ObservabilityThresholdAlert = rt.TypeOf<typeof ObservabilityThresholdAlertSchema>;

packages/kbn-alerts-grouping/src/components/alerts_grouping.test.tsx

@@ -23,7 +23,8 @@ import { groupingSearchResponse } from '../mocks/grouping_query.mock';
 import { useAlertsGroupingState } from '../contexts/alerts_grouping_context';
 import { I18nProvider } from '@kbn/i18n-react';
 import {
-  mockFeatureIds,
+  mockRuleTypeIds,
+  mockConsumers,
   mockDate,
   mockGroupingProps,
   mockGroupingId,
@@ -146,7 +147,8 @@ describe('AlertsGrouping', () => {
       expect.objectContaining({
         params: {
           aggregations: {},
-          featureIds: mockFeatureIds,
+          ruleTypeIds: mockRuleTypeIds,
+          consumers: mockConsumers,
           groupByField: 'kibana.alert.rule.name',
           filters: [
             {

packages/kbn-alerts-grouping/src/components/alerts_grouping.tsx

@@ -66,7 +66,7 @@ const AlertsGroupingInternal = <T extends BaseAlertsGroupAggregations>(
   const {
     groupingId,
     services,
-    featureIds,
+    ruleTypeIds,
     defaultGroupingOptions,
     defaultFilters,
     globalFilters,
@@ -79,7 +79,7 @@ const AlertsGroupingInternal = <T extends BaseAlertsGroupAggregations>(
   const { grouping, updateGrouping } = useAlertsGroupingState(groupingId);
 
   const { dataView } = useAlertsDataView({
-    featureIds,
+    ruleTypeIds,
     dataViewsService: dataViews,
     http,
     toasts: notifications.toasts,
@@ -252,7 +252,7 @@ const typedMemo: <T>(c: T) => T = memo;
  *
  * return (
  *   <AlertsGrouping<YourAggregationsType>
- *     featureIds={[...]}
+ *     ruleTypeIds={[...]}
  *     globalQuery={{ query: ..., language: 'kql' }}
  *     globalFilters={...}
  *     from={...}