diff --git a/docs/CHANGELOG.asciidoc b/docs/CHANGELOG.asciidoc index dd9a462fb5471..e84286f34c4a6 100644 --- a/docs/CHANGELOG.asciidoc +++ b/docs/CHANGELOG.asciidoc @@ -8,16 +8,3933 @@ :issue: https://github.com/elastic/kibana/issues/ :pull: https://github.com/elastic/kibana/pull/ -Review important information about the {kib} 8.0.0 releases. +Review important information about the {kib} 8.x releases. + +* <> +* <> +* <> +* <> +* <> +* <> +* <> +* <> +* <> +* <> +* <> +* <> +* <> +* <> +* <> +* <> +* <> +* <> +* <> +* <> +* <> +* <> +* <> +* <> +* <> +* <> +* <> +* <> +* <> +* <> + +-- +[[release-notes-8.8.0]] +== {kib} 8.8.0 + +coming::[8.8.0] + +Review the following information about the {kib} 8.8.0 release. + +[float] +[[breaking-changes-8.8.0]] +=== Breaking changes + +Breaking changes can prevent your application from optimal operation and performance. +Before you upgrade to 8.8.0, review the breaking changes, then mitigate the impact to your application. + +// tag::notable-breaking-changes[] +[discrete] +[[breaking-155470]] +.Removes legacy project monitor API +[%collapsible] +==== +*Details* + +The project monitor API for Synthetics in Elastic Observability has been removed. For more information, refer to {kibana-pull}155470[#155470]. + +*Impact* + +In 8.8.0 and later, an error appears when you use the project monitor API. +==== + +[discrete] +[[breaking-147985]] +.Changes the privileges for alerts and cases +[%collapsible] +==== +*Details* + +The privileges for attaching alerts to cases has changed. For more information, refer to {kibana-pull}147985[#147985]. + +*Impact* + +To attach alerts to cases, you must have `Read` access to an {observability} or Security feature that has alerts and `All` access to the **Cases** feature. For detailed information, check link:https://www.elastic.co/guide/en/kibana/current/kibana-privileges.html[{kib} privileges] and link:https://www.elastic.co/guide/en/kibana/current/setup-cases.html[Configure access to cases]. +==== +// end::notable-breaking-changes[] + +To review the breaking changes in previous versions, refer to the following: + +{kibana-ref-all}/8.7/release-notes-8.7.0.html#breaking-changes-8.7.0[8.7.0] | {kibana-ref-all}/8.6/release-notes-8.6.0.html#breaking-changes-8.6.0[8.6.0] | {kibana-ref-all}/8.5/release-notes-8.5.0.html#breaking-changes-8.5.0[8.5.0] | {kibana-ref-all}/8.4/release-notes-8.4.0.html#breaking-changes-8.4.0[8.4.0] | {kibana-ref-all}/8.3/release-notes-8.3.0.html#breaking-changes-8.3.0[8.3.0] | {kibana-ref-all}/8.2/release-notes-8.2.0.html#breaking-changes-8.2.0[8.2.0] | {kibana-ref-all}/8.1/release-notes-8.1.0.html#breaking-changes-8.1.0[8.1.0] | {kibana-ref-all}/8.0/release-notes-8.0.0.html#breaking-changes-8.0.0[8.0.0] | {kibana-ref-all}/8.0/release-notes-8.0.0-rc2.html#breaking-changes-8.0.0-rc2[8.0.0-rc2] | {kibana-ref-all}/8.0/release-notes-8.0.0-rc1.html#breaking-changes-8.0.0-rc1[8.0.0-rc1] | {kibana-ref-all}/8.0/release-notes-8.0.0-beta1.html#breaking-changes-8.0.0-beta1[8.0.0-beta1] | {kibana-ref-all}/8.0/release-notes-8.0.0-alpha2.html#breaking-changes-8.0.0-alpha2[8.0.0-alpha2] | {kibana-ref-all}/8.0/release-notes-8.0.0-alpha1.html#breaking-changes-8.0.0-alpha1[8.0.0-alpha1] + +[float] +[[deprecations-8.8.0]] +=== Deprecations + +The following functionality is deprecated in 8.8.0, and will be removed in 9.0.0. +Deprecated functionality does not have an immediate impact on your application, but we strongly recommend +you make the necessary updates after you upgrade to 8.8.0. + +[discrete] +[[deprecation-154275]] +.Deprecates ephemeral Task Manager settings +[%collapsible] +==== +*Details* + +The following Task Manager settings are deprecated: + +* `xpack.task_manager.ephemeral_tasks.enabled` +* `xpack.task_manager.ephemeral_tasks.request_capacity` +* `xpack.alerting.maxEphemeralActionsPerAlert` + +For more information, refer to {kibana-pull}154275[#154275]. + +*Impact* + +To improve task execution resiliency, remove the deprecated settings from the `kibana.yml` file. For detailed information, check link:https://www.elastic.co/guide/en/kibana/current/task-manager-settings-kb.html[Task Manager settings in {kib}]. +==== + +[discrete] +[[deprecation-154010]] +.Deprecates monitor schedules +[%collapsible] +==== +*Details* + +Synthetics and Uptime monitor schedules and zip URL fields are deprecated. For more information, refer to {kibana-pull}154010[#154010] and {kibana-pull}154952[#154952]. + +*Impact* + +When you create monitors in Uptime Monitor Management and the Synthetics app, unsupported schedules are automatically transfered to the nearest supported schedule. To use zip URLs, use project monitors. +==== + +[discrete] +[[deprecation-152236]] +.Deprecates Agent reassign API PUT endpoint +[%collapsible] +==== +*Details* + +The PUT endpoint for the agent reassign API is deprecated. For more information, refer to {kibana-pull}152236[#152236]. + +*Impact* + +Use the POST endpoint for the agent reassign API. +==== + +[discrete] +[[deprecation-151564]] +.Deprecates `total` in `/agent_status` Fleet API +[%collapsible] +==== +*Details* + +The `total` field in `/agent_status` Fleet API responses is deprecated. For more information, refer to {kibana-pull}151564[#151564]. + +*Impact* + +The `/agent_status` Fleet API now returns the following statuses: + +* `all` — All active and inactive +* `active` — All active +==== + +[discrete] +[[deprecation-149506]] +.Deprecates Elastic Synthetics integration +[%collapsible] +==== +*Details* + +The Elastic Synthetics integration is deprecated. For more information, refer to {kibana-pull}149506[#149506]. + +*Impact* + +To monitor endpoints, pages, and user journeys, go to **{observability}** -> **Synthetics (beta)**. +==== + +[float] +[[features-8.8.0]] +=== Features +{kib} 8.8.0 adds the following new and notable features. + +Alerting:: +* Adds Maintenance Window Task Runner Integration + New AAD/Event Log Fields {kibana-pull}154761[#154761] +* Adds support for file attachments in Cases {kibana-pull}154436[#154436] +* Adds support for users authenticated with API keys to manage alerting rules {kibana-pull}154189[#154189] +* Adds the ability to control allowed attached file mime types and the maximum file size {kibana-pull}154013[#154013] +* Adds query and timeframe params to RuleAction to filter alerts {kibana-pull}152360[#152360] +* Adds the Cases column to the alerts table {kibana-pull}150963[#150963] +* Adds filtering and sorting for the case activity {kibana-pull}149396[#149396] +* Adds the ability to filter user activities with pagination {kibana-pull}152702[#152702] + +APM:: +* Adds group-by feature in APM rules {kibana-pull}155001[#155001] +* Adds queues as nodes to the service map {kibana-pull}153784[#153784] +* Adds the ability to display the latest agent version in agent explorer {kibana-pull}153643[#153643] +* Adds table tabs showing summary of metrics {kibana-pull}153044[#153044] +* Adds warning to Edit Rule Flyout when publicUrl is not configured {kibana-pull}149832[#149832] + +Dashboard:: +Pins the unified search bar and dashboard toolbar to the top of the dashboard page when scrolling {kibana-pull}145628[#145628] + +Discover:: +Adds log pattern analysis {kibana-pull}153449[#153449] + +Elastic Security:: +For the Elastic Security 8.8.0 release information, refer to {security-guide}/release-notes.html[_Elastic Security Solution Release Notes_]. + +Enterprise Search:: +For the Elastic Enterprise Search 8.8.0 release information, refer to {enterprise-search-ref}/changelog.html[_Elastic Enterprise Search Documentation Release notes_]. + +Fleet:: +* Adds audit logging for core CRUD operations {kibana-pull}152118[#152118] +* Adds modal to display versions changelog {kibana-pull}152082[#152082] + +Infrastructure:: +* Adds the logs tab to the Hosts View {kibana-pull}152995[#152995] +* Adds Alerts tab into Hosts View {kibana-pull}149579[#149579] +* Adds refactoring to the Time and Position log stream state {kibana-pull}149052[#149052] + +Machine Learning:: +* Adds ELSER config to the Trained Models UI {kibana-pull}155867[#155867] +* Adds support for custom URLs in jobs for Data Frame Analytics {kibana-pull}154287[#154287] +* Adds support to filter fields from grouping in Explain Log Rate Spikes {kibana-pull}153864[#153864] +* Adds log pattern analysis in Discover {kibana-pull}153449[#153449] + +Management:: +* Adds support for global settings {kibana-pull}148975[#148975] +* Adds Custom Branding settings to Global settings {kibana-pull}150080[#150080] + +Maps:: +Adds map.emsUrl to docker env variables {kibana-pull}153441[#153441] + +Observability:: +* Adds the ability to changes all SLO assets to managed, and indices to hidden {kibana-pull}154953[#154953] +* Adds Exploratory View to a separate app {kibana-pull}153852[#153852] + +Platform:: +Adds text {kibana-pull}151631[#151631] + +Security:: +* Adds CloudFormation agent install method {kibana-pull}155045[#155045] +* Adds Vul mgmt flyout details panel {kibana-pull}154873[#154873] +* Adds Vulnerabilities Table {kibana-pull}154388[#154388] +* Adds the ability to select a theme preference for {kib} in the User Profile {kibana-pull}151507[#151507] + +Uptime:: +Adds UUID to RuleAction {kibana-pull}148038[#148038] + +For more information about the features introduced in 8.8.0, refer to <>. + +[[enhancements-and-bug-fixes-v8.8.0]] +=== Enhancements and bug fixes + +For detailed information about the 8.8.0 release, review the enhancements and bug fixes. + +[float] +[[enhancement-v8.8.0]] +=== Enhancements +Alerting:: +* Adds the ability to predefine IDs when you create connectors {kibana-pull}155392[#155392] +* Adds the ability to allow the footer added to emails sent from {kib} alerting rules to **NOT** be added {kibana-pull}154919[#154919] +* Adds conditional actions UI for timeframe {kibana-pull}153944[#153944] +* Adds a single view in the app function for rule actions variables and UI page {kibana-pull}148671[#148671] + +APM:: +* Adds error grouping key filter in error count rule type {kibana-pull}155410[#155410] +* Adds transaction name filter in failed transaction rate rule type {kibana-pull}155405[#155405] +* Replaces most used charts with the Lens embeddable {kibana-pull}155026[#155026] +* Adds transaction name filter in latency threshold rule {kibana-pull}154241[#154241] +* Adds Unified Search for APM {kibana-pull}153842[#153842] +* Adds migratation for the remaining tx-based visualizations {kibana-pull}153375[#153375] +* Adds migration for the tx latency chart and group stats to rollups/service metrics {kibana-pull}153162[#153162] +* Disables agent configuration creation for opentelemetry agents {kibana-pull}150697[#150697] + +Cases:: +* Adds the ability to set a new connector to default {kibana-pull}151884[#151884] +* Improves the design of the description markdown editor on the Cases page {kibana-pull}155151[#155151] + +Dashboard:: +* Adds support to Dashboard for searching saved objects by tags {kibana-pull}154946[#154946] +* Adds reset button {kibana-pull}154872[#154872] +* Adds unified dashboard settings {kibana-pull}153862[#153862] +* Adds the ability to scroll to a new panel {kibana-pull}152056[#152056] + +Discover:: +* Adds the ability to allow wildcards in field search {kibana-pull}155540[#155540] +* Adds a loading indicator during Discover table updates {kibana-pull}155505[#155505] +* Adds drag & drop capabilities for adding columns to the table {kibana-pull}153538[#153538] +* Adds a progress indicator when a saved search embeddable is updating {kibana-pull}152342[#152342] +* Adds inline data fetching errors {kibana-pull}152311[#152311] +* Adds a loading indicator for the classic table embeddable {kibana-pull}152072[#152072] +* Adds the ability to suppress "Missing index" toasts {kibana-pull}149625[#149625] + +Elastic Security:: +For the Elastic Security 8.8.0 release information, refer to {security-guide}/release-notes.html[_Elastic Security Solution Release Notes_]. + +Enterprise Search:: +For the Elastic Enterprise Search 8.8.0 release information, refer to {enterprise-search-ref}/changelog.html[_Elastic Enterprise Search Documentation Release notes_]. + +Fleet:: +* Adds support for fields of type aggregate_metric_double {kibana-pull}154920[#154920] +* Adds overview dashboards in fleet {kibana-pull}154914[#154914] +* Adds raw status to Agent details UI {kibana-pull}154826[#154826] +* Adds support for dynamic_namespace and dynamic_dataset {kibana-pull}154732[#154732] +* Adds the ability to show pipelines and mappings editor for input packages {kibana-pull}154077[#154077] +* Adds placeholder to integration select field {kibana-pull}153927[#153927] +* Adds the ability to show integration subcategories {kibana-pull}153591[#153591] +* Adds the ability to create and update the package policy API return 409 conflict when names are not unique {kibana-pull}153533[#153533] +* Adds the ability to display policy changes in Agent activity {kibana-pull}153237[#153237] +* Adds the ability to display errors in Agent activity with link to Logs {kibana-pull}152583[#152583] +* Adds support for select type in integrations {kibana-pull}152550[#152550] +* Adds the ability to make spaces plugin optional {kibana-pull}152115[#152115] +* Adds proxy ssl key and certificate to agent policy {kibana-pull}152005[#152005] +* Adds `_meta` field `has_experimental_data_stream_indexing_features` {kibana-pull}151853[#151853] +* Adds the ability to create templates and pipelines when updating package of a single package policy from type integration to input {kibana-pull}150199[#150199] +* Adds user's secondary authorization to Transforms {kibana-pull}154665[#154665] + +Infrastructure:: +Adds Memory Available Graph To Hosts View {kibana-pull}151863[#151863] + +Lens & Visualizations:: +* Adds the ability to sync the partition legend order with the filters order in *Lens* {kibana-pull}154820[#154820] +* Adds support for icons in the new *Lens* metric {kibana-pull}154210[#154210] +* Adds the ability to share with reports in *Lens* {kibana-pull}153429[#153429] +* Adds show and hide heatmap ticks in *Lens* {kibana-pull}153425[#153425] +* Adds the ability to remove empty headers when there is no x-axis in *Lens* {kibana-pull}153420[#153420] +* Adds improvements to the Metric formatter to support bit format in *Lens* {kibana-pull}153389[#153389] +* Adds the ability to prevent default behaviour from action callback in *Lens* {kibana-pull}152842[#152842] +* Adds Random Sampling to *Lens* {kibana-pull}151749[#151749] + +Machine Learning:: +* Data Frame Analytics creation wizard: add ability to add time field to result data view {kibana-pull}155669[#155669] +* Display info when no datafeed preview results are found {kibana-pull}155650[#155650] +* Adding ignore unavailable indices option to anomaly detection job wizards {kibana-pull}155527[#155527] +* Support multiple model deployments {kibana-pull}155375[#155375] +* Uses two weeks before now for default start time in job start date picker {kibana-pull}155312[#155312] +* AIOps: Adds filter action for the Change point detection results {kibana-pull}155256[#155256] +* Adds search links for AIOps Labs pages {kibana-pull}155202[#155202] +* AIOps: Adds field stats for metric and split fields {kibana-pull}155177[#155177] +* AIOps: Link from Explain Log Rate Spikes to Log Pattern Analysis {kibana-pull}155121[#155121] +* Explain Log Rate Spikes: adds popover to analysis table for viewing other field values {kibana-pull}154689[#154689] +* Explain Log Rate Spikes: Makes use of random sampling for overall histogram chart {kibana-pull}154520[#154520] +* Explain Log Rate Spikes: Adds table action to copy filter to clipboard {kibana-pull}154311[#154311] +* Change point detection: support for multiple metric and split fields {kibana-pull}154237[#154237] +* Enhances support for counter fields in data visualizer / field statistics {kibana-pull}153893[#153893] +* Custom sorting by message level on Notifications page {kibana-pull}153462[#153462] +* Adds log pattern analysis in Discover {kibana-pull}153449[#153449] +* Explain Log Rate Spikes: Improves grouping using the `include` option of the `frequent_item_sets` agg {kibana-pull}153091[#153091] +* Data Frame Analytics exploration: adds actions column with link to discover {kibana-pull}151482[#151482] +* Allows row expansion for blocked anomaly detection jobs {kibana-pull}151351[#151351] +* Enhances job and datafeed config editors in the Advanced anomaly detection job wizard to provide suggestions and documentation {kibana-pull}146968[#146968] + +Management:: +* Adds timezone support for Transforms date histogram pivot configuration {kibana-pull}155535[#155535] +* Adds more system indices to store internal data when you upgrade to 8.8.0 {kibana-pull}154888[#154888] +* Adds improvements for supporting counter fields in Transforms {kibana-pull}154171[#154171] +* Adds `_schedule_now` action to transform list {kibana-pull}153545[#153545] +* Adds link to Discover from Index Management so users can directly look at documents of their indices {kibana-pull}152640[#152640] +* Adds health information for alerting rule in Transforms{kibana-pull}152561[#152561] +* Adds improvements for index pattern input in the data view flyout {kibana-pull}152138[#152138] +* Adds a new description for the metadata field in ingest pipelines {kibana-pull}150935[#150935] +* Adds a _meta field to the Ingest pipelines form {kibana-pull}149976[#149976] +* Adds option to Reauthorize transform on Management page {kibana-pull}154736[#154736] + +Maps:: +Adds metrics mask {kibana-pull}154983[#154983] + +Observability:: +* Adds invalid license page {kibana-pull}154866[#154866] +* Adds empty state page links {kibana-pull}154678[#154678] +* Adds upload symbols instructions to add data page {kibana-pull}154670[#154670] +* Adds new CPU incl and CPU excl names {kibana-pull}154560[#154560] +* Adds symbols callout on frame information window {kibana-pull}154478[#154478] +* Adds Co2 and dollar cost columns and show more information action to functions table {kibana-pull}154097[#154097] +* Adds improvements to functions {kibana-pull}153873[#153873] +* Adds improvements to Flamegraph {kibana-pull}153598[#153598] +* Adds the ability to open the Traces view when you click on a series in stacked charts {kibana-pull}153325[#153325] +* Adds CPU usage column to replace CPU count column {kibana-pull}151696[#151696] + +Querying & Filtering:: +* Adds the ability to avoid duplicate host IP mapping {kibana-pull}155353[#155353] +* Adds improvements to the saved query terminology {kibana-pull}154517[#154517] + +[float] +[[fixes-v8.8.0]] +=== Bug Fixes +Alerting:: +* Fixes Delete Schedule button padding issue {kibana-pull}154503[#154503] +* Fixes error message flash and throttle value reset {kibana-pull}154497[#154497] +* Fixes broken custom snooze recurrences with monthly frequency {kibana-pull}154251[#154251] +* Fixes an issue where you were unable to use retry on updateAPIKey conflict {kibana-pull}151802[#151802] + +APM:: +* Fixes an issue where you were uneable to enable framework alerts as data by default {kibana-pull}154076[#154076] +* Upgraded EUI to v76.0.0 {kibana-pull}152506[#152506] +* Fixes an issue where the OpenTelemetry process and system metrics were unsupported {kibana-pull}151826[#151826] + +Canvas:: +Fixes `createElement` callback {kibana-pull}154398[#154398] + +Cases:: +Fixes the Lens visualization in the comment and description markdown on the New Case page {kibana-pull}155897[#155897] + +Dashboard:: +* Fixes unsaved changes bug on empty dashboard {kibana-pull}155648[#155648] +* Removed Reload on Clone and Replace Panel {kibana-pull}155561[#155561] +* Fixes z index of toolbar items {kibana-pull}154501[#154501] +* Fixes inherited input race condition {kibana-pull}154293[#154293] +* Fixes Changing label of a geospatial filter causes filter disappear from map {kibana-pull}154087[#154087] + +Discover:: +* Adds a "Temporary" badge for temporary data views in the Alerts flyout {kibana-pull}155717[#155717] +* Adds the ability to exclude counter fields from Breakdown options {kibana-pull}155532[#155532] +* Adds the ability to skip requests for the time series metric counter field {kibana-pull}154319[#154319] +* Fixes KQL autocomplete suggestions, which now support IP-type fields when the `autocomplete:valueSuggestionMethod advanced setting is set to terms_enum {kibana-pull}154111[#154111] +* Fixes an issue where saved search "Manage searches" button was unable to apply the "search" type filter {kibana-pull}152565[#152565] + +Elastic Security:: +For the Elastic Security 8.8.0 release information, refer to {security-guide}/release-notes.html[_Elastic Security Solution Release Notes_]. + +Enterprise Search:: +For the Elastic Enterprise Search 8.8.0 release information, refer to {enterprise-search-ref}/changelog.html[_Elastic Enterprise Search Documentation Release notes_]. + +Fleet:: +* Fixes package license check to use new `conditions.elastic.subscription` field {kibana-pull}154831[#154831] +* Fixes the OpenAPI spec from `/agent/upload` to `/agent/uploads` for Agent uploads API {kibana-pull}151722[#151722] + +Infrastructure:: +Adds a 404 page for metrics and logs {kibana-pull}153005[#153005] + +Integrations:: +Fixes the slow process event for queries + xterm.js {kibana-pull}155326[#155326] + +Kibana Home & Add Data:: +Fixes the guided onboarding API prefix to indicate that it's intended for internal use {kibana-pull}155643[#155643] + +Lens & Visualizations:: +* Adds a default label on field changes for counter rate in *Lens* {kibana-pull}155509[#155509] +* Panel titles and descriptions are now transferred to the converted Lens panels in *TSVB* {kibana-pull}154713[#154713] +* Adds the ability to use the empty label for `/` terms in *TSVB* {kibana-pull}154647[#154647] +* Fixes the formatting for the legend actions title {kibana-pull}153747[#153747] +* Adds support for negative filter ratios in *TSVB* {kibana-pull}152053[#152053] +* Adds the ability to always retain source order for multi-metric partition chart layers in *Lens* {kibana-pull}151949[#151949] + +Machine Learning:: +* Data Frame Analytics/Anomaly Detection: Custom URLs - entity dropdown reflects Data View update {kibana-pull}155096[#155096] +* AIOps: Fix race condition where stale url state would reset search bar {kibana-pull}154885[#154885] +* Fixes anomalies table drilldown time range for longer bucket spans {kibana-pull}153678[#153678] +* Do not match time series counter fields with aggs in wizards {kibana-pull}153021[#153021] +* Anomaly Detection datafeed chart: ensure chart y axis minimum set correctly {kibana-pull}152051[#152051] + +Management:: +* Improves the display when there are many columns {kibana-pull}155119[#155119] +* Fixes stale submit handler ref update {kibana-pull}154242[#154242] +* Fixes terms aggregation support in wizard for Transforms {kibana-pull}151879[#151879] +* Fixes an issue where you were unable to accept additional dynamic field values for an index template {kibana-pull}150543[#150543] + +Maps:: +* Fixes raster layer is missing in pdf/png exports {kibana-pull}154686[#154686] +* Fixes RegionMap chart type does not work with reporting {kibana-pull}153492[#153492] +* Fixes layers are not displayed in offline environment and map.includeElasticMapsService not set to false {kibana-pull}152396[#152396] + +Monitoring:: +Removes usage for the stats endpoint {kibana-pull}151082[#151082] + +Observability:: +* Adds space-specific feature privileges {kibana-pull}154734[#154734] +* Adds the ability to properly handle NO DATA with multiple conditions with a mix of aggregations and document count thresholds {kibana-pull}154690[#154690] +* Adds additional types to the fields to be use with cardinality aggregation for Metric Threshold Rule {kibana-pull}154197[#154197] +* Adds persistent normalization mode {kibana-pull}153116[#153116] +* Fixes refresh every in the alert search bar {kibana-pull}152246[#152246] + +Platform:: +Fixes badge counter for global settings {kibana-pull}150869[#150869] + +Querying & Filtering:: +* Adds the ability to unload a selected query when it is deleted {kibana-pull}154644[#154644] +* Removes failures in wrong custom timerange {kibana-pull}154643[#154643] + +Reporting:: +* Fixes report generation when image panel is in the end of the layout {kibana-pull}153846[#153846] +* Updates Chromium to 111.0.5555.0 (r1095492) and Puppeteer to 19.7.2 {kibana-pull}153033[#153033] + +Uptime:: +* Fixes default date range on errors page {kibana-pull}155661[#155661] +* Removes the "Beta" labels in Synthetics {kibana-pull}155589[#155589] +* Fixes ML job/rule edit error {kibana-pull}155212[#155212] + +[[release-notes-8.7.1]] +== {kib} 8.7.1 + +coming::[8.7.1] + +Review the following information about the {kib} 8.7.1 release. + +[float] +[[breaking-changes-8.7.1]] +=== Breaking changes + +Breaking changes can prevent your application from optimal operation and performance. +Before you upgrade to 8.7.1, review the breaking changes, then mitigate the impact to your application. + +There are no breaking changes in the {kib} 8.7.1 release. + +To review the breaking changes in the previous release, check {kibana-ref-all}/8.7/release-notes-8.7.0.html#breaking-changes-8.7.0[8.7.0]. + +[float] +[[enhancement-v8.7.1]] +=== Enhancement +Fleet:: +The agent policy "Host name format" selector is now enabled by default {kibana-pull}154563[#154563] + +[float] +[[fixes-v8.7.1]] +=== Bug fixes +APM:: +* Scoring is now applied by ES {kibana-pull}154627[#154627] +* Fixes the APM Java Agent download link {kibana-pull}154023[#154023] +* Improves the overflow message text {kibana-pull}153676[#153676] + +Canvas:: +* Disables the Edit in Lens action for the legacy savedVisualization function {kibana-pull}154656[#154656] +* Fixes the home page redirect loop {kibana-pull}154568[#154568] +* Fixes an issue where the image upload component was unable to load for image elements {kibana-pull}154385[#154385] + +Dashboard:: +Improves controls flyout performance for data views with a large number of fields {kibana-pull}154004[#154004] + +Discover:: +Fixes aborted request handling in the saved search embeddable {kibana-pull}153822[#153822] + +Elastic Security:: +For the Elastic Security 8.7.1 release information, refer to {security-guide}/release-notes.html[_Elastic Security Solution Release Notes_]. + +Fleet:: +* Fixes an issue where the Advanced options toggle in the policy editor was always showing {kibana-pull}154612[#154612] +* Fixes an issue where the warning icon was unable to display in 8.7 {kibana-pull}154119[#154119] +* Adds updates to output logic {kibana-pull}153226[#153226] + +Infrastructure:: +Fixes the inventory table pagination navigation {kibana-pull}153849[#153849] + +Lens & Visualizations:: +Fixes the timezone that *Lens* uses in normalize by unit {kibana-pull}154472[#154472] + +Machine Learning:: +* Change point detection: Fixes applied filters and queries to the charts {kibana-pull}154707[#154707] +* Change point detection: Fixes support for running over relative time range {kibana-pull}154313[#154313] +* Reinstates cold and frozen tier filters for Linux and Windows security modules {kibana-pull}153222[#153222] + +Maps:: +Fixes an issue where geographic filters were unable to work when courier:ignoreFilterIfFieldNotInIndex was enabled {kibana-pull}153816[#153816] + +Monitoring:: +Fixes the CCR read_exceptions alert {kibana-pull}153888[#153888] + +Querying & Filtering:: +Fixes the ability to copy and paste the comma delimeter for multifields {kibana-pull}153772[#153772] + +[[release-notes-8.7.0]] +== {kib} 8.7.0 + +Review the following information about the {kib} 8.7.0 release. + +[float] +[[known-issues-8.7.0]] +=== Known issues + +// tag::known-issue-151698[] +[discrete] +.Observability Overview shows empty User Experience panel +[%collapsible] +==== +*Details* + +Release 8.7.0 has a bug causing the Observability Overview page to show an empty User Experience panel, even when there is RUM data (fixed in {kibana-pull}154419[#154419]). + +*Impact* + +While the User Experience panel on the Observability Overview page is empty, any RUM data will still be available from the User Experience Dashboard. +==== +// end::known-issue-151698[] + +[float] +[[breaking-changes-8.7.0]] +=== Breaking changes + +Breaking changes can prevent your application from optimal operation and performance. +Before you upgrade to 8.7.0, review the breaking changes, then mitigate the impact to your application. + +[discrete] +[[breaking-149482]] +.Removes the fields list sampling setting +[%collapsible] +==== +*Details* + +`lens:useFieldExistenceSampling` has been removed from *Advanced Settings*. The setting allowed you to enable document sampling to determine the fields that are displayed in *Lens*. For more information, refer to {kibana-pull}149482[#149482]. + +*Impact* + +In 8.1.0 and later, {kib} uses the field caps API, by default, to determine the fields that are displayed in *Lens*. +==== + +[discrete] +[[breaking-146990]] +.Removes the legacy pie chart visualization setting +[%collapsible] +==== +*Details* + +`visualization:visualize:legacyPieChartsLibrary` has been removed from *Advanced Settings*. The setting allowed you to create aggregation-based pie chart visualizations using the legacy charts library. For more information, refer to {kibana-pull}146990[#146990]. + +*Impact* + +In 7.14.0 and later, the new aggregation-based pie chart visualization is available by default. For more information, check link:https://www.elastic.co/guide/en/kibana/current/add-aggregation-based-visualization-panels.html[Aggregation-based]. +==== + +[discrete] +[[breaking-147616]] +.Removes the current_upgrades endpoint +[%collapsible] +==== +*Details* + +The `api/fleet/current_upgrades` endpoint has been removed. For more information, refer to {kibana-pull}147616[#147616]. + +*Impact* + +When you upgrade to 8.7.0, use the `/action_status` endpoint. +==== + +[discrete] +[[breaking-147199]] +.Removes the preconfiguration API route +[%collapsible] +==== +*Details* + +The `/api/fleet/setup/preconfiguration` API, which was released as generally available by error, has been removed. For more information, refer to {kibana-pull}147199[#147199]. + +*Impact* + +Do not use `/api/fleet/setup/preconfiguration`. To manage preconfigured agent policies, use kibana.yml. For more information, check link:https://www.elastic.co/guide/en/kibana/current/fleet-settings-kb.html#_preconfiguration_settings_for_advanced_use_cases[Preconfigured settings]. +==== + +To review the breaking changes in previous versions, refer to the following: + +{kibana-ref-all}/8.6/release-notes-8.6.0.html#breaking-changes-8.6.0[8.6.0] | {kibana-ref-all}/8.5/release-notes-8.5.0.html#breaking-changes-8.5.0[8.5.0] | {kibana-ref-all}/8.4/release-notes-8.4.0.html#breaking-changes-8.4.0[8.4.0] | {kibana-ref-all}/8.3/release-notes-8.3.0.html#breaking-changes-8.3.0[8.3.0] | {kibana-ref-all}/8.2/release-notes-8.2.0.html#breaking-changes-8.2.0[8.2.0] | {kibana-ref-all}/8.1/release-notes-8.1.0.html#breaking-changes-8.1.0[8.1.0] | {kibana-ref-all}/8.0/release-notes-8.0.0.html#breaking-changes-8.0.0[8.0.0] | {kibana-ref-all}/8.0/release-notes-8.0.0-rc2.html#breaking-changes-8.0.0-rc2[8.0.0-rc2] | {kibana-ref-all}/8.0/release-notes-8.0.0-rc1.html#breaking-changes-8.0.0-rc1[8.0.0-rc1] | {kibana-ref-all}/8.0/release-notes-8.0.0-beta1.html#breaking-changes-8.0.0-beta1[8.0.0-beta1] | {kibana-ref-all}/8.0/release-notes-8.0.0-alpha2.html#breaking-changes-8.0.0-alpha2[8.0.0-alpha2] | {kibana-ref-all}/8.0/release-notes-8.0.0-alpha1.html#breaking-changes-8.0.0-alpha1[8.0.0-alpha1] + +[float] +[[features-8.7.0]] +=== Features +{kib} 8.7.0 adds the following new and notable features. + +Alerting:: +* Alerts Table- Inspect Modal {kibana-pull}149586[#149586] +* Updates Rule Action Form to add Summary UX {kibana-pull}149367[#149367] +* Users can now search for Cases by ID {kibana-pull}149233[#149233] +* Alerts table row loading state {kibana-pull}148874[#148874] +* Adds default summary message {kibana-pull}148749[#148749] +* AlertsTable - Add persistent controls that show even on empty state {kibana-pull}148735[#148735] +* Connector logs view {kibana-pull}148291[#148291] +* Make action retries configurable {kibana-pull}147876[#147876] +* Adds summary capabilities to the API and execution logic {kibana-pull}147360[#147360] +* Adds flapping state to alert context for action parameters {kibana-pull}147136[#147136] +* Adds triggered actions list in task state {kibana-pull}146183[#146183] +* Moves “Notify When” and throttle from rule to action {kibana-pull}145637[#145637] + +APM:: +* Increases maxTraceItems {kibana-pull}149062[#149062] +* Disables navigation to _other bucket and show warning tooltip {kibana-pull}148641[#148641] +* Show warning if transaction groups are dropped {kibana-pull}148625[#148625] +* Show alert indicator on alerts tab {kibana-pull}148048[#148048] +* Adds latency alert history chart on the Alert details page for APM {kibana-pull}148011[#148011] +* Adds alert annotation and threshold shade on the APM latency chart on the Alert Details page {kibana-pull}147848[#147848] +* Errors group sampler {kibana-pull}147571[#147571] +* Show alert indicator on service inventory page {kibana-pull}147511[#147511] +* Adds alertDetailAppSection to the APM Rule Details page {kibana-pull}143298[#143298] + +Dashboard:: +* Adds the ability to load more options list suggestions when you scroll {kibana-pull}148331[#148331] +* Adds alert filters to the Detection page {kibana-pull}146989[#146989] +* Adds the image embeddable {kibana-pull}146421[#146421] +* Adds the "Convert to lens" action to Dashboard {kibana-pull}146363[#146363] +* Adds a step size to the time slider control {kibana-pull}145033[#145033] +* Adds the ability to sort the options list suggestions {kibana-pull}144867[#144867] + +Elastic Security:: +For the Elastic Security 8.7.0 release information, refer to {security-guide}/release-notes.html[_Elastic Security Solution Release Notes_]. + +Enterprise Search:: +For the Elastic Enterprise Search 8.7.0 release information, refer to {enterprise-search-ref}/changelog.html[_Elastic Enterprise Search Documentation Release notes_]. + +Fleet:: +* Adds ability to show FQDN of agents {kibana-pull}150239[#150239] +* Adds `getStatusSummary` query parameter to `GET /api/fleet/agents` API {kibana-pull}149963[#149963] +* Enabling diagnostics feature flag and changed query for files to use upload_id {kibana-pull}149575[#149575] +* Experimental toggles for doc-value-only {kibana-pull}149131[#149131] +* We now display agent metrics, CPU and memory in the agent list table and agent details page {kibana-pull}149119[#149119] +* Implement subcategories in integrations UI {kibana-pull}148894[#148894] +* Added rollout period to upgrade action {kibana-pull}148240[#148240] +* Adds per-policy inactivity timeout + use runtime fields for agent status {kibana-pull}147552[#147552] +* Show dataset combo box for input packages {kibana-pull}147015[#147015] +* Adds UI controls to setting/outputs to configure new shipper {kibana-pull}145755[#145755] + +Infrastructure:: +* Adds link to ingest pipeline dashboard from Stack Monitoring {kibana-pull}149721[#149721] + +Integrations:: +* User friendly UX added alongside advanced yaml editor {kibana-pull}147900[#147900] +* Custom fleet policy UX for new integration (cloud defend v1) {kibana-pull}147300[#147300] + +Kibana Home & Add Data:: +Self-managed {kib} instances now have a link to instructions for migrating self-managed clusters to Elastic Cloud {kibana-pull}145523[#145523] + +Lens & Visualizations:: +Adds the share link feature in *Lens* {kibana-pull}148829[#148829] + +Machine Learning:: +* Adds change point detection feature {kibana-pull}150308[#150308] +* Remove Technical Preview label from the Trained Models UI {kibana-pull}149715[#149715] +* Adds a new memory usage by job and by model view {kibana-pull}149419[#149419] +* Allow Anomaly Detection geo jobs to be created from maps dashboard {kibana-pull}147797[#147797] +* Adds geo fields support for Unified field list, add statistics flyover to Anomaly detection job creation wizards {kibana-pull}147322[#147322] +* Anomaly Detection wizards: adds geo job wizard {kibana-pull}147043[#147043] + +Management:: +* Adds field statistics popovers for Data Frame Analytics & Transform creation wizards {kibana-pull}149879[#149879] +* Transforms: Shows health status of transform in UI {kibana-pull}150359[#150359] + +Monitoring:: +* Adds duration configuration to Stack Monitoring Cluster Health rule {kibana-pull}147565[#147565] + +Observability:: +* Adds alert summary widget to overview page {kibana-pull}149581[#149581] +* Adds AlertSummaryWidget full-size on the Alerts page {kibana-pull}148539[#148539] +* Additional context for log threshold rule {kibana-pull}148503[#148503] +* Adds charts to Alert Summary Widget {kibana-pull}148143[#148143] +* Adds rule details locator and make AlertSummaryWidget clickable {kibana-pull}147103[#147103] +* Adds groupByKeys context to recovered alerts for Log Threshold Rule and Metric Threshold Rule {kibana-pull}146874[#146874] +* Adds new context variable called groupByKeys {kibana-pull}146633[#146633] +* Adds new context variable for group by keys {kibana-pull}145654[#145654] +* Adds Platinum license check for SLO APIs and SLO pages {kibana-pull}149055[#149055] +* Create SLO / Edit SLO Form - Custom KQL {kibana-pull}147843[#147843] +* SLO List {kibana-pull}147447[#147447] + +Platform:: +New trigger actions for chart legends and table cell actions {kibana-pull}146779[#146779] + +Querying & Filtering:: +* Insight filter builder form as markdown plugin {kibana-pull}150363[#150363] +* Adds the ability to support complex filters with AND/OR relationships {kibana-pull}143928[#143928] + +Security:: +* Adds the ability to allow administrators to limit the number of concurrent user sessions with `xpack.security.session.сoncurrentSessions.maxSessions` {kibana-pull}147442[#147442] +* API Keys can now be updated with new role descriptors and metadata in the API Keys Management screen {kibana-pull}146237[#146237] + +For more information about the features introduced in 8.7.0, refer to <>. + +[[enhancements-and-bug-fixes-v8.7.0]] +=== Enhancements and bug fixes +For detailed information about the 8.7.0 release, review the enhancements and bug fixes. + +[float] +[[enhancement-v8.7.0]] +=== Enhancements +Alerting:: +* Bring flapping status and settings in o11y {kibana-pull}150483[#150483] +* Redesign all cases list select modal {kibana-pull}149851[#149851] +* RenderCustomActionsRow with named params instead of args {kibana-pull}149304[#149304] +* Adds new column `Updated on ` in `all cases list ` table. This column can be sorted and can persist sorting options {kibana-pull}149116[#149116] +* Users can now click a button on Case Detail and All Cases List to copy a case's UUID to the clipboard {kibana-pull}148962[#148962] +* Sorting, severity filter and status filter are now persisted in the URL and local storage for the all cases list {kibana-pull}148549[#148549] +* Sorting by status, severity, and title is now allowed in the all-cases list {kibana-pull}148193[#148193] +* See "My recently assigned cases" to the recent cases widget of Security Solution dashboard {kibana-pull}147763[#147763] +* Adds the ability to bulk edit assignees on multiple cases {kibana-pull}146907[#146907] +* Save draft user comment {kibana-pull}146327[#146327] +* Ram 145739 use bulk enable disable in UI {kibana-pull}145928[#145928] +* Create generic retry if function {kibana-pull}145713[#145713] +* Return rules from bulk enable {kibana-pull}145391[#145391] +* Create bulk disable endpoint {kibana-pull}145179[#145179] +* Adding group by options to ES query rule type {kibana-pull}144689[#144689] + +APM:: +* Adds APM alert status to the alerts table {kibana-pull}150500[#150500] +* Promotes the Alerts tab in the APM UI to GA {kibana-pull}150528[#150528] +* Switches get environment function to use `terms_enum` api {kibana-pull}150175[#150175] +* Uses (rolled up) service metrics for service inventory {kibana-pull}149938[#149938] +* Adds KQL filter bar to the service map page {kibana-pull}149900[#149900] +* Integrates Alert search bar in the alerts tab {kibana-pull}149610[#149610] +* Adds Azure Functions support in the APM UI {kibana-pull}149479[#149479] +* Adds a 404 page {kibana-pull}149471[#149471] +* Adds single-click setup from Kibana {kibana-pull}148959[#148959] +* Updates sparklines to support the bar chart graph style {kibana-pull}148702[#148702] +* Adds a flamegraph legend {kibana-pull}147910[#147910] +* Adds API keys to APM package policies {kibana-pull}147650[#147650] +* Only renders waterfall items up until 3 levels {kibana-pull}147569[#147569] +* Improves span links navigation {kibana-pull}147426[#147426] +* Updates default refresh interval to 60 seconds {kibana-pull}146791[#146791] +* Adds pagination to source map API {kibana-pull}145959[#145959] +* Adds ability to offset point labels on maps {kibana-pull}145773[#145773] + +Dashboard:: +* Add new panel settings option to change the title, description, and time range for panels {kibana-pull}148301[#148301] +* Anchor time slider to start {kibana-pull}148028[#148028] +* Show document count beside options list suggestions {kibana-pull}146241[#146241] + +Discover:: +* Show "Copy value" button for any grid cell {kibana-pull}149525[#149525] +* Align field list filters UI between Discover and Lens {kibana-pull}148547[#148547] +* Persist field list sections state in local storage {kibana-pull}148373[#148373] +* Enable adhoc data views creation from no data views state {kibana-pull}147850[#147850] +* Adds a way to quickly expand time range from "No results" screen {kibana-pull}147195[#147195] +* Optimize checking for multifields during grid rendering {kibana-pull}145698[#145698] +* Align field list sections between Discover and Lens {kibana-pull}144412[#144412] +* Update Discover's histogram to use Lens, and add support for breaking down the histogram by top values of a selected field {kibana-pull}143117[#143117] + +Elastic Security:: +For the Elastic Security 8.7.0 release information, refer to {security-guide}/release-notes.html[_Elastic Security Solution Release Notes_]. + +Enterprise Search:: +For the Elastic Enterprise Search 8.7.0 release information, refer to {enterprise-search-ref}/changelog.html[_Elastic Enterprise Search Documentation Release notes_]. + +Fleet:: +* Fixes discard changes link taking user to "page not found" {kibana-pull}150174[#150174] +* Adds filebeat_input index to agent policy default {kibana-pull}149974[#149974] +* Bugfix: Apply namespace from agent policy if there is one when adding integration {kibana-pull}149949[#149949] +* Agent List: Inform users when agents have become inactive since last page view {kibana-pull}149226[#149226] +* Experimental toggles for doc-value-only {kibana-pull}149131[#149131] +* Create index templates and ingest pipeline at package policy creation time for input packages {kibana-pull}148772[#148772] +* Do not allow namespace or dataset to be edited for input only package policies {kibana-pull}148422[#148422] +* Adds deprecation warning to unenrollment timeout agent policy setting {kibana-pull}147963[#147963] +* Adds active filter count to agent status filter {kibana-pull}147821[#147821] + +Kibana UI:: +The list view in Dashboard, Visualize Library, Maps, and Graph now stores the latest state of the table in the URL {kibana-pull}145517[#145517] + +Lens & Visualizations:: +* Enable nice rounding for scalar axis in *Lens* {kibana-pull}149388[#149388] +* Don't block render on missing field in *Lens* {kibana-pull}149262[#149262] +* Enable previous time shift when using a date histogram in *Lens* {kibana-pull}149126[#149126] +* Displays the annotation icon on the annotation dimension label in *Lens* {kibana-pull}147686[#147686] +* Extend explore data in Discover/open in Discover drilldown to visualizations with annotations and reference lines in *Lens* {kibana-pull}147541[#147541] +* Moves the mosaic/waffle charts into GA in *Lens* {kibana-pull}146261[#146261] +* Color by slice for multi-metric partition chart in *Lens* {kibana-pull}145948[#145948] +* Save function to integrate listing Inspector {kibana-pull}145381[#145381] +* Absolute time shift support in formula in *Lens* {kibana-pull}144564[#144564] + +Machine Learning:: +* Adding multi-modal distribution to the explain anomaly results {kibana-pull}150014[#150014] +* Adding anomaly explanation help link {kibana-pull}149674[#149674] +* Data Frame Analytics results view: add link to custom visualizations for viewing scatterplot charts {kibana-pull}149647[#149647] +* Explain Log Rate Spikes: highlight field pairs unique to groups in expanded row {kibana-pull}148601[#148601] +* Adds delete annotations option to delete and reset job modals {kibana-pull}147537[#147537] +* Adds override for data which doesn't contain a time field {kibana-pull}147504[#147504] +* Adds responsive layout to Index data visualizer, fix doc count chart margin {kibana-pull}147137[#147137] +* Use anomaly score explanation for chart tooltip multi-bucket impact {kibana-pull}146866[#146866] +* Remove beta badge for Field statistics table in Discover {kibana-pull}140991[#140991] + +Management:: +* Transforms: Adds "Use full data" button to transform creation wizard {kibana-pull}150030[#150030] +* Adds override field to Dot expander processor form {kibana-pull}149599[#149599] +* Adds fields to Append Ingest Pipeline processor form {kibana-pull}149520[#149520] +* Adds support for S3 intelligent tiering in Snapshot and Restore {kibana-pull}149129[#149129] +* Transforms: Adds date picker to transform wizard for data view with time fields {kibana-pull}149049[#149049] +* Use data view formatter for fields preview in Edit field flyout {kibana-pull}148446[#148446] +* Adds a new global ui settings client {kibana-pull}146270[#146270] +* Update Transform installation mechanism to support upgrade paths {kibana-pull}142920[#142920] + +Maps:: +Adds support for hex aggregation with geo_shape field {kibana-pull}143890[#143890] + +Monitoring:: +* Link to individual host page on hosts view {kibana-pull}147380[#147380] +* Adds support for beats datastream patterns {kibana-pull}146184[#146184] + +Observability:: +* Custom equation editor for Metric Threshold Rule {kibana-pull}148732[#148732] +* Adds context.originalAlertState to the Metric Threshold and Inventory Threshold recovery context {kibana-pull}147928[#147928] + +Querying & Filtering:: +Allows case sensitive option on multiselection filters input {kibana-pull}149570[#149570] + +Security:: +* The default `csp.disableUnsafeEval` value is now `true`, so now the `unsafe-eval` source expression isn't present by default in the Kibana Content Security Policy (CSP) {kibana-pull}150157[#150157] +* Adds client IP address to Kibana audit log {kibana-pull}148055[#148055] +* Adds `Cross-Origin-Opener-Policy: same-origin` HTTP header to Kibana default response headers {kibana-pull}147874[#147874] + +Sharing:: +Enables multiple values filtering on tooltip actions {kibana-pull}148372[#148372] + +Uptime:: +TLS rule allow monitors filtering {kibana-pull}150339[#150339] + +[float] +[[fixes-v8.7.0]] +=== Bug Fixes +Alerting:: +* Event log failure message {kibana-pull}149355[#149355] +* Optimize alerting task runner for persistent (non-lifecycle rule types) {kibana-pull}149043[#149043] +* Failed test x-pack/plugins/triggers_actions_ui/public/application/lib/transformActionVariables {kibana-pull}147579[#147579] +* Rule create/update form re-render {kibana-pull}147221[#147221] +* Hiding all features in a space causes rules to stop running {kibana-pull}146188[#146188] +* Send complete test data to xMatters, so it can create an alert {kibana-pull}145431[#145431] +* Hiding all features in a space causes rules to stop running {kibana-pull}145372[#145372] + +APM:: +* Latency threshold rule's threshold context variable should use milliseconds instead of microseconds {kibana-pull}150234[#150234] +* Cannot read/write APM Settings Indices page with minimally-privileged user {kibana-pull}150107[#150107] +* Adds `service.environment` log correlation {kibana-pull}150065[#150065] +* Remove `host.name` correlation {kibana-pull}150005[#150005] +* Fixes display of stacktrace with EuiCodeBlocks {kibana-pull}149911[#149911] +* Alert rules: The transaction type and environment options are not filtered by the selected service {kibana-pull}149849[#149849] +* Unable to create Latency threshold rule for All services or All Transaction types {kibana-pull}149735[#149735] +* Adds language specific headers {kibana-pull}149400[#149400] +* Adds stacktrace support for php {kibana-pull}149122[#149122] +* Tech preview feature on General settings {kibana-pull}148996[#148996] +* Fixes APM sourcemap upload route {kibana-pull}148508[#148508] +* Change order of tabs {kibana-pull}147518[#147518] +* Show values of highlighted sample in TopN chart {kibana-pull}147431[#147431] +* Synchronous Anomaly detection jobs creation {kibana-pull}145969[#145969] +* Change default refresh interval to 60 seconds {kibana-pull}144389[#144389] + +Dashboard:: +* Retain maximized panel on link/unlink from library {kibana-pull}150405[#150405] +* Fixes Unlink from Library / Save to Library for Maximized Panel {kibana-pull}150338[#150338] +* Fixes Darktheme is missing from add drilldowns panel {kibana-pull}147270[#147270] +* Removes options list `"Allow "` toggles {kibana-pull}147216[#147216] + +Design:: +* Fixes a11y issue with dev tool tabs {kibana-pull}149349[#149349] +* Fixes a11y issues with cross cluster replication flyouts {kibana-pull}149069[#149069] +* Fixes a11y for snapshot policy flyout {kibana-pull}148972[#148972] + +Discover:: +* Fixes Phrase_filter query for scripted fields {kibana-pull}148943[#148943] +* Use Discover locator for alert results link {kibana-pull}146403[#146403] +* Validate if Data View time field exists on Alert creation / editing {kibana-pull}146324[#146324] + +Elastic Security:: +For the Elastic Security 8.7.0 release information, refer to {security-guide}/release-notes.html[_Elastic Security Solution Release Notes_]. + +Enterprise Search:: +For the Elastic Enterprise Search 8.7.0 release information, refer to {enterprise-search-ref}/changelog.html[_Elastic Enterprise Search Documentation Release notes_]. + +Fleet:: +* Truncate long names in agents table {kibana-pull}150069[#150069] +* Update kubernetes templates for elastic-agent {kibana-pull}143275[#143275] + +Infrastructure:: +Remove ts-ignore annotation {kibana-pull}145759[#145759] + +Lens & Visualizations:: +* Always use resolved time range when computing Top values order agg with timeshifts in *Lens* {kibana-pull}150418[#150418] +* Fixes problem with timeshift in formula and breakdown in *Lens* {kibana-pull}150406[#150406] +* Fixes nested other bucket for empty string {kibana-pull}150321[#150321] +* Fixes chart padding on reference lines/annotations icon on the left side in *Lens* {kibana-pull}149573[#149573] +* Fixes the partition legend actions header format problem in *Lens* {kibana-pull}149114[#149114] +* Automatically enable show array values for non-numeric runtime fields in *Lens* {kibana-pull}149025[#149025] +* Always display the major label {kibana-pull}148999[#148999] +* Adds multi fields support to selected fields list in *Lens* {kibana-pull}148899[#148899] +* Allows cleaning up of the filters aggregatiob custom label in *Lens* {kibana-pull}148535[#148535] +* Order date fields first on discover drilldown in *Lens* {kibana-pull}146786[#146786] +* Fixes the syncing of other series color in *Lens* {kibana-pull}146785[#146785] + +Machine Learning:: +* Data Frame Analytics creation wizard: ensure includes table is populated correctly on job type change {kibana-pull}150112[#150112] +* Data Frame Analytics maps view: Fix update of map when selecting results index node {kibana-pull}149993[#149993] +* Fixes Typical to actual connector lines in AnomalyLayer have dot halfway {kibana-pull}149270[#149270] +* Fixes responsive behaviour of page header with date picker {kibana-pull}149073[#149073] +* Delayed data visualization: ensure y-axis count is visible {kibana-pull}148982[#148982] +* Allow dedicated index override in JSON editor {kibana-pull}148887[#148887] +* Anomaly Detection: Fix button switch issue with unmounted component {kibana-pull}148239[#148239] +* Anomaly Detection: Fix Anomaly Explorer context handling {kibana-pull}148231[#148231] +* Fixes modal titles {kibana-pull}147855[#147855] + +Management:: +* Replace global `GET /_mapping` request with `GET /_mapping` {kibana-pull}147770[#147770] +* Fixes form validation UX when the same data view name already exists {kibana-pull}146126[#146126] +* The field preview in the data view field editor now works for all fields, whether or not they are in the document's `_source` {kibana-pull}145943[#145943] + +Maps:: +* Fixes Kibana maps should not override the sort field if not provided by the user {kibana-pull}150400[#150400] +* Show embeddable filters in spatial layer {kibana-pull}150078[#150078] +* Fixes Kibana Maps UI upload geojson failure should be received as such {kibana-pull}149969[#149969] +* Verify CRS for geojson upload {kibana-pull}148403[#148403] + +Monitoring:: +Use UI time range filter in logstash pipeline details query {kibana-pull}150032[#150032] + +Observability:: +Adds ALERT_RULE_PARAMETERS to the common fields in Rule Registry {kibana-pull}147458[#147458] + +Platform:: +Support cgroup v2 in core metric collection {kibana-pull}147082[#147082] + +[[release-notes-8.6.1]] +== {kib} 8.6.1 + +Review the following information about the {kib} 8.6.1 release. + +[float] +[[breaking-changes-8.6.1]] +=== Breaking changes + +Breaking changes can prevent your application from optimal operation and performance. +Before you upgrade, review the breaking change, then mitigate the impact to your application. + +There are no breaking changes in {kib} 8.6.1. + +{kibana-ref-all}/8.5/release-notes-8.5.0.html#breaking-changes-8.5.0[8.5.0] | {kibana-ref-all}/8.4/release-notes-8.4.0.html#breaking-changes-8.4.0[8.4.0] | {kibana-ref-all}/8.3/release-notes-8.3.0.html#breaking-changes-8.3.0[8.3.0] | {kibana-ref-all}/8.2/release-notes-8.2.0.html#breaking-changes-8.2.0[8.2.0] | {kibana-ref-all}/8.1/release-notes-8.1.0.html#breaking-changes-8.1.0[8.1.0] | {kibana-ref-all}/8.0/release-notes-8.0.0.html#breaking-changes-8.0.0[8.0.0] | {kibana-ref-all}/8.0/release-notes-8.0.0-rc2.html#breaking-changes-8.0.0-rc2[8.0.0-rc2] | {kibana-ref-all}/8.0/release-notes-8.0.0-rc1.html#breaking-changes-8.0.0-rc1[8.0.0-rc1] | {kibana-ref-all}/8.0/release-notes-8.0.0-beta1.html#breaking-changes-8.0.0-beta1[8.0.0-beta1] | {kibana-ref-all}/8.0/release-notes-8.0.0-alpha2.html#breaking-changes-8.0.0-alpha2[8.0.0-alpha2] | {kibana-ref-all}/8.0/release-notes-8.0.0-alpha1.html#breaking-changes-8.0.0-alpha1[8.0.0-alpha1] + +[float] +[[enhancement-v8.6.1]] +=== Enhancements +Alerting:: +* Create OAS for get rule types and get alerting framework health {kibana-pull}148774[#148774] +* Create open API specification for create/update connector {kibana-pull}148691[#148691] +* Create open API specification for disable/enable rule and mute/unmute all alerts {kibana-pull}148494[#148494] + +Elastic Security:: +For the Elastic Security 8.6.1 release information, refer to {security-guide}/release-notes.html[_Elastic Security Solution Release Notes_]. + +[float] +[[fixes-v8.6.1]] +=== Bug fixes +Canvas:: +Replaces React.lazy and withSuspense with async imports in expressions plugins {kibana-pull}147693[#147693] + +Dashboard:: +* Adds styling to allow clickable *TSVB* markdown images {kibana-pull}147802[#147802] +* Changes the visibility of the panel filters action {kibana-pull}146335[#146335] + +Discover:: +* Adds support for case-insensitive search in Document Viewer {kibana-pull}148312[#148312] +* Fixes the field stats for the epoch time format {kibana-pull}148288[#148288] + +Elastic Security:: +For the Elastic Security 8.6.1 release information, refer to {security-guide}/release-notes.html[_Elastic Security Solution Release Notes_]. + +Fleet:: +* Fixes missing policy Id in installation URL for cloud integrations {kibana-pull}149243[#149243] +* Fixes package installation APIs to install packages without a version {kibana-pull}149193[#149193] +* Fixes issue where the latest GA version could not be installed if there was a newer prerelease version in the registry {kibana-pull}149133[#149133] and {kibana-pull}149104[#149104] + +Infrastructure:: +Fixes an issue where the summary request piled up {kibana-pull}148670[#148670] + +Machine Learning:: +* Fixes the bucket span estimator in the advanced wizard {kibana-pull}149008[#149008] +* Fixes the transforms JSON display {kibana-pull}147996[#147996] + +Management:: +* Fixes the runtime field format editor {kibana-pull}148497[#148497] +* Improves the check for response size in the `/autocomplete_entities` endpoint {kibana-pull}148328[#148328] + +Maps:: +Fixes an issue where Maps was unable to initialize the time range from URLs {kibana-pull}148465[#148465] + +Platform:: +Fixes the server-side import of the contract `CloudStart` {kibana-pull}149203[#149203] + +Uptime:: +* ssl fields are now omitted when ssl is disabled {kibana-pull}149087[#149087] +* Adds the ability to disable throttling for project monitors {kibana-pull}148669[#148669] + +[[release-notes-8.6.0]] +== {kib} 8.6.0 + +Review the following information about the {kib} 8.6.0 release. + +[float] +[[known-issues-8.6.0]] +=== Known issues + +[discrete] +[[known-issue-146020]] +.Attempting to create APM latency threshold rules from the Observability rules page fail +[%collapsible] +==== +*Details* + +When you attempt to create an APM latency threshold rule in **Observability** > **Alerts** > **Rules** for all services or all transaction types, the request will fail with a `params invalid` error. +*Impact* + +This known issue only impacts the Observability Rules page. To work around this issue, create APM latency threshold rules in the APM Alerts and Rules dialog. See {kibana-ref}/apm-alerts.html[Alerts and rules] for detailed instructions. +==== + +[float] +[[breaking-changes-8.6.0]] +=== Breaking changes + +Breaking changes can prevent your application from optimal operation and performance. +Before you upgrade to 8.6.0, review the breaking changes, then mitigate the impact to your application. + +[discrete] +[[breaking-143081]] +.Changes the `histogram:maxBars` default setting +[%collapsible] +==== +*Details* + +To configure higher resolution data histogram aggregations without changing the *Advanced Settings*, the default histogram:maxBars setting is now 1000 instead of 100. For more information, refer to {kibana-pull}143081[#143081]. + +*Impact* + +For each {kibana-ref}/xpack-spaces.html[space], complete the following to change *histogram:maxBars* to the previous default setting: + +. Open the main menu, then click *Stack Management > Advanced Settings*. +. Scroll or search for *histogram:maxBars*. +. Enter `100`, then click *Save changes*. +==== + +To review the breaking changes in previous versions, refer to the following: + +{kibana-ref-all}/8.5/release-notes-8.5.0.html#breaking-changes-8.5.0[8.5.0] | {kibana-ref-all}/8.4/release-notes-8.4.0.html#breaking-changes-8.4.0[8.4.0] | {kibana-ref-all}/8.3/release-notes-8.3.0.html#breaking-changes-8.3.0[8.3.0] | {kibana-ref-all}/8.2/release-notes-8.2.0.html#breaking-changes-8.2.0[8.2.0] | {kibana-ref-all}/8.1/release-notes-8.1.0.html#breaking-changes-8.1.0[8.1.0] | {kibana-ref-all}/8.0/release-notes-8.0.0.html#breaking-changes-8.0.0[8.0.0] | {kibana-ref-all}/8.0/release-notes-8.0.0-rc2.html#breaking-changes-8.0.0-rc2[8.0.0-rc2] | {kibana-ref-all}/8.0/release-notes-8.0.0-rc1.html#breaking-changes-8.0.0-rc1[8.0.0-rc1] | {kibana-ref-all}/8.0/release-notes-8.0.0-beta1.html#breaking-changes-8.0.0-beta1[8.0.0-beta1] | {kibana-ref-all}/8.0/release-notes-8.0.0-alpha2.html#breaking-changes-8.0.0-alpha2[8.0.0-alpha2] | {kibana-ref-all}/8.0/release-notes-8.0.0-alpha1.html#breaking-changes-8.0.0-alpha1[8.0.0-alpha1] + +[float] +[[features-8.6.0]] +=== Features +{kib} 8.6.0 adds the following new and notable features. + +Alerting:: +* Notify users by email when assigned to a case {kibana-pull}144391[#144391] +* Adds flapping state object and interface in AAD index and Event Log {kibana-pull}143920[#143920] +* Change Alerts > Actions execution order {kibana-pull}143577[#143577] +* Adds the ability to remove alerts attached to a case {kibana-pull}143457[#143457] +* This feature allows users to create and close alerts within Opsgenie {kibana-pull}142411[#142411] +* Adds filter field to index threshold rule type {kibana-pull}142255[#142255] +* Allow users to see event logs from all spaces they have access to {kibana-pull}140449[#140449] + +Elastic Security:: +For the Elastic Security 8.6.0 release information, refer to {security-guide}/release-notes.html[_Elastic Security Solution Release Notes_]. + +Enterprise Search:: +For the Elastic Enterprise Search 8.6.0 release information, refer to {enterprise-search-ref}/changelog.html[_Elastic Enterprise Search Documentation Release notes_]. + +Fleet:: +* Differentiate kubernetes integration multipage experience {kibana-pull}145224[#145224] +* Adds prerelease toggle to Integrations list {kibana-pull}143853[#143853] +* Adds link to allow users to skip multistep add integration workflow {kibana-pull}143279[#143279] + +Infrastructure:: +Adds support for the the Unified Search Bar for Query input {kibana-pull}143222[#143222] + +Lens & Visualizations:: +Adds support for trend lines in *Lens* metric visualizations {kibana-pull}141851[#141851] + +Machine Learning:: +* Trained model testing with index data {kibana-pull}144629[#144629] +* Adding anomaly score explanations {kibana-pull}142999[#142999] + + +Monitoring:: +Collect metrics about the active/idle connections to ES nodes {kibana-pull}141434[#141434] + +Observability:: +* Integrate alert search bar on rule details page {kibana-pull}144718[#144718] +* Adds additional context to recovered alerts of Infrastructure rules {kibana-pull}144683[#144683] +* Adds list of containers in context variable of Inventory rule {kibana-pull}144526[#144526] +* Adds new contextual attributes to Infrastructure - Metric threshold rule {kibana-pull}143001[#143001] +* Adds alert details page feature flag by App {kibana-pull}142839[#142839] +* Adds new contextual attributes to Infrastructure - Inventory Rule {kibana-pull}140598[#140598] + +Osquery:: + +Allows users to deploy Osquery across all {agent} policies or on specified policies only {kibana-pull}143948[#143948] + +Platform:: +Adds notifications plugin, offering basic email service {kibana-pull}143303[#143303] + +Security:: +Adds the ability to show sub-feature privileges when using the Basic license {kibana-pull}142020[#142020] + +Uptime:: +Adds `created_at` field in saved objects {kibana-pull}143507[#143507] + +For more information about the features introduced in 8.6.0, refer to <>. + +[[enhancements-and-bug-fixes-v8.6.0]] +=== Enhancements and bug fixes + +For detailed information about the 8.6.0 release, review the enhancements and bug fixes. + +[float] +[[enhancement-v8.6.0]] +=== Enhancements +Alerting:: +* Clone rule {kibana-pull}144741[#144741] +* Remove errors and warning in triggers_actions_ui jest test {kibana-pull}144443[#144443] + +* Increase the default table size of the cases table to 10 {kibana-pull}144228[#144228] +* Bulk enable rules api {kibana-pull}144216[#144216] +* Create bulk delete on rules front {kibana-pull}144101[#144101] +* Improve Task Manager’s retry logic for ad-hoc tasks {kibana-pull}143860[#143860] +* Increases the max length limit of the case title to 160 characters {kibana-pull}143664[#143664] +* Adds the ability to bulk edit tags in the cases table {kibana-pull}143450[#143450] +* Filter cases without assignees {kibana-pull}143390[#143390] +* Make actions retry when encountering failures {kibana-pull}143224[#143224] +* Adds a backlink to cases when pushing in external services {kibana-pull}143174[#143174] +* Move Connectors to own page {kibana-pull}142485[#142485] +* 142183 create bulk delete on rules {kibana-pull}142466[#142466] +* Allow `_source` field for ES DSL query rules {kibana-pull}142223[#142223] +* Update rule status {kibana-pull}140882[#140882] + +APM:: +* Adds pie charts displaying the most used mobile devices, operating systems, etc. {kibana-pull}144232[#144232] +* Adds the ability to filter mobile APM views {kibana-pull}144172[#144172] +* Adds average latency map to the mobile service overview {kibana-pull}144127[#144127] +* Adds new options to APM central configuration {kibana-pull}143668[#143668] +* Adds a trace waterfall to the dependency operation detail view {kibana-pull}143257[#143257] +* Adds a configuration table above code sample in getting started guide {kibana-pull}143178[#143178] +* Adds improvements to the AWS Lambda metrics view {kibana-pull}143113[#143113] +* Adds total APM size and perecent of disk space used to storage explorer {kibana-pull}143179[#143179] +* [Technical preview] Adds the ability to display a critical path for a single trace {kibana-pull}143735[#143735] +* [Technical preview] Adds the agent explorer inventory and detail page {kibana-pull}143844[#143844] + +Dashboard:: +* Adds unmapped runtime field support to options list {kibana-pull}144947[#144947] +* Adds "Exists" functionality to options list {kibana-pull}143762[#143762] +* Adds `excludes` toggle to options list {kibana-pull}142780[#142780] +* Adds support for IP field to options list {kibana-pull}142507[#142507] +* Adds option to disable cursor sync on dashboards {kibana-pull}143355[#143355] + +Discover:: +* Adds the ability to edit ad hoc data views without permissions {kibana-pull}142723[#142723] +* Enables `esQuery` alert for adhoc data views {kibana-pull}140885[#140885] + +Elastic Security:: +For the Elastic Security 8.6.0 release information, refer to {security-guide}/release-notes.html[_Elastic Security Solution Release Notes_]. + +Enterprise Search:: +For the Elastic Enterprise Search 8.6.0 release information, refer to {enterprise-search-ref}/changelog.html[_Elastic Enterprise Search Documentation Release notes_]. + +Fleet:: +Adds `?full` option to get package info endpoint to return all package fields {kibana-pull}144343[#144343] + +Infrastructure:: +* Use the Unified Search Bar for date range selection {kibana-pull}144351[#144351] +* Adds network traffic to Hosts table {kibana-pull}142137[#142137] + +Kibana UI:: +Updates the Dashboard, Visualize Library, and Maps pages with enhanced tag filtering {kibana-pull}142108[#142108] + +Lens & Visualizations:: +* Rearranges the options in *Lens* {kibana-pull}144891[#144891] +* Adds the ability to open *TSVB* tables in *Lens* {kibana-pull}143946[#143946] +* Adds advanced params to the formula API in *Lens* {kibana-pull}143876[#143876] +* Adds the ability to display value labels on histogram and stacked charts in *Lens* {kibana-pull}143635[#143635] +* Distinguishes the adhoc data views from the permanent data views in the dropdowns {kibana-pull}143525[#143525] +* Adds the ability to filter metrics in the *Lens* data table {kibana-pull}143219[#143219] +* Adds support for navigate Variance aggregations in *Lens* {kibana-pull}143209[#143209] +* Adds selected field accordion to the fields list in *Lens* {kibana-pull}143175[#143175] +* Adds the ability to open aggregation-based xy charts in *Lens* {kibana-pull}142936[#142936] +* Adds the ability to open aggregation-based Gauge and Goal visualizations in *Lens* {kibana-pull}142838[#142838] +* Enables cursor syncronization in *Lens* heatmaps {kibana-pull}142821[#142821] +* Adds a reduced time range option for formula in *Lens* {kibana-pull}142709[#142709] +* Adds the ability to open aggregation-based metric visualization in *Lens* {kibana-pull}142561[#142561] +* Adds the ability to edit data views in the *Lens* flyout {kibana-pull}142362[#142362] +* Adds conditional operations in the *Lens* formula {kibana-pull}142325[#142325] +* Adds the ability to explore fields in Discover from *Lens* {kibana-pull}142199[#142199] +* Adds the ability to open *TSVB* Gauge visualizations in *Lens* {kibana-pull}142187[#142187] +* Adds new defaults function in *Lens* {kibana-pull}142087[#142087] +* Adds support for mustache context variables with periods {kibana-pull}143703[#143703] +* Adds explore matching indices to data view menu {kibana-pull}141807[#141807] +* Adds control in the *Lens* annotations layer menu for global filters {kibana-pull}141615[#141615] +* Adds field filter to popover in *Lens* {kibana-pull}141582[#141582] +* Improves the performance for large formulas in *Lens* {kibana-pull}141456[#141456] +* Improves the Quick function in-product assistance in *Lens* {kibana-pull}141399[#141399] +* Adds bit formatter in *Lens* {kibana-pull}141372[#141372] +* Adds the ability to open aggregation-based pie visualizations in *Lens* {kibana-pull}140879[#140879] +* Adds the ability to open *TSVB* metric visualizations in *Lens* {kibana-pull}140878[#140878] +* Adds the ability to open aggregation-based table visualizations in *Lens* {kibana-pull}140791[#140791] +* Adds the ability to allow date functions in formula {kibana-pull}143632[#143632] + +Machine Learning:: +* Data Frame Analytics: Highlight filtered data in scatterplot charts {kibana-pull}144871[#144871] +* Allow updates for number of allocations and priority for trained model deployments {kibana-pull}144704[#144704] +* Switch from normal sampling to random sampler for Index data visualizer table {kibana-pull}144646[#144646] +* Explain Log Rate Spikes: Replace chunks of queries with concurrent queue {kibana-pull}144220[#144220] +* Explain Log Rate Spikes: Allow to continue failed stream {kibana-pull}143301[#143301] +* Entity filter for the Notifications page {kibana-pull}142778[#142778] +* Show an info callout for new notifications {kibana-pull}142245[#142245] +* Adding dashboard custom url to lens created jobs {kibana-pull}142139[#142139] +* Adds ML open API output to appendix {kibana-pull}141556[#141556] + +Management:: +Adds missing geo aggs to autocomplete in Console {kibana-pull}141504[#141504] + +Maps:: +* Adds the ability to invert color ramp and size {kibana-pull}143307[#143307] +* Adds layer groups {kibana-pull}142528[#142528] +* Adds the ability to hide or show all layers {kibana-pull}141495[#141495] + +Observability:: +* Adds kibana.alert.time_range field to Alert-As-Data mappings and populate it {kibana-pull}141309[#141309] +* Alert summary widget new design {kibana-pull}141236[#141236] +* Adds histogram support for avg, max, min, sum and percentiles {kibana-pull}139770[#139770] + +Platform:: +Adds maxIdleSockets and idleSocketTimeout to Elasticsearch config {kibana-pull}142019[#142019] + +Security:: +* Adds a read-only mode to the User management screen for users with `read_security` cluster privilege {kibana-pull}143438[#143438] +* Adds a read-only mode to the API keys management screen for users with `read_security` cluster privilege {kibana-pull}144923[#144923] +* Adds `user.id` field to Kibana audit log {kibana-pull}141092[#141092] + +Uptime:: +* Allow using AND for tags filtering {kibana-pull}145079[#145079] +* Adds monitor detail flyout {kibana-pull}136156[#136156] + +[float] +[[fixes-v8.6.0]] +=== Bug fixes +Alerting:: +* Fixes logger text and fix bulk error type {kibana-pull}144598[#144598] +* Flaky bulkDisable tasks functional test {kibana-pull}144405[#144405] +* Adding back unknown outcome filter {kibana-pull}143546[#143546] +* Fixing flaky test in x-pack/test/functional_with_es_ssl/apps/triggers_actions_ui/alerts_list·ts {kibana-pull}142855[#142855] +* Rule run history displays success with a message when the rule status is warning {kibana-pull}142645[#142645] +* Elasticsearch query rule type allows SIZE: 0, but flags as error on re-edit {kibana-pull}142225[#142225] +* Rules and Connectors: Current page in breadcrumbs shows as link {kibana-pull}141838[#141838] +* Move save button into connector config form {kibana-pull}141361[#141361] + +APM:: +* Show a recommended minimum size when going below 5 minutes {kibana-pull}144170[#144170] +* Fixes ML permissions by removing usage of `canAccessML` {kibana-pull}143631[#143631] +* Fallback to terms aggregation search if terms enum doesn’t return results {kibana-pull}143619[#143619] +* Fixes bug that causes alert expression to not close {kibana-pull}143531[#143531] +* Fixes `apm.transaction_duration` alert to aggregrate over service environment {kibana-pull}143238[#143238] +* Fixes broken latency and services layout {kibana-pull}143453[#143453] +* Fixes metadata API environment filter {kibana-pull}144472[#144472] + +Dashboard:: +* The extra reload caused by Controls is now skipped {kibana-pull}142868[#142868] +* Modifies the state shared in dashboard permalinks {kibana-pull}141985[#141985] + +Discover:: +* Fixes theme for Alerts popover {kibana-pull}145390[#145390] +* Improves the no data views state for `esQuery` alert {kibana-pull}145052[#145052] +* Updates the data view id on adhoc data view change {kibana-pull}142069[#142069] +* Improves the error and fix app state when updating data view ID in the URL to an invalid ID {kibana-pull}141540[#141540] + +Elastic Security:: +For the Elastic Security 8.6.0 release information, refer to {security-guide}/release-notes.html[_Elastic Security Solution Release Notes_]. + +Enterprise Search:: +For the Elastic Enterprise Search 8.6.0 release information, refer to {enterprise-search-ref}/changelog.html[_Elastic Enterprise Search Documentation Release notes_]. + +Fleet:: +Only show fleet managed data streams on data streams list page {kibana-pull}143300[#143300] + +Infrastructure:: +Adds disk latency metrics to hosts table {kibana-pull}144312[#144312] + +Kibana Home & Add Data:: +* Updates the examples {kibana-pull}141265[#141265] + +Lens & Visualizations:: +* All saved queries are now returned on the list instead of only the first 50 {kibana-pull}145554[#145554] +* The baseTheme is now always included with the charts theme {kibana-pull}145401[#145401] +* Do not throw on undefined sorting column referenced in *Lens* {kibana-pull}144716[#144716] +* Fixes suggestion bug in *Lens* {kibana-pull}144708[#144708] +* The reference layer is now excluded from the cursor sync hook in *Lens* {kibana-pull}144384[#144384] +* Improves the embeddable warnings placement in *Lens* metric visualizations {kibana-pull}144368[#144368] +* Fixes the list control popover background color in dark mode {kibana-pull}144204[#144204] +* The unused dimension label from the tooltip in *Lens* is now hidden {kibana-pull}143721[#143721] +* Improves the default text for the controls options list {kibana-pull}143413[#143413] +* Fixes styling issues in *Vega* {kibana-pull}143168[#143168] +* Fixes an issue where the shard failure notices made *Lens* unusable {kibana-pull}142985[#142985] +* Fixes the syncing for colors and tooltips {kibana-pull}142957[#142957] +* Updates the label for Time field annotations in *TSVB* {kibana-pull}142452[#142452] +* Fixes an issue where empty annotation query strings in *TSVB* and *Lens* displayed different results {kibana-pull}142197[#142197] +* Drag and drop capabilities of a single element in *Lens* is no longer allowed {kibana-pull}141793[#141793] +* Fixes the ability to close the settings popover with a click in *Lens* {kibana-pull}141272[#141272] + +Machine Learning:: +* Fixes the default time range on the Notifications page {kibana-pull}145578[#145578] +* Data Frame Analytics maps view: ensure nodes reload correctly after using timepicker refresh {kibana-pull}145265[#145265] +* Explain Log Rate Spikes: Fix applying overall params to histogram queries {kibana-pull}144219[#144219] +* Calculate model memory limit for Lens created jobs {kibana-pull}143456[#143456] +* Explain Log Rate Spikes: fix chart showing as empty when filter matches field/value pair in hovered row {kibana-pull}142693[#142693] + +Management:: +* Fixes nested formatter for terms {kibana-pull}144543[#144543] +* Cache ad-hoc data views to avoid repeated field list calls {kibana-pull}144465[#144465] +* In the case of 2 or more panels on the dashboard, TSVB renderComplete fires 2 times {kibana-pull}143999[#143999] +* Shard failure notifications have been reduced when many queries fail at the same time {kibana-pull}131776[#131776] + +Maps:: +* Fixes an issue where the Time Slider text was not working properly with Dark Mode {kibana-pull}145612[#145612] +* Adds ungroup layers action {kibana-pull}144574[#144574] + +Observability:: +Fixes alerts' blank page in case of invalid query string {kibana-pull}145067[#145067] + +Observability Home:: +* Use bucketSize from request options for overview query {kibana-pull}145032[#145032] +* Solution nav with no data page {kibana-pull}144280[#144280] + +Querying & Filtering:: +* Fixes an issue with autocomplete value suggestions where the date range was sometimes incorrectly applied {kibana-pull}144134[#144134] +* Fixes Moment.js timezone error when defining a range filter {kibana-pull}143213[#143213] + +Reporting:: +* Fixed a bug with CSV export in Discover, where searching over hundreds of shards would result in an incomplete CSV file {kibana-pull}144201[#144201] +* Fixes an issue where downloading a report caused a new browser tab to open with the report content, rather than receiving a downloaded file {kibana-pull}144136[#144136] +* Fixed an issue with CSV exports from Discover, where using the `_id` field in an export, when `_id` is a very high numeric value, the value could lose precision {kibana-pull}143807[#143807] + +[[release-notes-8.5.2]] +== {kib} 8.5.2 + +Review the following information about the {kib} 8.5.2 release. + +[float] +[[breaking-changes-8.5.2]] +=== Breaking changes + +Breaking changes can prevent your application from optimal operation and performance. +Before you upgrade, review the breaking change, then mitigate the impact to your application. + +There are no breaking changes in {kib} 8.5.2. + +{kibana-ref-all}/8.4/release-notes-8.4.0.html#breaking-changes-8.4.0[8.4.0] | {kibana-ref-all}/8.3/release-notes-8.3.0.html#breaking-changes-8.3.0[8.3.0] | {kibana-ref-all}/8.2/release-notes-8.2.0.html#breaking-changes-8.2.0[8.2.0] | {kibana-ref-all}/8.1/release-notes-8.1.0.html#breaking-changes-8.1.0[8.1.0] | {kibana-ref-all}/8.0/release-notes-8.0.0.html#breaking-changes-8.0.0[8.0.0] | {kibana-ref-all}/8.0/release-notes-8.0.0-rc2.html#breaking-changes-8.0.0-rc2[8.0.0-rc2] | {kibana-ref-all}/8.0/release-notes-8.0.0-rc1.html#breaking-changes-8.0.0-rc1[8.0.0-rc1] | {kibana-ref-all}/8.0/release-notes-8.0.0-beta1.html#breaking-changes-8.0.0-beta1[8.0.0-beta1] | {kibana-ref-all}/8.0/release-notes-8.0.0-alpha2.html#breaking-changes-8.0.0-alpha2[8.0.0-alpha2] | {kibana-ref-all}/8.0/release-notes-8.0.0-alpha1.html#breaking-changes-8.0.0-alpha1[8.0.0-alpha1] + +[float] +[[enhancement-v8.5.2]] +=== Enhancement +Security:: +* Adds a `Content-Security-Policy` header to all `/api/*` responses {kibana-pull}144902[#144902] + +[float] +[[fixes-v8.5.2]] +=== Bug fixes +APM:: +* Limits the number of source map artifacts {kibana-pull}144963[#144963] +* Fixes an incorrect documentation link {kibana-pull}145077[#145077] +* Suppresses error toast when data view cannot be created {kibana-pull}143639[#143639] + +Dashboard:: +Fixes unexpected suggestions for text/keyword multi-fields {kibana-pull}145177[#145177] + +Discover:: +Fixes % for field stats calculations (edge cases) {kibana-pull}144962[#144962] + +Management:: +Fixes autocomplete_entities API crash when response size is too big {kibana-pull}140569[#140569] + +Uptime:: +Adjust formula for synthetics monitor availability {kibana-pull}144868[#144868] + +[[release-notes-8.5.1]] +== {kib} 8.5.1 + +Review the following information about the {kib} 8.5.1 release. + +[float] +[[breaking-changes-8.5.1]] +=== Breaking changes + +Breaking changes can prevent your application from optimal operation and performance. +Before you upgrade, review the breaking change, then mitigate the impact to your application. + +There are no breaking changes in {kib} 8.5.1. + +{kibana-ref-all}/8.4/release-notes-8.4.0.html#breaking-changes-8.4.0[8.4.0] | {kibana-ref-all}/8.3/release-notes-8.3.0.html#breaking-changes-8.3.0[8.3.0] | {kibana-ref-all}/8.2/release-notes-8.2.0.html#breaking-changes-8.2.0[8.2.0] | {kibana-ref-all}/8.1/release-notes-8.1.0.html#breaking-changes-8.1.0[8.1.0] | {kibana-ref-all}/8.0/release-notes-8.0.0.html#breaking-changes-8.0.0[8.0.0] | {kibana-ref-all}/8.0/release-notes-8.0.0-rc2.html#breaking-changes-8.0.0-rc2[8.0.0-rc2] | {kibana-ref-all}/8.0/release-notes-8.0.0-rc1.html#breaking-changes-8.0.0-rc1[8.0.0-rc1] | {kibana-ref-all}/8.0/release-notes-8.0.0-beta1.html#breaking-changes-8.0.0-beta1[8.0.0-beta1] | {kibana-ref-all}/8.0/release-notes-8.0.0-alpha2.html#breaking-changes-8.0.0-alpha2[8.0.0-alpha2] | {kibana-ref-all}/8.0/release-notes-8.0.0-alpha1.html#breaking-changes-8.0.0-alpha1[8.0.0-alpha1] + +[float] +[[enhancement-v8.5.1]] +=== Enhancements +Elastic Security:: +For the Elastic Security 8.5.1 release information, refer to {security-guide}/release-notes.html[_Elastic Security Solution Release Notes_]. + +[float] +[[fixes-v8.5.1]] +=== Bug fixes +APM:: +* Fixes a bug where Metadata API does not filter by environment {kibana-pull}144472[#144472] +* Fixes a bug where AWS lambda checks for an undefined value {kibana-pull}143987[#143987] +* Limits the number of source map artifacts {kibana-pull}144963[#144963] +* Fixes an incorrect documentation link {kibana-pull}145077[#145077] + +Dashboard:: +* Removes support for scripted fields in options list {kibana-pull}144643[#144643] +* Fixes help documentation link for dashboard {kibana-pull}143894[#143894] + +Elastic Security:: +For the Elastic Security 8.5.1 release information, refer to {security-guide}/release-notes.html[_Elastic Security Solution Release Notes_]. + +Fleet:: +Make asset tags space aware {kibana-pull}144066[#144066] + +Machine Learning:: +* Correcting the size of the free ML node on cloud {kibana-pull}144512[#144512] +* Fixes model testing flyout reload {kibana-pull}144318[#144318] +* Explain Log Rate Spikes: Wrap analysis in try/catch block {kibana-pull}143651[#143651] +* Explain Log Rate Spikes: Fix uncompressed streams and backpressure handling {kibana-pull}142970[#142970] + +Osquery:: +* Fixes a bug that prevented users from viewing Osquery results if they were in a non-default {kib} space {kibana-pull}144210[#144210] + +Platform:: +Fixes the execution pipeline not to stop on a flaky subexpression {kibana-pull}143852[#143852] + +Uptime:: +* Adjust forumla for synthetics monitor availability {kibana-pull}144868[#144868] +* TLS alert - do not alert when status cannot be determined {kibana-pull}144767[#144767] + +[[release-notes-8.5.0]] +== {kib} 8.5.0 + +Review the following information about the {kib} 8.5.0 release. + +[float] +[[known-issues-8.5.0]] +=== Known issues + +Due to a recent change in the Red Hat scan verification process, +{kib} 8.5.0 is not available in the Red Hat Ecosystem Catalog. +This known issue will be fixed in the next release. +To download the {kib} 8.5.0 image, use the https://www.docker.elastic.co/r/kibana/kibana[Elastic docker registry]. + +[float] +[[breaking-changes-8.5.0]] +=== Breaking changes + +Breaking changes can prevent your application from optimal operation and performance. +Before you upgrade to 8.5.0, review the breaking changes, then mitigate the impact to your application. + +[discrete] +[[breaking-141757]] +.Updates bulk action API to return actionId instead of agent success +[%collapsible] +==== +*Details* + +To make bulk action responses consistent, returns `actionId` instead of agent ids with `success: True` or `success: False` results. For more information, refer to {kibana-pull}141757[#141757]. + +*Impact* + +When you use `FleetBulkResponse`, you now receive only `actionId` responses. +==== + +[discrete] +[[breaking-139431]] +.Removes filter validation for ad-hoc data views +[%collapsible] +==== +*Details* + +Filters associated with unknown data views, such as deleted data views, are no longer automatically disabled. For more information, refer to {kibana-pull}139431[#139431]. + +*Impact* + +Filters associated with unknown data views now display a warning message instead of being automatically disabled. +==== + +[discrete] +[[breaking-138677]] +.Removes the `package_policies` field from the agent policy saved object +[%collapsible] +==== +*Details* + +The bidirectional foreign key between agent policy and package policy has been removed. For more information, refer to {kibana-pull}138677[#138677]. + +*Impact* + +The agent policy saved object no longer includes the `package_policies` field. +==== + +To review the breaking changes in previous versions, refer to the following: + +{kibana-ref-all}/8.4/release-notes-8.4.0.html#breaking-changes-8.4.0[8.4.0] | {kibana-ref-all}/8.3/release-notes-8.3.0.html#breaking-changes-8.3.0[8.3.0] | {kibana-ref-all}/8.2/release-notes-8.2.0.html#breaking-changes-8.2.0[8.2.0] | {kibana-ref-all}/8.1/release-notes-8.1.0.html#breaking-changes-8.1.0[8.1.0] | {kibana-ref-all}/8.0/release-notes-8.0.0.html#breaking-changes-8.0.0[8.0.0] | {kibana-ref-all}/8.0/release-notes-8.0.0-rc2.html#breaking-changes-8.0.0-rc2[8.0.0-rc2] | {kibana-ref-all}/8.0/release-notes-8.0.0-rc1.html#breaking-changes-8.0.0-rc1[8.0.0-rc1] | {kibana-ref-all}/8.0/release-notes-8.0.0-beta1.html#breaking-changes-8.0.0-beta1[8.0.0-beta1] | {kibana-ref-all}/8.0/release-notes-8.0.0-alpha2.html#breaking-changes-8.0.0-alpha2[8.0.0-alpha2] | {kibana-ref-all}/8.0/release-notes-8.0.0-alpha1.html#breaking-changes-8.0.0-alpha1[8.0.0-alpha1] + +[float] +[[features-8.5.0]] +=== Features +{kib} 8.5.0 adds the following new and notable features. + +Alerting:: +* Adds dynamic field selection to the alerts table {kibana-pull}140516[#140516] +* Show alerts count {kibana-pull}140473[#140473] +* Adds the ability to allows users to assign other users to cases {kibana-pull}140208[#140208] +* Ability run a rule on-demand {kibana-pull}139848[#139848] +* Ability to bulk update API keys for alerting rules {kibana-pull}139036[#139036] +* Index threshold alert can't use unsigned long data type {kibana-pull}138452[#138452] +* Category fields endpoint {kibana-pull}138245[#138245] +* Index threshold alert UI does not fill index picker with data streams {kibana-pull}137584[#137584] + +APM:: +* Display kubernetes metadata in service icons popup and instance accordion {kibana-pull}139612[#139612] +* AWS lambda metrics api {kibana-pull}139041[#139041] + +Discover:: +* Adds support for storing time with saved searches {kibana-pull}138377[#138377] +* Enables tags for saved searches {kibana-pull}136162[#136162] + +Elastic Security:: +For the Elastic Security 8.5.0 release information, refer to {security-guide}/release-notes.html[_Elastic Security Solution Release Notes_]. + +Fleet:: +* Adds agent activity flyout {kibana-pull}140510[#140510] +* Adds a new event toggle to capture terminal output in endpoint {kibana-pull}139421[#139421] +* Makes batch actions asynchronous {kibana-pull}138870[#138870] +* Adds ability to tag integration assets {kibana-pull}137184[#137184] +* Adds support for input only packages {kibana-pull}140035[#140035] + +Infrastructure:: +Inital hosts page {kibana-pull}138173[#138173] + +Lens & Visualizations:: +* Adds query-based annotations in *Lens* {kibana-pull}138753[#138753] +* Enables ad-hoc data views in *Lens* {kibana-pull}138732[#138732] + +Machine Learning:: +* Notifications page {kibana-pull}140613[#140613] +* Explain Log Rate Spikes: Add option to view grouped analysis results {kibana-pull}140464[#140464] +* Stubs out UI for the ML Inference Pipeline panel {kibana-pull}140456[#140456] +* Attach the anomaly charts embeddable to Case {kibana-pull}139628[#139628] +* Log pattern analysis UI {kibana-pull}139005[#139005] +* Attach the anomaly swim lane embeddable to Case {kibana-pull}138994[#138994] + +Management:: +* Adds the ability to allow variables in URL Drilldown titles {kibana-pull}140076[#140076] +* Enables time series downsampling action in ILM configurations {kibana-pull}138748[#138748] +* Adds the composite runtime field editor {kibana-pull}136954[#136954] + +Observability:: +Feat(slo): Create basic SLO route {kibana-pull}139490[#139490] + +Osquery:: +* Adds Osquery results to cases {kibana-pull}139909[#139909] +* Add support for differential logs {kibana-pull}140660[#140660] + +Security:: +Adds the ability to set a default Access Agreement for all `xpack.security`-level authentication providers {kibana-pull}139217[#139217] + +For more information about the features introduced in 8.5.0, refer to <>. + +[[enhancements-and-bug-fixes-v8.5.0]] +=== Enhancements and bug fixes + +For detailed information about the 8.5.0 release, review the enhancements and bug fixes. + +[float] +[[enhancement-v8.5.0]] +=== Enhancements +Alerting:: +* 141189 alerts table performance {kibana-pull}141385[#141385] +* 141119 remove visibility toogle + use_columns refactor {kibana-pull}141250[#141250] +* Adds Stats on top of execution logs {kibana-pull}140883[#140883] +* Adds the Logs tab to Rules and Connectors UI {kibana-pull}138852[#138852] +* Adds "exclude previous hits" check box to ESQuery rule form {kibana-pull}138781[#138781] +* The ES Query Rule Type now supports Runtime Mappings and the Fields parameters when using an Elasticsearch DSL query {kibana-pull}138427[#138427] + +APM:: +* Adds option to power APM inventory with service metrics {kibana-pull}140868[#140868] +* Adds a sort order to the trace samples on the transaction details page {kibana-pull}140589[#140589] +* Adds a tail-based sampling storage limit (APM integration) {kibana-pull}140567[#140567] +* Adds AWS Lambda metrics to the "Metrics" tab {kibana-pull}140550[#140550] +* Adds an experimental mode to the APM app {kibana-pull}139553[#139553] +* Renames JVMs to Metrics {kibana-pull}138437[#138437] +* Changes how partial data buckets are displayed {kibana-pull}137533[#137533] + +Dashboard:: +Adds the ability to view panel-level filters and queries {kibana-pull}136655[#136655] + +Discover:: +* Enables `Explore in Discover` for adhoc data views in *Lens* {kibana-pull}140726[#140726] +* Adds the ability to show actions inline in the Expanded Document view for quick access {kibana-pull}140085[#140085] +* Updates the layout for unified histogram {kibana-pull}139446[#139446] +* Adds new field stats in sidebar popover {kibana-pull}139072[#139072] +* Adds ad-hoc data views {kibana-pull}138283[#138283] +* Updates the formatter for aggregate_metric_double field values {kibana-pull}138205[#138205] + +Elastic Security:: +For the Elastic Security 8.5.0 release information, refer to {security-guide}/release-notes.html[_Elastic Security Solution Release Notes_]. + +Fleet:: +* Adds toggle for experimental synthetic `_source` support in Fleet data streams {kibana-pull}140132[#140132] +* Enhances the package policy API to create or update a package policy API with a simplified way to define inputs {kibana-pull}139420[#139420] +* Support new subscription and license fields {kibana-pull}137799[#137799] + +Infrastructure:: +* Adds log-* index pattern support on SM UI {kibana-pull}139121[#139121] +* Adds health API support for data ingested from package {kibana-pull}138964[#138964] +* Adds support for integration package {kibana-pull}138224[#138224] +* Adds the inital hosts page {kibana-pull}138173[#138173] + +Lens & Visualizations:: +* Adds the Collapse by option for partition charts in *Lens* {kibana-pull}140336[#140336] +* Adds the ability to show the metric name if there are multiple layers with breakdowns in *Lens* {kibana-pull}140314[#140314] +* Adds time scaling without date histogram in *Lens* {kibana-pull}140107[#140107] +* Improves the field drag defaults in *Lens* {kibana-pull}140050[#140050] +* Adds the time marker setting for time axis in *Lens* {kibana-pull}139950[#139950] +* Adds the ability to make sure shard size stays stable for low number of sizes in *TSVB*, *Lens*, and Agg based visualizations {kibana-pull}139791[#139791] +* Adds the one click filter to the *Lens* table {kibana-pull}139701[#139701] +* Improves the metric palette behavior in *Lens* {kibana-pull}139596[#139596] +* Adds separate dimension groups for mosaic rows and columns in *Lens* {kibana-pull}139214[#139214] +* Adds display-infinity option to custom palette editor in *Lens* {kibana-pull}139061[#139061] +* Adds TSDB support for *Lens*, *TSVB* and *Timelion* {kibana-pull}139020[#139020] +* Adds the format selector to the new metric visualization in *Lens* {kibana-pull}139018[#139018] +* Shows the edit/delete button while field stats are loading in *Lens* {kibana-pull}138899[#138899] +* Adds auto mode for secondary metric prefix in *Lens* {kibana-pull}138167[#138167] +* Adds open in *Lens* extendability {kibana-pull}136928[#136928] +* Adds TSDB warning handling support for *Lens*, Agg based, and *TSVB* {kibana-pull}136833[#136833] +* Adds reduced time range option in *Lens* {kibana-pull}136706[#136706] +* Migrates xy visualization type to new unified xy expression {kibana-pull}136475[#136475] +* Adds the ability to duplicate layers in *Lens* {kibana-pull}140603[#140603] + +Machine Learning:: +* Explain Log Rate Spikes: add main chart sync on row hover at group level {kibana-pull}141138[#141138] +* Show "No anomalies found" message instead of empty swim lane {kibana-pull}141098[#141098] +* Explain Log Rate Spikes: Group results API {kibana-pull}140683[#140683] +* Match Data Visualizer/Field stats table content with the popover {kibana-pull}140667[#140667] +* Explain Log Rate Spikes: Adds discover link to analysis table {kibana-pull}139877[#139877] +* Adding ecs_compatibility setting for find structure calls {kibana-pull}139708[#139708] +* Improves messaging when an anomaly detection forecast errors {kibana-pull}139345[#139345] +* Anomaly Detection: adds maps link when source data contains geo fields {kibana-pull}139333[#139333] +* Quickly create ML jobs from lens visualizations {kibana-pull}136421[#136421] + +Management:: +* Url drilldown `date` helper now allows rounding up relative dates {kibana-pull}137874[#137874] +* In CSV reports, an error message now appears on the job when fewer CSV rows are generated than expected {kibana-pull}137800[#137800] + +Maps:: +* Adds support for adhoc data views {kibana-pull}140858[#140858] +* Timeslider control {kibana-pull}139228[#139228] +* Support Vector tile runtime geo_point fields {kibana-pull}139047[#139047] +* Show data view name in UI {kibana-pull}138928[#138928] +* Adds ability to disable tooltips for layer {kibana-pull}138275[#138275] +* Cancel button when editing by value from dashboard {kibana-pull}137880[#137880] + +Security:: +Adds audit events to "login-less" authentication flows (e.g. PKI, Kerberos) {kibana-pull}139492[#139492] + +Uptime:: +* Project monitors - support lightweight project monitors {kibana-pull}141066[#141066] +* Adds Actions popover menu {kibana-pull}136992[#136992] + +[float] +[[fixes-v8.5.0]] +=== Bug fixes +Alerting:: +* Render the grid only if we have alerts {kibana-pull}142481[#142481] +* Alerts Table browser field - fix siem browser fields call {kibana-pull}141431[#141431] +* Adds getActionsHealth method to return permanent encryption key existence {kibana-pull}140535[#140535] +* Clarify rule notification values {kibana-pull}140457[#140457] +* Actions are not able to configure a max number of attempts {kibana-pull}138845[#138845] +* Elasticsearch Query Rule doesn't have 'dark mode' view for query {kibana-pull}138631[#138631] +* Getting error about secrets not being saved when import a SO (Connector Saved Object) {kibana-pull}138019[#138019] +* Provide indication of how many rules are using connector on Connector List view {kibana-pull}137181[#137181] + +APM:: +* Remove check for infra data {kibana-pull}142835[#142835] +* Prefer span metrics over span events {kibana-pull}141519[#141519] +* Fixes search bar suggestions {kibana-pull}141101[#141101] +* Sort trace samples {kibana-pull}140589[#140589] + +Dashboard:: +Fixes pinned filters that backed up in Session Storage {kibana-pull}142262[#142262] + +Discover:: +* Adds support for line breaks in Document explorer {kibana-pull}139449[#139449] +* Cancelled request errors for embeddables are now hidden {kibana-pull}137690[#137690] +* Fixes legacy sort saved search stored in Dashboard saved objects {kibana-pull}137488[#137488] +* Fixes column width handling {kibana-pull}137445[#137445] + +Elastic Security:: +For the Elastic Security 8.5.0 release information, refer to {security-guide}/release-notes.html[_Elastic Security Solution Release Notes_]. + +Enterprise Search:: +For the Elastic Enterprise Search 8.5.0 release information, refer to {enterprise-search-ref}/changelog.html[_Elastic Enterprise Search Documentation Release notes_]. + +Fleet:: +* Refresh search results when clearing category filter {kibana-pull}142853[#142853] +* Respect `default_field: false` when generating index settings {kibana-pull}142277[#142277] +* Fixes repeated debug logs when bundled package directory does not exist {kibana-pull}141660[#141660] + +Graph:: +Fixes query bar autocomplete {kibana-pull}140963[#140963] + +Infrastructure:: +* Adds support for Logstash datastream in standalone query {kibana-pull}138689[#138689] + +Lens & Visualizations:: +* Fixes the detailed tooltip wrap problem {kibana-pull}142818[#142818] +* Fixes an issue where columns normalized by unit were unable to display properly on Dashboards for *Lens* metric visualizations {kibana-pull}142741[#142741] +* Adds back ticks on bands in *Lens* {kibana-pull}142702[#142702] +* Fixes guidance panel appearing for a moment when saving Graph {kibana-pull}141228[#141228] +* Fixes pie filter without slice {kibana-pull}141227[#141227] +* Fixes an issue where using annotations from different data views than the visualizations created panel breaks in *TSVB* {kibana-pull}141104[#141104] +* Fixes drilldown url templates for sample data {kibana-pull}141079[#141079] +* Fixes time shift with reduced time range tabification in *Lens* {kibana-pull}141076[#141076] +* Fixes the time shifted pipeline agg in *Lens* {kibana-pull}140723[#140723] +* Fixes an A11y issue where the query input doesn't react to `escape` button in *Lens* {kibana-pull}140382[#140382] +* Boolean values are now correctly formatted by default in *TSVB* {kibana-pull}140308[#140308] +* All data views are no longer loaded on broken data view reference in *Lens* {kibana-pull}139690[#139690] +* Removes the exclamation circle icon in *TSVB* {kibana-pull}139686[#139686] +* Theme is now passed to visualize save modal {kibana-pull}139685[#139685] +* Push-out behavior is now preserved for table cells when possible in *Lens* {kibana-pull}139619[#139619] +* The metric visualization state is now cleared in *Lens* {kibana-pull}139154[#139154] +* Adds the ability to set minimum table width for column split tables {kibana-pull}139004[#139004] +* Adds the ability to scroll tall metric visualizations in *Lens* {kibana-pull}138178[#138178] + +Machine Learning:: +* Explain Log Rate Spikes: update more groups badge for clarity {kibana-pull}142793[#142793] +* Fixes Index data visualizer doc count when time field is not defined {kibana-pull}142409[#142409] +* Explain Log Rate Spikes: Fix error handling {kibana-pull}142047[#142047] +* Fixes date picker not allowing unpause when refresh interval is 0 {kibana-pull}142005[#142005] +* Fixes expanded row layout in the Nodes table {kibana-pull}141964[#141964] +* Fixes links to Discover and Maps and custom URLs for jobs with a query in the datafeed {kibana-pull}141871[#141871] + +Management:: +* The progress bar is now visible in Expression renderer {kibana-pull}142699[#142699] +* Transforms: Preserves the `field` for unsupported aggs {kibana-pull}142106[#142106] +* Removes unnecessary time units in ILM policy dialog {kibana-pull}140815[#140815] +* Fixes search query builder to generate wildcard query for keyword fields {kibana-pull}140629[#140629] +* Updates "Copy as cURL" to interpolate variables and strip request-body comments {kibana-pull}140262[#140262] +* Fixes previewing data streams in template editor {kibana-pull}140189[#140189] +* Fixes an issue where selecting requests with characters ending with '{}' was not possible {kibana-pull}140068[#140068] +* Filters that are associated with an unknown data view, such as deleted data views, are no longer automatically disabled, but now instead display a warning message {kibana-pull}139431[#139431] +* Watches no longer get stuck in a "Firing" state in Watcher {kibana-pull}138563[#138563] +* Fixes an issue where data view search results were not showing the value of mapped fields that shared a name with a runtime field {kibana-pull}138471[#138471] + +Maps:: +* Fixes Go To - lat/long values outside expected range cause blank Maps app {kibana-pull}141873[#141873] +* Fixes scaling and term join in product help popover width {kibana-pull}139120[#139120] +* Fixes legacy tile_map and region_map visualizations do not display title in Map embeddable action modals {kibana-pull}139054[#139054] +* Fixes Filters applied to map visualization not preserved when added to dashboard {kibana-pull}138188[#138188] + +Monitoring:: +Health api: account for ccs in indices regex {kibana-pull}137790[#137790] + +Observability:: +* Fixes Alert tab goes blank in APM because of Alert Details page feature flag {kibana-pull}142188[#142188] +* Update links to Observability rule management {kibana-pull}140009[#140009] + +Platform:: +* Fixes an issue where the expressions executor stopped on failing partially emitted results {kibana-pull}142105[#142105] +* A 0 is now returned when there are no overdue tasks for capacity estimation {kibana-pull}140720[#140720] +* The task health calculation now never returns Error or Warning, but logs the HealthStatus {kibana-pull}139274[#139274] + +Uptime:: +* Fixes Next and Previous button on step screenshot carousel {kibana-pull}141422[#141422] +* Fixes disrupted UI on Browser Test Results` step screenshots {kibana-pull}139017[#139017] + +[[release-notes-8.4.3]] +== {kib} 8.4.3 + +Review the following information about the {kib} 8.4.3 release. + +[float] +[[breaking-changes-8.4.3]] +=== Breaking change + +Breaking changes can prevent your application from optimal operation and performance. +Before you upgrade, review the breaking change, then mitigate the impact to your application. + +There are no breaking changes in {kib} 8.4.3. + +To review the breaking changes in previous versions, refer to the following: + +{kibana-ref-all}/8.3/release-notes-8.3.0.html#breaking-changes-8.3.0[8.3.0] | {kibana-ref-all}/8.2/release-notes-8.2.0.html#breaking-changes-8.2.0[8.2.0] | {kibana-ref-all}/8.1/release-notes-8.1.0.html#breaking-changes-8.1.0[8.1.0] | {kibana-ref-all}/8.0/release-notes-8.0.0.html#breaking-changes-8.0.0[8.0.0] | {kibana-ref-all}/8.0/release-notes-8.0.0-rc2.html#breaking-changes-8.0.0-rc2[8.0.0-rc2] | {kibana-ref-all}/8.0/release-notes-8.0.0-rc1.html#breaking-changes-8.0.0-rc1[8.0.0-rc1] | {kibana-ref-all}/8.0/release-notes-8.0.0-beta1.html#breaking-changes-8.0.0-beta1[8.0.0-beta1] | {kibana-ref-all}/8.0/release-notes-8.0.0-alpha2.html#breaking-changes-8.0.0-alpha2[8.0.0-alpha2] | {kibana-ref-all}/8.0/release-notes-8.0.0-alpha1.html#breaking-changes-8.0.0-alpha1[8.0.0-alpha1] + +[float] +[[fixes-v8.4.3]] +=== Bug fixes +Cases:: +Fixes an issue where the recent cases widget shows cases from other solutions {kibana-pull}141221[#141221] + +Discover:: +* Fixes scrolling prevented by saved search embeddable on touch devices {kibana-pull}141718[#141718] +* Fixes columns management for saved search embeddable {kibana-pull}140799[#140799] + +Elastic Security:: +For the Elastic Security 8.4.3 release information, refer to {security-guide}/release-notes.html[_Elastic Security Solution Release Notes_]. + +Graph:: +* Fixes the position of Add fields popover {kibana-pull}141040[#141040] +* Fixes responsive styles of field manager {kibana-pull}140948[#140948] + +Machine Learning:: +Fixes an issue where Data visualizer was unable to update distribution when changing shard size, forbidden error with recognize modules on basic license {kibana-pull}141313[#141313] + +Management:: +Fixes the removal of a single field formatter {kibana-pull}141078[#141078] + +Observability:: +Fixes an alert summary widget issue in non-default space {kibana-pull}140842[#140842] + +[[release-notes-8.4.2]] +== {kib} 8.4.2 + +Review the following information about the {kib} 8.4.2 release. + +[float] +[[breaking-changes-8.4.2]] +=== Breaking change + +Breaking changes can prevent your application from optimal operation and performance. +Before you upgrade, review the breaking change, then mitigate the impact to your application. + +There are no breaking changes in {kib} 8.4.2. + +To review the breaking changes in previous versions, refer to the following: + +{kibana-ref-all}/8.3/release-notes-8.3.0.html#breaking-changes-8.3.0[8.3.0] | {kibana-ref-all}/8.2/release-notes-8.2.0.html#breaking-changes-8.2.0[8.2.0] | {kibana-ref-all}/8.1/release-notes-8.1.0.html#breaking-changes-8.1.0[8.1.0] | {kibana-ref-all}/8.0/release-notes-8.0.0.html#breaking-changes-8.0.0[8.0.0] | {kibana-ref-all}/8.0/release-notes-8.0.0-rc2.html#breaking-changes-8.0.0-rc2[8.0.0-rc2] | {kibana-ref-all}/8.0/release-notes-8.0.0-rc1.html#breaking-changes-8.0.0-rc1[8.0.0-rc1] | {kibana-ref-all}/8.0/release-notes-8.0.0-beta1.html#breaking-changes-8.0.0-beta1[8.0.0-beta1] | {kibana-ref-all}/8.0/release-notes-8.0.0-alpha2.html#breaking-changes-8.0.0-alpha2[8.0.0-alpha2] | {kibana-ref-all}/8.0/release-notes-8.0.0-alpha1.html#breaking-changes-8.0.0-alpha1[8.0.0-alpha1] + +[float] +[[enhancement-v8.4.2]] +=== Enhancements +Security:: +Logs a hash of the saved objects encryption key (`xpack.encryptedSavedObjects.encryptionKey`) when {kib} starts to assist in identifying mismatched encryption keys {kibana-pull}139874[#139874] + +[float] +[[fixes-v8.4.2]] +=== Bug Fixes +Connectors:: +The connectors table now uses "compatibility" rather than "availability" {kibana-pull}139024[#139024] + +Discover:: +Fixes saved search embeddable rendering {kibana-pull}140264[#140264] + +Elastic Security:: +For the Elastic Security 8.4.2 release information, refer to {security-guide}/release-notes.html[_Elastic Security Solution Release Notes_]. + +Fleet:: +* Applies fixes for package policy upgrade API with multiple ids {kibana-pull}140069[#140069] +* Improves performance for many integration policies {kibana-pull}139648[#139648] + +Lens & Visualizations:: +* Fixes "Collapse by" for table and XY visualizations with multiple metrics in *Lens* {kibana-pull}140381[#140381] +* Fixes action menu in *Lens* {kibana-pull}139588[#139588] + +Machine Learning:: +* Explain Log Rate Spikes: Histogram fixes {kibana-pull}139933[#139933] +* Explain Log Rate Spikes: Improve streaming headers for certain proxy configs {kibana-pull}139637[#139637] +* Fixes navigation for the Basic licence {kibana-pull}139469[#139469] +* Corrects file.path field name in v3_windows_anomalous_script job {kibana-pull}139109[#139109] + +Management:: +Bfetch` response headers now include `X-Accel-Buffering: no` {kibana-pull}139534[#139534] + +Maps:: +* Fixes issue where percentile aggregation was not working with vector tiles {kibana-pull}140318[#140318] +* Fixes Map app crashing on file upload request timeout {kibana-pull}139760[#139760] + +Monitoring:: +* Ensures GlobalState class has it's destroy() method called on unmount {kibana-pull}139908[#139908] +* Adds KibanaThemeProvider to Stack Monitoring UI {kibana-pull}139839[#139839] + +Uptime:: +Fixes an issue where decryption errors caused the entire suite of monitors to fail syncing {kibana-pull}140549[#140549] + +[[release-notes-8.4.1]] +== {kib} 8.4.1 + +Review the following information about the {kib} 8.4.1 release. + +[float] +[[breaking-changes-8.4.1]] +=== Breaking change + +Breaking changes can prevent your application from optimal operation and performance. +Before you upgrade, review the breaking change, then mitigate the impact to your application. + +There are no breaking changes in {kib} 8.4.1. + +To review the breaking changes in previous versions, refer to the following: + +{kibana-ref-all}/8.3/release-notes-8.3.0.html#breaking-changes-8.3.0[8.3.0] | {kibana-ref-all}/8.2/release-notes-8.2.0.html#breaking-changes-8.2.0[8.2.0] | {kibana-ref-all}/8.1/release-notes-8.1.0.html#breaking-changes-8.1.0[8.1.0] | {kibana-ref-all}/8.0/release-notes-8.0.0.html#breaking-changes-8.0.0[8.0.0] | {kibana-ref-all}/8.0/release-notes-8.0.0-rc2.html#breaking-changes-8.0.0-rc2[8.0.0-rc2] | {kibana-ref-all}/8.0/release-notes-8.0.0-rc1.html#breaking-changes-8.0.0-rc1[8.0.0-rc1] | {kibana-ref-all}/8.0/release-notes-8.0.0-beta1.html#breaking-changes-8.0.0-beta1[8.0.0-beta1] | {kibana-ref-all}/8.0/release-notes-8.0.0-alpha2.html#breaking-changes-8.0.0-alpha2[8.0.0-alpha2] | {kibana-ref-all}/8.0/release-notes-8.0.0-alpha1.html#breaking-changes-8.0.0-alpha1[8.0.0-alpha1] + +[float] +[[fixes-v8.4.1]] +=== Bug fixes + +Alerting:: +* Fixes alert tab crash on rule details page {kibana-pull}139372[#139372] +* Fixes issue where some 8.3.x clusters failed to upgrade with a saved object migration failure {kibana-pull}139427[#139427] + +Lens & Visualizations:: +* Fixes table pagination in *Lens* and *Aggregation-based* visualization editors {kibana-pull}139160[#139160] + +[[release-notes-8.4.0]] +== {kib} 8.4.0 + +Review the following information about the {kib} 8.4.0 release. + +[float] +[[known-issue-8.4.0]] +=== Known issues + +If you have alerting rules that have been snoozed, do not upgrade {kib} to 8.4.0. Upgrade to 8.4.1 instead. + +To determine if you have snoozed alerting rules, open the main menu, then click +**{stack-manage-app}** -> **{rac-ui}**. Filter the rule list by selecting +**View** -> **Snoozed**. If you must upgrade to 8.4.0, for each space, cancel +the snooze for all affected rules before you upgrade. + +To identify snoozed rules in all Spaces using **Dev Tools**, run the following +query: + +[source,console] +---- +GET /.kibana/_search +{ + "query": { + "exists": { + "field": "alert.isSnoozedUntil" + } + } +} +---- + +If you upgraded {kib} to 8.4.0 and you have alerting rules configured to +snooze notifications, you will receive the following error message: + +[source,text] +---- +FATAL Error: Unable to complete saved object migrations for the [.kibana] index. +---- + +To fix that problem, restore your previous version, then upgrade to 8.4.1 instead. + +[float] +[[breaking-changes-8.4.0]] +=== Breaking changes + +Breaking changes can prevent your application from optimal operation and performance. +Before you upgrade to 8.4.0, review the breaking changes, then mitigate the impact to your application. + +[discrete] +[[breaking-135669]] +.xpack.agents.* are uneditable in UI when defined in kibana.yml +[%collapsible] +==== +*Details* + +When you configure `setxpack.fleet.agents.fleet_server.hosts` and `xpack.fleet.agents.elasticsearch.hosts` in kibana.yml, you are unable to update the fields on the Fleet UI. + +For more information, refer to {kibana-pull}135669[#135669]. + +*Impact* + +To configure `setxpack.fleet.agents.fleet_server.hosts` and `xpack.fleet.agents.elasticsearch.hosts` on the Fleet UI, avoid configuring the settings in kibana.yml. +==== + +[discrete] +[[breaking-134336]] +.Removes the legacy charts library +[%collapsible] +==== +*Details* + +The legacy implementation of the *Timelion* visualization charts library has been removed. All *Timelion* visualizations now use the elastic-charts library, which was introduced in 7.15.0. + +For more information, refer to {kibana-pull}134336[#134336]. + +*Impact* + +In 8.4.0 and later, you are unable to configure the *Timelion* legacy charts library advanced setting. For information about visualization Advanced Settings, check link:https://www.elastic.co/guide/en/kibana/8.4/advanced-options.html#kibana-visualization-settings[Visualization]. +==== + +{kibana-ref-all}/8.3/release-notes-8.3.0.html#breaking-changes-8.3.0[8.3.0] | {kibana-ref-all}/8.2/release-notes-8.2.0.html#breaking-changes-8.2.0[8.2.0] | {kibana-ref-all}/8.1/release-notes-8.1.0.html#breaking-changes-8.1.0[8.1.0] | {kibana-ref-all}/8.0/release-notes-8.0.0.html#breaking-changes-8.0.0[8.0.0] | {kibana-ref-all}/8.0/release-notes-8.0.0-rc2.html#breaking-changes-8.0.0-rc2[8.0.0-rc2] | {kibana-ref-all}/8.0/release-notes-8.0.0-rc1.html#breaking-changes-8.0.0-rc1[8.0.0-rc1] | {kibana-ref-all}/8.0/release-notes-8.0.0-beta1.html#breaking-changes-8.0.0-beta1[8.0.0-beta1] | {kibana-ref-all}/8.0/release-notes-8.0.0-alpha2.html#breaking-changes-8.0.0-alpha2[8.0.0-alpha2] | {kibana-ref-all}/8.0/release-notes-8.0.0-alpha1.html#breaking-changes-8.0.0-alpha1[8.0.0-alpha1] + +[float] +[[deprecations-8.4.0]] +=== Deprecations + +The following functionality is deprecated in 8.4.0, and will be removed in 9.0.0. +Deprecated functionality does not have an immediate impact on your application, but we strongly recommend +you make the necessary updates after you upgrade to 8.4.0. + +[discrete] +[[deprecation-136422]] +.Deprecates ApiKey authentication for interactive users +[%collapsible] +==== +*Details* + +The ability to authenticate interactive users with ApiKey via a web browser has been deprecated, and will be removed in a future version. + +For more information, refer to {kibana-pull}136422[#136422]. + +*Impact* + +To authenticate interactive users via a web browser, use <>. Use API keys only for programmatic access to {kib} and {es}. +==== + +[float] +[[features-8.4.0]] +=== Features +{kib} 8.4.0 adds the following new and notable features. + +Alerting:: +* Adds the "updated at" feature in new alerts table {kibana-pull}136949[#136949] +* Adds a rule detail table with bulk actions {kibana-pull}136601[#136601] +* Adds bulk Actions for Alerts Table {kibana-pull}135797[#135797] +* Adds the Alerting stack-monitoring PoC {kibana-pull}135365[#135365] +* Adds custom inline/row actions for alerts table {kibana-pull}134015[#134015] + +Cases:: +Adds the ability to customize permissions to prevent users from deleting Cases entities, such as Cases themselves, attachments, and comments {kibana-pull}135487[#135487] + +Connectors:: +The {webhook-cm} connector allows users to build a custom connector for any third-party case/ticket management system {kibana-pull}131762[#131762] + +Discover:: +Adds the ability to add a custom number of rows in the results and save the specified number with a Saved Search {kibana-pull}135726[#135726] + +Elastic Security:: +For the Elastic Security 8.4.0 release information, refer to {security-guide}/release-notes.html[_Elastic Security Solution Release Notes_]. + +Fleet:: +* Enables package signature verification feature {kibana-pull}137239[#137239] +* Modal to allow user to force install an unverified package {kibana-pull}136108[#136108] +* Display package verification status {kibana-pull}135928[#135928] +* Tag rename and delete feature {kibana-pull}135712[#135712] +* Bulk update agent tags ui {kibana-pull}135646[#135646] +* Adds API to bulk update tags {kibana-pull}135520[#135520] +* Adds and remove agent tags {kibana-pull}135320[#135320] +* Support sorting agent list {kibana-pull}135218[#135218] +* Promote Logstash output support to GA {kibana-pull}135028[#135028] +* Create new API to manage download_source setting {kibana-pull}134889[#134889] + +Machine Learning:: +* Adds random sampler to Data visualizer document count chart {kibana-pull}136150[#136150] +* Adds explain log rate spikes feature to the ML plugin {kibana-pull}135948[#135948] + +Management:: +* Run packs live {kibana-pull}132198[#132198] +* Ability to set human readable title of data view & ability to edit data view {kibana-pull}124191[#124191] + +Monitoring:: +Adds stale status reporting for Kibana {kibana-pull}132613[#132613] + +Observability:: +* Adds Beta label to Infrastructure tab {kibana-pull}136710[#136710] +* Creates and adds Rule Alerts Summary as a sharable component to the O11y Rule Details {kibana-pull}135805[#135805] +* Rule Details Page - Use RuleStatusPanel from triggersActionsUI {kibana-pull}135643[#135643] +* Adds Top erroneous transactions to errors details page {kibana-pull}134929[#134929] +* Introduces Alerts tab on service overview page {kibana-pull}134350[#134350] +* Adds single metric report type {kibana-pull}132446[#132446] + +Platform:: +Adds new bulkUpdatesSchedules method to Task Manager {kibana-pull}132637[#132637] + +Security:: +Adds the ability to create personal avatars {kibana-pull}132522[#132522] + +Sharing:: +Adds the new metric visualization {kibana-pull}136567[#136567] + +For more information about the features introduced in 8.4.0, refer to <>. + +[[enhancements-and-bug-fixes-v8.4.0]] +=== Enhancements and bug fixes + +For detailed information about the 8.4.0 release, review the enhancements and bug fixes. + +[float] +[[enhancement-v8.4.0]] +=== Enhancements +Alerting:: +* Adds snooze state UI to Rule Details page {kibana-pull}135146[#135146] +* Adds Snooze Scheduling UI and API {kibana-pull}134512[#134512] +* Adds recovery context for ES query rule type {kibana-pull}132839[#132839] +* Visualize alerting metrics in Stack Monitoring {kibana-pull}123726[#123726] + +Canvas:: +* Markdown element auto-applies text changes {kibana-pull}133318[#133318] +* Lines operations keybindings {kibana-pull}132914[#132914] +* Detailed tooltip {kibana-pull}131116[#131116] + +Cases:: +* Improved the cases search bar functionality. The search functionality will only consider the title and description fields {kibana-pull}136776[#136776] +* Performance improvements were made to reduce the time required to create, update, and delete cases and comments. In our testing we saw around a half second reduction in the round trip time for the UI requests {kibana-pull}136452[#136452] + +Dashboard:: +Hide controls callout when the `hideAnnouncements` setting is `true` {kibana-pull}136410[#136410] + +Design:: +* Adds an H1 tag with the workpad title when viewing workpads {kibana-pull}135504[#135504] +* Improve keyboard navigation in Discover top nav menu {kibana-pull}134788[#134788] + +Discover:: +* Improves the HTML formatting of fields with a list of values {kibana-pull}136684[#136684] +* Adds support for accessing the edit field flyout from the document explorer column popover {kibana-pull}135277[#135277] +* Adds support for copying the query from the add rule flyout {kibana-pull}135098[#135098] +* Adds focus to h1 on navigate for single document and surrounding document views {kibana-pull}134942[#134942] +* Improves the creation and editing of "Elasticsearch query" rule in Management {kibana-pull}134763[#134763] +* Adds data view changed warning after alert rule created {kibana-pull}134674[#134674] +* Make 'Test query' button pretty {kibana-pull}134605[#134605] +* Improves the document explorer timestamp tooltip accessibility {kibana-pull}134411[#134411] +* Adds focus to h1 element when client side routing is executed {kibana-pull}133846[#133846] +* Adds an option to copy column values to Clipboard in Document Explorer {kibana-pull}132330[#132330] + +Elastic Security:: +For the Elastic Security 8.4.0 release information, refer to {security-guide}/release-notes.html[_Elastic Security Solution Release Notes_]. + +Fleet:: +* Remove Kubernetes Package granularity {kibana-pull}136622[#136622] +* Elastic-agent manifests: align with elastic-agent repo; add comments {kibana-pull}136394[#136394] +* Configure source URI in global settings and in agent policy settings {kibana-pull}136263[#136263] +* Adds Kubernetes in platforms selection list && update managed agent installation steps {kibana-pull}136109[#136109] +* That PR will enable user to write custom ingest pipeline for Fleet installed datastream {kibana-pull}134578[#134578] +* Update manifests for agent on kubernetes with new permissions {kibana-pull}133495[#133495] +* Adds support for a textarea type in integrations {kibana-pull}133070[#133070] + +Kibana Home & Add Data:: +Adds AnalyticsNoDataPage {kibana-pull}134172[#134172] + +Lens & Visualizations:: +* Adds supports for include and exclude terms in *Lens* {kibana-pull}136179[#136179] +* Adds the ability to set top values limit to 10,000 in *Lens* {kibana-pull}136399[#136399] +* Addss value count to *Lens* {kibana-pull}136385[#136385] +* Adds standard deviation function in *Lens* {kibana-pull}136323[#136323] +* Adds the ability to set the font size for mosaic outer level in *Lens* {kibana-pull}135911[#135911] +* Adds the ability to rank top values by custom metric in *Lens* {kibana-pull}134811[#134811] +* Adds the ability to convert TSVB series agg to *Lens* configuration {kibana-pull}134681[#134681] +* Adds the ability to allow multiple split accessors {kibana-pull}134566[#134566] +* Adds the ability to render newlines in data table in *Lens* {kibana-pull}134441[#134441] +* Extends Axis bounds for XY chart when using Interval operation in *Lens* {kibana-pull}134020[#134020] +* Adds the ability to use pick_max instead of clamp for positive only {kibana-pull}133460[#133460] +* Adds a new pick_min/max operation and clamp fixes in *Lens* {kibana-pull}132449[#132449] +* Adds support for percentile_ranks aggregation in *Lens* {kibana-pull}132430[#132430] +* Implements the ability to drag and drop between layers in *Lens* {kibana-pull}132018[#132018] +* Adds optimization for percentiles fetching in *Lens* {kibana-pull}131875[#131875] + +Machine Learning:: +* Adds tooltips for disabled actions in the Trained Models list {kibana-pull}137176[#137176] +* Data visualizer: Add field types in-product help {kibana-pull}137121[#137121] +* Plot zero scores on the Overall anomaly swim lane {kibana-pull}136951[#136951] +* One-way cursor sync added from Anomaly detection swimlane to other charts {kibana-pull}136775[#136775] +* Adds action to view datafeed counts chart to jobs list rows {kibana-pull}136274[#136274] +* Data Visualizer: Remove duplicated geo examples, support 'version' type, add filters for boolean fields, and add sticky header to Discover {kibana-pull}136236[#136236] +* Adds a link to ML trained models list from ID in Stack Management app table {kibana-pull}135700[#135700] +* Adds information callouts to trained model testing flyout {kibana-pull}135566[#135566] +* Limit Use full data button in anomaly detection job wizards to past data only {kibana-pull}135449[#135449] +* Replace a fixed Y-axis width with a max width setting for Anomaly Swim Lane Embeddable {kibana-pull}135436[#135436] +* Adds support for setting threading params when starting a trained model deployment {kibana-pull}135134[#135134] +* Refactors Management page to focus on space management tasks {kibana-pull}134893[#134893] +* Disable the Single Metric Viewer button for not viewable jobs {kibana-pull}134048[#134048] +* Anomaly Detection: allow snapshot to be reverted from the view datafeed flyout {kibana-pull}133842[#133842] + +Management:: +* Transforms: Adds per-transform setting for num_failure_retries to creation wizard and edit flyout and authorization info {kibana-pull}135486[#135486] +* Transforms: Adds sorting to audit messages tab {kibana-pull}135047[#135047] +* Console now supports saving the state of folding/unfolding of commands {kibana-pull}134810[#134810] +* Render most severe response status code from Console response pane {kibana-pull}134627[#134627] +* You can now create variables in Console {kibana-pull}134215[#134215] +* Make index template previews copyable {kibana-pull}134060[#134060] +* Console now supports adding comments in the body of a request by using `//` for a single line and `/*....*/` for multiline comments {kibana-pull}133852[#133852] +* Surface HTTP status badges next to each response in Console {kibana-pull}132494[#132494] +* Adds updated `essql` expression function {kibana-pull}132332[#132332] +* Adds a "get all" REST API for data views: `GET /api/data_views` {kibana-pull}131683[#131683] + +Maps:: +* Automatically display the maps legend {kibana-pull}136872[#136872] +* Custom raster source example plugin {kibana-pull}136761[#136761] +* Label zoom range style property {kibana-pull}136690[#136690] +* Adjust icon size when cluster resolution changes {kibana-pull}136573[#136573] +* Adds context for 'No longer contained' geo-containment alert {kibana-pull}136451[#136451] +* Keydown+scroll to zoom {kibana-pull}135330[#135330] +* Synchronize map views in dashboard and canvas {kibana-pull}134272[#134272] +* Adds spatial filter from cluster {kibana-pull}133673[#133673] +* Customizable colors in basemaps {kibana-pull}131576[#131576] + +Observability:: +* Prefer DataView client over SavedObjects client when possible {kibana-pull}136694[#136694] +* Use proper header nesting {kibana-pull}136559[#136559] +* Removes "no data" redirects for observability overview {kibana-pull}136442[#136442] +* Allow connectors to explicitly register which features they will be available in {kibana-pull}136331[#136331] +* Display node details metrics for kubernetes containers {kibana-pull}135585[#135585] +* Replace sourceId with mandatory logView prop in LogStream component {kibana-pull}134850[#134850] +* Backend operation distribution chart {kibana-pull}134561[#134561] +* Display top spans for operation {kibana-pull}134179[#134179] +* Show descriptive loading, empty and error states in the metrics table {kibana-pull}133947[#133947] +* Backend operations detail view + metric charts {kibana-pull}133866[#133866] +* Backend operations list view {kibana-pull}133653[#133653] + +Platform:: +* Upgrade Kibana logs to ECS 8.4 {kibana-pull}136362[#136362] +* Adds error messaging to the report contents when there is a timeout in page setup {kibana-pull}134868[#134868] +* Adds migrations.discardCorruptObjects flag {kibana-pull}132984[#132984] +* Adds migrations.discardUnknownObjects flag {kibana-pull}132167[#132167] + +Querying & Filtering:: +Hides the tour component when the hideAnnouncements uiSetting is on {kibana-pull}135990[#135990] + +Security:: +Eliminates the need for a full page reload when navigating to a user profile page {kibana-pull}135543[#135543] + +[float] +[[fixes-v8.4.0]] +=== Bug fixes +Alerting:: +* Error message hidden after closing action accordion {kibana-pull}136570[#136570] +* Allow wildcard search on rule's name and tags {kibana-pull}136312[#136312] + +Canvas:: +* Fixes Filter not saving the selected Sort field option {kibana-pull}136085[#136085] +* Fixes "Element status" is inaccurate for grouped elements {kibana-pull}135829[#135829] +* Fixes Canvas filter behaviour on table {kibana-pull}134801[#134801] +* Fixes Uploaded asset not being saved {kibana-pull}133166[#133166] +* Lines operations keybindings {kibana-pull}132914[#132914] +* Fixes pointseries don't get updated on datasource change {kibana-pull}132831[#132831] + +Connectors:: +* Fixing ES index connector so that it can index into data streams as well as indices {kibana-pull}136011[#136011] +* Verify emails when creating an email connector, even if allowedDomain {kibana-pull}133859[#133859] + +Dashboard:: +Fixes Copy to dashboard includes filters {kibana-pull}136275[#136275] + +Discover:: +* Fixes hiding histogram for rollup data views {kibana-pull}137157[#137157] +* Fixes filtering out custom meta fields of Elasticsearch plugins enhanced documents {kibana-pull}137147[#137147] +* Disables refresh interval for data views without time fields and rollups {kibana-pull}137134[#137134] +* Fixes Discover breadcrumb losing context after page refresh or when opening in a new tab {kibana-pull}136749[#136749] +* Improves support for pinned filters in surrounding documents {kibana-pull}135722[#135722] +* Fixes flaky accessibility functional tests {kibana-pull}135596[#135596] +* Improves alerts popover accessibility and semantics {kibana-pull}135270[#135270] +* Migrate from savedObjectsClient to dataViews and fix the displayed data view name {kibana-pull}135142[#135142] +* Removes _type of metaFields to remove of sidebar {kibana-pull}134453[#134453] +* Fixes legacy sort parameter provided by URL {kibana-pull}134447[#134447] +* Make footer visible under Document Explorer if sample size is less than hits number {kibana-pull}134231[#134231] +* Do not update defaultIndex in case of insufficient permissions {kibana-pull}134202[#134202] +* Fixes flaky test for "allows editing of a newly created field" {kibana-pull}132812[#132812] +* Fixes flaky test for "context encoded URL params" {kibana-pull}132808[#132808] + +Elastic Security:: +For the Elastic Security 8.4.0 release information, refer to {security-guide}/release-notes.html[_Elastic Security Solution Release Notes_]. + +Fleet:: +Using point in time for agent status query to avoid discrepancy {kibana-pull}135816[#135816] + +Lens & Visualizations:: +* Make reference line chart more robust in *Lens* {kibana-pull}137101[#137101] +* Format the label with the right default formatter in *TSVB* {kibana-pull}136934[#136934] +* Removes extra space from the legend when it is positioned on top/bottom {kibana-pull}135982[#135982] +* Display Y-axis tick labels {kibana-pull}135976[#135976] +* Fixes Date histogram bounds calculation doesn't update "now" {kibana-pull}135899[#135899] +* Fixes internal links in *Vega* {kibana-pull}135890[#135890] +* Do not set non-unique id for legend action popovers in *Lens* {kibana-pull}135656[#135656] +* Fixes non-editable Lens panel when using prefix wildcard in *Lens* {kibana-pull}135654[#135654] +* Removes saved search references from all places on unlink in *Visualize* {kibana-pull}135628[#135628] +* Fix multi-field top values for Heatmap visualizations in *Lens* {kibana-pull}135581[#135581] +* Fixes styling issues in *Lens* {kibana-pull}135406[#135406] +* Show badge for read-only in *Lens* {kibana-pull}135313[#135313] +* Don't let reference line fills on different axes collide in *Lens* {kibana-pull}135299[#135299] +* Fixes css specificity issue in *TSVB* {kibana-pull}135245[#135245] +* Always show palette on first dimension for mosaic in *Lens* {kibana-pull}135198[#135198] +* Wrong `visType` for `horizontal_bar` visualization {kibana-pull}135013[#135013] +* Unlinking Some Agg Based Visualizations Results in Unsaved Changes in *Visualize* {kibana-pull}134229[#134229] +* Fixes an issue where ellipsis truncation is not visible in table visualization cells, and letters are cut off in *Lens* {kibana-pull}134065[#134065] +* Switching dashboard mode doesn't update missing data view prompt in *Visualize* {kibana-pull}133873[#133873] +* Fixes application of suffix formats in *Lens* {kibana-pull}133780[#133780] +* Error messages not centered in *TSVB* {kibana-pull}133288[#133288] +* Use correct time zone for time shifting {kibana-pull}133141[#133141] + +Machine Learning:: +* Lock the delete annotation button on click {kibana-pull}137306[#137306] +* Fixes globally pinned filters in Data visualizer and query search bar not clearing properly for saved searches {kibana-pull}136897[#136897] +* Fixes overflow in start datafeed modal {kibana-pull}136292[#136292] +* Fixes error in categorization wizard summary step {kibana-pull}134228[#134228] +* Fixes flaky job selection on the Anomaly Explorer page {kibana-pull}137596[#137596] +* Fixes query in the Anomaly Explorer when viewing a job with no influencers {kibana-pull}137670[#137670] +* Fixes the Dashboard saving indicator with Anomaly Swim Lane embeddable {kibana-pull}137989[#137989] +* Anomaly detection job wizards now use data view names {kibana-pull}138255[#138255] + +Management:: +* The ILM UI now supports configuring policies with rollover based on `max_primary_shard_docs` {kibana-pull}137364[#137364] +* Fixes a bug in Console when sending a request with encoded characters resulted in an error {kibana-pull}136788[#136788] +* Fixes a bug where the autocomplete popup remains open when navigating away from Console {kibana-pull}136268[#136268] +* Fixes a bug in Index Management where the number of documents for an index could appear wrong {kibana-pull}135748[#135748] +* Fixes a bug in the Painless code editor that was incorrectly handling expressions with multiple division operators {kibana-pull}135423[#135423] +* Transforms: Fixes unsupported boolean filter when cloning {kibana-pull}137773[#137773] +* Transforms: Fixes restoring a field name with the exists filter aggregation {kibana-pull}138630[#138630] +* Transforms: Fixes data view error on cloning due to missing indices {kibana-pull}138756[#138756] +* Fixes Watcher stuck firing state {kibana-pull}138563[#138563] + +Maps:: +* Fixes "other" is always shown in legend for category styling rules {kibana-pull}137008[#137008] +* Fixes Tooltip loses pages on refresh {kibana-pull}135593[#135593] +* Fixes Pinned filters should be visible on new maps without user having to do any action on layers {kibana-pull}135465[#135465] +* Keep timeframe when editing a map from a dashboard {kibana-pull}135374[#135374] +* Reduce precision of coordinates for geo imports {kibana-pull}135133[#135133] +* Fixes onDataLoadEnd and onDataLoadError event handler callbacks only called for source data requests {kibana-pull}134786[#134786] +* Fixes sort not applied to vector tile search request {kibana-pull}134607[#134607] +* Fixes array values out of order in tooltips {kibana-pull}134588[#134588] + +Monitoring:: +Removes beta icon from logstash pipeline {kibana-pull}131752[#131752] + +Observability:: +* Invalid array value is permitted in Origin Headers for RUM configuration {kibana-pull}137228[#137228] +* When comparison feature is disabled, we still see the shaded area {kibana-pull}137223[#137223] +* Fixes responsivity Alert Summary chart in the Rule details page {kibana-pull}137175[#137175] +* Fixes custom link filter select value {kibana-pull}137025[#137025] +* Fixes Spark plots loading state when there are no data {kibana-pull}136817[#136817] +* Adds support for metrics for latency distribution histogram {kibana-pull}136594[#136594] +* Navigation from Span to Service breaks due to wrong transactionType {kibana-pull}136569[#136569] +* Breadcrumbs not updating from service jump on service map {kibana-pull}136144[#136144] +* Adds support for metrics for latency distribution histogram {kibana-pull}136083[#136083] +* Disallow spaces in index pattern {kibana-pull}135977[#135977] +* WrappedElasticsearchClientError: Request aborted {kibana-pull}135752[#135752] +* Fixes waterfall skew due to accordion left margins {kibana-pull}135544[#135544] +* Service inventory: detailed stats fetched for all services {kibana-pull}134844[#134844] +* Update network fields {kibana-pull}134471[#134471] +* Fixes Metrics Table Pod link to Details Page {kibana-pull}134354[#134354] +* Adds last updated at label and fix started at label {kibana-pull}134254[#134254] +* Adds event module filter to metrics table {kibana-pull}133872[#133872] +* APM Correlations: Fixes chart errors caused by inconsistent histogram range steps {kibana-pull}138259[#138259] + +Platform:: +* Migrations wait for index status green if create index returns acknowledged=false or shardsAcknowledged=false {kibana-pull}136605[#136605] +* Fixes CSV generator to include unmapped fields in the search source {kibana-pull}132972[#132972] +Security:: +Fixes keyboard and screen reader navigation for the spaces selector {kibana-pull}134454[#134454] + +[[release-notes-8.3.3]] +== {kib} 8.3.3 + +Review the following information about the {kib} 8.3.3 release. + +[float] +[[breaking-changes-8.3.3]] +=== Breaking change + +Breaking changes can prevent your application from optimal operation and performance. +Before you upgrade, review the breaking change, then mitigate the impact to your application. + +There are no breaking changes in {kib} 8.3.3. + +To review the breaking changes in previous versions, refer to the following: + +{kibana-ref-all}/8.2/release-notes-8.2.0.html#breaking-changes-8.2.0[8.2.0] | {kibana-ref-all}/8.1/release-notes-8.1.0.html#breaking-changes-8.1.0[8.1.0] | {kibana-ref-all}/8.0/release-notes-8.0.0.html#breaking-changes-8.0.0[8.0.0] | {kibana-ref-all}/8.0/release-notes-8.0.0-rc2.html#breaking-changes-8.0.0-rc2[8.0.0-rc2] | {kibana-ref-all}/8.0/release-notes-8.0.0-rc1.html#breaking-changes-8.0.0-rc1[8.0.0-rc1] | {kibana-ref-all}/8.0/release-notes-8.0.0-beta1.html#breaking-changes-8.0.0-beta1[8.0.0-beta1] | {kibana-ref-all}/8.0/release-notes-8.0.0-alpha2.html#breaking-changes-8.0.0-alpha2[8.0.0-alpha2] | {kibana-ref-all}/8.0/release-notes-8.0.0-alpha1.html#breaking-changes-8.0.0-alpha1[8.0.0-alpha1] + +[float] +[[fixes-v8.3.3]] +=== Bug fixes +Dashboard:: +* Fixes `z-index` of `embPanel__header--floater` {kibana-pull}136463[#136463] +* Filter out experimental visualizations when labs setting is disabled {kibana-pull}136332[#136332] + +Discover:: +Fixes filter in / filter out buttons for empty values {kibana-pull}135919[#135919] + +Elastic Security:: +For the Elastic Security 8.3.3 release information, refer to {security-guide}/release-notes.html[_Elastic Security Solution Release Notes_]. + +Fleet:: +* Pass start_time to actions when the maintenance window for rolling upgrades is set to immediately {kibana-pull}136384[#136384] +* Allow agent bulk actions without specific licence restrictions {kibana-pull}136334[#136334] +* Adds reinstall button to integration settings page {kibana-pull}135590[#135590] + +Lens & Visualizations:: +Fixes normalizeTable performance bottleneck in *Lens* {kibana-pull}135792[#135792] + +[[release-notes-8.3.2]] +== {kib} 8.3.2 + +Review the following information about the {kib} 8.3.2 release. + +[float] +[[breaking-changes-8.3.2]] +=== Breaking change + +Breaking changes can prevent your application from optimal operation and performance. +Before you upgrade, review the breaking change, then mitigate the impact to your application. + +There are no breaking changes in {kib} 8.3.2. + +To review the breaking changes in previous versions, refer to the following: + +{kibana-ref-all}/8.2/release-notes-8.2.0.html#breaking-changes-8.2.0[8.2.0] | {kibana-ref-all}/8.1/release-notes-8.1.0.html#breaking-changes-8.1.0[8.1.0] | {kibana-ref-all}/8.0/release-notes-8.0.0.html#breaking-changes-8.0.0[8.0.0] | {kibana-ref-all}/8.0/release-notes-8.0.0-rc2.html#breaking-changes-8.0.0-rc2[8.0.0-rc2] | {kibana-ref-all}/8.0/release-notes-8.0.0-rc1.html#breaking-changes-8.0.0-rc1[8.0.0-rc1] | {kibana-ref-all}/8.0/release-notes-8.0.0-beta1.html#breaking-changes-8.0.0-beta1[8.0.0-beta1] | {kibana-ref-all}/8.0/release-notes-8.0.0-alpha2.html#breaking-changes-8.0.0-alpha2[8.0.0-alpha2] | {kibana-ref-all}/8.0/release-notes-8.0.0-alpha1.html#breaking-changes-8.0.0-alpha1[8.0.0-alpha1] + +[float] +[[fixes-v8.3.2]] +=== Bug fixes +Alerting:: +Fixes an issue where alerting rules that were created or edited in 8.2.0 stopped running when you upgraded {kib} to 8.3.0 or 8.3.1 {kibana-pull}135663[#135663] + +Discover:: +* Hide Alerts menu item when user does not have access to Stack Rules {kibana-pull}135655[#135655] +* Fixes loading of a single doc JSON when using index alias based data views {kibana-pull}135446[#135446] + +Elastic Security:: +For the Elastic Security 8.3.2 release information, refer to {security-guide}/release-notes.html[_Elastic Security Solution Release Notes_]. + +Fleet:: +Keep all agents selected in query selection mode {kibana-pull}135530[#135530] + +Machine Learning:: +* Fixes put anomaly detection job endpoint when payload contains datafeed {kibana-pull}134986[#134986] +* Fixes trained model map associating wrong model to job {kibana-pull}134849[#134849] +* Use time range when validating datafeed preview {kibana-pull}134073[#134073] + +Maps:: +* Do not show layer error for term joins when terms aggregation does not return results {kibana-pull}135564[#135564] +* Fixes Vector map layers will not render when runtime field has '%' {kibana-pull}135491[#135491] + +[[release-notes-8.3.1]] +== {kib} 8.3.1 + +Review the following information about the {kib} 8.3.1 release. + +[float] +[[known-issues-8.3.1]] +=== Known issues + +[discrete] +[[known-issue-133965]] +.URL arguments cause API requests in Dev Tools to fail +[%collapsible] +==== +*Details* + +When you add any URL arguments, such as `?v` or `?pretty`, to API requests, the requests fail {kibana-issue}133965[#133965] + +*Impact* + +The known issue only impacts {kib} Dev Tools. All other sources of API requests are unaffected, such as curl and Elastic Cloud API console. +==== + +[discrete] +[[known-issue-alerting-rule]] +.Alerting rules stop running when you upgrade to 8.3.0 or 8.3.1 +[%collapsible] +==== +*Details* + +In 8.3.0 and 8.3.1, there is a known issue where alerting rules that were created or edited in 8.2.0 stop running when you upgrade {kib}. When you upgrade to 8.3.0 or 8.3.1, and your alerting rules have stopped running, the following error appears: + +[source,text] +---- +:: execution failed - security_exception: [security_exception] Reason: missing authentication credentials for REST request [/_security/user/_has_privileges], caused by: "" +---- + +*Impact* + +If you have upgraded to 8.3.0 or 8.3.1, and your alerting rules fail, reset the rules by disabling, then re-enabling them. When you disable, then re-enable your alerting rules, {kib} generates a new API key using the credentials of the user that manages the rules. + +To disable, then re-enable your alerting rules: + +. Open the main menu, then click *{stack-manage-app} > {rac-ui}*. + +. Select the failed alerting rules. + +. Click **Manage rules > Disable**, then click **Manage rules > Enable**. + +For more details about API key authorization, refer to <>. +==== + +[float] +[[breaking-changes-8.3.1]] +=== Breaking change + +Breaking changes can prevent your application from optimal operation and performance. +Before you upgrade, review the breaking change, then mitigate the impact to your application. + +There are no breaking changes in {kib} 8.3.1. + +To review the breaking changes in previous versions, refer to the following: + +{kibana-ref-all}/8.2/release-notes-8.2.0.html#breaking-changes-8.2.0[8.2.0] | {kibana-ref-all}/8.1/release-notes-8.1.0.html#breaking-changes-8.1.0[8.1.0] | {kibana-ref-all}/8.0/release-notes-8.0.0.html#breaking-changes-8.0.0[8.0.0] | {kibana-ref-all}/8.0/release-notes-8.0.0-rc2.html#breaking-changes-8.0.0-rc2[8.0.0-rc2] | {kibana-ref-all}/8.0/release-notes-8.0.0-rc1.html#breaking-changes-8.0.0-rc1[8.0.0-rc1] | {kibana-ref-all}/8.0/release-notes-8.0.0-beta1.html#breaking-changes-8.0.0-beta1[8.0.0-beta1] | {kibana-ref-all}/8.0/release-notes-8.0.0-alpha2.html#breaking-changes-8.0.0-alpha2[8.0.0-alpha2] | {kibana-ref-all}/8.0/release-notes-8.0.0-alpha1.html#breaking-changes-8.0.0-alpha1[8.0.0-alpha1] + +[float] +[[enhancement-v8.3.1]] +=== Enhancements +Operations:: +Adds EsArchiver datastream support {kibana-pull}132853[#132853] + +[float] +[[fixes-v8.3.1]] +=== Bug fixes +Alerting:: +Prevent negative snooze intervals {kibana-pull}134935[#134935] + +Elastic Security:: +For the Elastic Security 8.3.1 release information, refer to {security-guide}/release-notes.html[_Elastic Security Solution Release Notes_]. + +Fleet:: +* Fixes dropping select all {kibana-pull}135124[#135124] +* Improves bulk actions for more than 10k agents {kibana-pull}134565[#134565] + +Infrastructure:: +Query persistent queue size for metricbeat documents {kibana-pull}134569[#134569] + +Observability:: +* Fixes a bug that displayed a toast error when deleting a rule {kibana-pull}135132[#135132] +* Fixes viewInAppUrl for custom metrics for Inventory Threshold Rule {kibana-pull}134114[#134114] + +Platform:: +* Fixes an issue where importing/copying the same saved object to the same space multiple times using the "Check for existing objects" option could fail or cause duplicates to be created {kibana-pull}135358[#135358] +* Fixes a bug where {es} nodes that stopped, then started again, were unreachable by {kib} for a given amount of requests when {kib} was configured to connect to multiple {es} nodes {kibana-pull}134628[#134628] + +[[release-notes-8.3.0]] +== {kib} 8.3.0 + +Review the following information about the {kib} 8.3.0 release. + +[float] +[[known-issues-8.3.0]] +=== Known issues + +Alerting users who are running 8.2 should not upgrade to either 8.3.0 or 8.3.1. +Both 8.3.0 and 8.3.1 have a bug where alerting rules that were created or edited +in 8.2 will stop running on upgrade. If you have upgraded to 8.3.0 or 8.3.1 and +your alerting rules have stopped running with an error similar to the following +example, you will need to go to *{stack-manage-app} > {rac-ui}*, multi-select +the failed rules, click on **Manage rules > Disable** and then click on **Manage +rules > Enable**. Disabling and re-enabling the rule will generate a new API key +using the credentials of the user performing these actions and reset the rule +state. For more details about API key authorization, refer to +<>. + +Example error message:: + +[source,text] +---- +:: execution failed - security_exception: [security_exception] Reason: missing authentication credentials for REST request [/_security/user/_has_privileges], caused by: "" +---- + +[float] +[[breaking-changes-8.3.0]] +=== Breaking change + +Breaking changes can prevent your application from optimal operation and performance. +Before you upgrade, review the breaking change, then mitigate the impact to your application. + +[discrete] +[[breaking-129581]] +.Removes Quandl and Graphite integrations +[%collapsible] +==== +*Details* + +The experimental `.quandl` and `.graphite` functions and advanced settings are removed from *Timelion*. For more information, check {kibana-pull}129581[#129581]. + +*Impact* + +When you use the `vis_type_timelion.graphiteUrls` kibana.yml setting, {kib} successfully starts, but logs a `[WARN ][config.deprecation] You no longer need to configure "vis_type_timelion.graphiteUrls".` warning. + +To leave your feedback about the removal of `.quandl` and `.graphite`, go to the link:https://discuss.elastic.co/c/elastic-stack/kibana/7[discuss forum]. +==== + +[discrete] +[[breaking-134855]] +.Makes Osquery All with All base privilege +[%collapsible] +==== +*Details* + +The Osquery {kib} privilege has been updated, so that when the *Privileges for all features level* is set to *All*, this now applies *All* to Osquery privileges as well. Previously, users had to choose the *Customize* option to grant any access to Osquery. For more information, refer to {kibana-pull}130523[#130523]. + +*Impact* + +This impacts user roles that have *Privileges for all features* set to *All*. After this update, users with this role will have access to the Osquery page in {kib}. However, to use the Osquery feature fully, these requirements remain the same: users also need Read access to the logs-osquery_manager.result* index and the Osquery Manager integration must be deployed to Elastic Agents. +==== + +To review the breaking changes in previous versions, refer to the following: + +{kibana-ref-all}/8.2/release-notes-8.2.0.html#breaking-changes-8.2.0[8.2.0] | {kibana-ref-all}/8.1/release-notes-8.1.0.html#breaking-changes-8.1.0[8.1.0] | {kibana-ref-all}/8.0/release-notes-8.0.0.html#breaking-changes-8.0.0[8.0.0] | {kibana-ref-all}/8.0/release-notes-8.0.0-rc2.html#breaking-changes-8.0.0-rc2[8.0.0-rc2] | {kibana-ref-all}/8.0/release-notes-8.0.0-rc1.html#breaking-changes-8.0.0-rc1[8.0.0-rc1] | {kibana-ref-all}/8.0/release-notes-8.0.0-beta1.html#breaking-changes-8.0.0-beta1[8.0.0-beta1] | {kibana-ref-all}/8.0/release-notes-8.0.0-alpha2.html#breaking-changes-8.0.0-alpha2[8.0.0-alpha2] | {kibana-ref-all}/8.0/release-notes-8.0.0-alpha1.html#breaking-changes-8.0.0-alpha1[8.0.0-alpha1] + +[float] +[[deprecations-8.3.0]] +=== Deprecations + +The following functionality is deprecated in 8.3.0, and will be removed in 9.0.0. +Deprecated functionality does not have an immediate impact on your application, but we strongly recommend +you make the necessary updates after you upgrade to 8.3.0. + +[discrete] +[[deprecation-132790]] +.Removes `apm_user` +[%collapsible] +==== +*Details* + +Removes the `apm_user` role. For more information, check {kibana-pull}132790[#132790]. + +*Impact* + +In the link:https://www.elastic.co/guide/en/kibana/8.3/xpack-apm.html[APM documentation], the `apm_user`role is replaced with the `viewer` and `editor` built-in roles. +==== + +[discrete] +[[deprecation-132562]] +.Deprecates input controls +[%collapsible] +==== +*Details* + +The input control panels, which allow you to add interactive filters to dashboards, are deprecated. For more information, check {kibana-pull}132562[#132562]. + +*Impact* + +To add interactive filters to your dashboards, use the link:https://www.elastic.co/guide/en/kibana/8.3/add-controls.html[new controls]. +==== + +[discrete] +[[deprecation-131636]] +.Deprecates anonymous authentication credentials +[%collapsible] +==== +*Details* + +The apiKey, including key and ID/key pair, and `elasticsearch_anonymous_user` credential types for anonymous authentication providers are deprecated. For more information, check {kibana-pull}131636[#131636]. + +*Impact* + +If you have anonymous authentication provider configured with apiKey or `elasticsearch_anonymous_user` credential types, a deprecation warning appears, even when the provider is not enabled. +==== + +[discrete] +[[deprecation-131166]] +.Deprecates v1 and v2 security_linux and security_windows jobs +[%collapsible] +==== +*Details* + +The v1 and v2 job configurations for security_linux and security_windows are deprecated. For more information, check {kibana-pull}131166[#131166]. + +*Impact* + +The following security_linux and security_windows job configurations are updated to v3: + +* security_linux: + +** v3_linux_anomalous_network_activity +** v3_linux_anomalous_network_port_activity_ecs +** v3_linux_anomalous_process_all_hosts_ecs +** v3_linux_anomalous_user_name_ecs +** v3_linux_network_configuration_discovery +** v3_linux_network_connection_discovery +** v3_linux_rare_metadata_process +** v3_linux_rare_metadata_user +** v3_linux_rare_sudo_user +** v3_linux_rare_user_compiler +** v3_linux_system_information_discovery +** v3_linux_system_process_discovery +** v3_linux_system_user_discovery +** v3_rare_process_by_host_linux_ecs + +* security_windows: + +** v3_rare_process_by_host_windows_ecs +** v3_windows_anomalous_network_activity_ecs +** v3_windows_anomalous_path_activity_ecs +** v3_windows_anomalous_process_all_hosts_ecs +** v3_windows_anomalous_process_creation +** v3_windows_anomalous_script +** v3_windows_anomalous_service +** v3_windows_anomalous_user_name_ecs +** v3_windows_rare_metadata_process +** v3_windows_rare_metadata_user +** v3_windows_rare_user_runas_event +** v3_windows_rare_user_type10_remote_login +==== + +[discrete] +[[deprecation-130336]] +.Updates the default legend size +[%collapsible] +==== +*Details* + +In the *Lens* visualization editor, the *Auto* default for *Legend width* has been deprecated. For more information, check {kibana-pull}130336[#130336]. + +*Impact* + +When you create *Lens* visualization, the default for the *Legend width* is now *Medium*. +==== + +[discrete] +[[deprecation-122075]] +.Deprecates `xpack.data_enhanced.*` +[%collapsible] +==== +*Details* + +In kibana.yml, the `xpack.data_enhanced.*` setting is deprecated. For more information, check {kibana-pull}122075[#122075]. + +*Impact* + +Use the `data.*` configuration parameters instead. +==== + +[float] +[[features-8.3.0]] +=== Features + +{kib} 8.3.0 adds the following new and notable features. + +Alerting:: +* Adds circuit breaker for max number of actions by connector type {kibana-pull}128319[#128319] +* Adds `bulkEdit` method to alerting rulesClient and internal _bulk_edit API, that allow bulk editing of rules {kibana-pull}126904[#126904] + +Cases:: +* Adds average time to close metric in Cases {kibana-pull}131909[#131909] +* View all alerts attached to a case in the alerts table. The feature is experimental {kibana-pull}131883[#131883] +* Adds severity field to Cases {kibana-pull}131626[#131626] +* Adds the ability to delete comments in Cases {kibana-pull}130254[#130254] + +Dashboard:: +Enables the new controls by default {kibana-pull}131341[#131341] + +Discover:: +* To enable Threshold Alerts, adds the ability to edit dataView, query, & filters {kibana-pull}131688[#131688] +* To enable Threshold Alerts, extended the {es} query rule with search source-based data fetching {kibana-pull}124534[#124534] + +Elastic Security:: +For the Elastic Security 8.3.0 release information, refer to {security-guide}/release-notes.html[_Elastic Security Solution Release Notes_]. + +Fleet:: +Changes to agent upgrade modal to allow for rolling upgrades {kibana-pull}132421[#132421] + +Lens & Visualizations:: +* Adds method to re-link visualizations with missing `SavedSearch` {kibana-pull}132729[#132729] +* Adds support of Data View switching for Agg-Based visualizations {kibana-pull}132184[#132184] + +Machine Learning:: +* Adds the ability to create anomaly detection jobs from Lens visualizations {kibana-pull}129762[#129762] +* Adds trained model testing for additional pytorch models {kibana-pull}129209[#129209] + +Management:: +* Adds saved object relationships to data view management {kibana-pull}132385[#132385] +* Adds support for feature_states {kibana-pull}131310[#131310] + +Monitoring:: +Adds the Stack monitoring health API {kibana-pull}132705[#132705] + +Observability:: +* Adds the ability to bulk attach multiple alerts to a Case {kibana-pull}130958[#130958] +* Adds rule details page {kibana-pull}130330[#130330] +* Adds span link {kibana-pull}126630[#126630] +* Adds ML expected model bounds as an option to Comparison controls {kibana-pull}132456[#132456] + +Platform:: +Adds `xyVis` and `layeredXyVis` {kibana-pull}128255[#128255] + +Querying & Filtering:: +Improves the current filter/search experience {kibana-pull}128401[#128401] + +Sharing:: +Adds method to re-link visualizations with missing index-pattern {kibana-pull}132336[#132336] + +For more information about the features introduced in 8.3.0, refer to <>. + +[[enhancements-and-bug-fixes-v8.3.0]] +=== Enhancements and bug fixes + +For detailed information about the 8.3.0 release, review the enhancements and bug fixes. + +[float] +[[enhancement-v8.3.0]] +=== Enhancements +Alerting:: +* Adds helper text in the edit rule form about the change in privileges when saving the rule {kibana-pull}131738[#131738] +* Display rule API key owner to users who can manage API keys {kibana-pull}131662[#131662] + +Canvas:: +Fixes reference line overlay {kibana-pull}132607[#132607] + +Cases:: +* Show a warning for deprecated preconfigured connectors {kibana-pull}132237[#132237] +* Reduce space taken by the reporter column in the all cases table {kibana-pull}132200[#132200] +* Adds a tooltip to show truncate tags in Cases {kibana-pull}132023[#132023] +* Adds the ability to create a case from within the selection case modal {kibana-pull}128882[#128882] + +Content Management:: +The list view for Dashboard, Visualize Library, Maps, and Graph has a new "Last updated" column to easily access content that has been recently modified {kibana-pull}132321[#132321] + +Dashboard:: +* Improves the banner {kibana-pull}132301[#132301] +* Adds Analytics No Data Page {kibana-pull}132188[#132188] +* Adds field first control creation {kibana-pull}131461[#131461] +* Make text field based Options list controls case Insensitive {kibana-pull}131198[#131198] +* Allow existing controls to change type {kibana-pull}129385[#129385] + +Discover:: +* Adds an option to hide specified filter actions from SearchBar filter panels {kibana-pull}132037[#132037] +* Adds Analytics No Data Page {kibana-pull}131965[#131965] +* Adds close button to field popover using Document Explorer {kibana-pull}131899[#131899] +* Adds monospace font in Document Explorer {kibana-pull}131513[#131513] +* Adds a tour for Document Explorer {kibana-pull}131125[#131125] +* Display current interval setting {kibana-pull}130850[#130850] +* Adds a direct link from sample data to Discover {kibana-pull}130108[#130108] + +Elastic Security:: +For the Elastic Security 8.3.0 release information, refer to {security-guide}/release-notes.html[_Elastic Security Solution Release Notes_]. + +Fleet:: +* Move integration labels below title and normalise styling {kibana-pull}134360[#134360] +* Adds First Integration Multi Page Steps Flow MVP (cloud only) {kibana-pull}132809[#132809] +* Optimize package installation performance, phase 2 {kibana-pull}131627[#131627] +* Adds APM instrumentation for package install process {kibana-pull}131223[#131223] +* Adds "Label" column + filter to Agent list table {kibana-pull}131070[#131070] +* Adds `cache-control` headers to key `/epm` endpoints in Fleet API {kibana-pull}130921[#130921] +* Optimize package installation performance, phase 1 {kibana-pull}130906[#130906] +* Adds experimental features (feature flags) config to fleet plugin {kibana-pull}130253[#130253] +* Adds redesigned Fleet Server flyout {kibana-pull}127786[#127786] + +Lens & Visualizations:: +* Renders no data component if there is no {es} data or dataview in *Visualize* {kibana-pull}132223[#132223] +* Swaps dimensions for mosaic in *Lens* {kibana-pull}131945[#131945] +* Adds log and sqrt scale in *Lens* {kibana-pull}131940[#131940] +* Adds collapse fn to table and xy chart in *Lens* {kibana-pull}131748[#131748] +* Allow filtering on metric vis in *Lens* {kibana-pull}131601[#131601] +* Improved interval input in *Lens* {kibana-pull}131372[#131372] +* Adds the Discover drilldown to *Lens* {kibana-pull}131237[#131237] +* Update defaults for metric vis in *Lens* {kibana-pull}129968[#129968] +* Adds range event annotations in *Lens* {kibana-pull}129848[#129848] +* Adds accuracy mode for Top Values in *Lens* {kibana-pull}129220[#129220] +* Adds type murmur3 into the *Lens* fields list {kibana-pull}129029[#129029] + +Machine Learning:: +* Optimize resize behaviour for the Anomaly Explorer page {kibana-pull}132820[#132820] +* Wizard validation improvements {kibana-pull}132615[#132615] +* Support version fields in anomaly detection wizards {kibana-pull}132606[#132606] +* Context for recovered alerts {kibana-pull}132496[#132496] +* Adding UI for question_answering model testing {kibana-pull}132033[#132033] +* Adds recognized modules links for Index data visualizer {kibana-pull}131342[#131342] +* Anomaly Detection: Adds View in Maps item to Actions menu in the anomalies table {kibana-pull}131284[#131284] +* Adding v3 modules for Security_Linux and Security_Windows and Deprecating v1 + v2 {kibana-pull}131166[#131166] +* Data Frame Analytics creation wizard: add support for filters in saved searches {kibana-pull}130744[#130744] +* Edit job selection on data frame analytics results and map pages {kibana-pull}130419[#130419] +* Resizable/Collapsible Top Influencers section {kibana-pull}130018[#130018] + +Management:: +* Adds context for recovered alerts {kibana-pull}132707[#132707] +* Adds warnings for managed system policies {kibana-pull}132269[#132269] +* Skip empty prompt screen {kibana-pull}130862[#130862] +* Console now supports properly handling multiple requests. For es errors such as `400`, `405` exception results are displayed with successful request results in the order they called {kibana-pull}129443[#129443] +* Display vector tile API response in Console {kibana-pull}128922[#128922] +* Adds option to disable keyboard shortcuts {kibana-pull}128887[#128887] + +Maps:: +* Show marker size in legend {kibana-pull}132549[#132549] +* Fixes marker size scale issue for counts {kibana-pull}132057[#132057] +* Scale marker size by area {kibana-pull}131911[#131911] +* Localized basemaps {kibana-pull}130930[#130930] +* Support term joins for Elasticsearch document source with vector tile scaling {kibana-pull}129771[#129771] +* Allow feature editing for document layers with "applyGlobalTime", "applyGlobalQuery", and joins {kibana-pull}124803[#124803] + +Observability:: +* Bumps synthetics integration package to 0.9.4 {kibana-pull}133423[#133423] +* Immediately re-run monitors in the synthetics service when they're edited {kibana-pull}132639[#132639] +* Enables log flyouts on APM logs tables {kibana-pull}132617[#132617] +* Adds logging to Metric Threshold Rule {kibana-pull}132343[#132343] +* Adds Page load distribution chart to overview page {kibana-pull}132258[#132258] +* Show experimental locations only when a particular flag is enabled {kibana-pull}132063[#132063] +* Trace explorer {kibana-pull}131897[#131897] +* Static Java agent version list becomes stale quickly {kibana-pull}131759[#131759] +* Adds recovery context to Log Threshold rule {kibana-pull}131279[#131279] +* Adds recovery context to the Metric Threshold rule {kibana-pull}131264[#131264] +* Adds context variables to recovery alerts for Inventory Threshold rule {kibana-pull}131199[#131199] +* Copy alert state to alert context and implement alert recovery {kibana-pull}128693[#128693] +* Progressive fetching (experimental) {kibana-pull}127598[#127598] +* Replace environment dropdown with SuggestionsSelect in landing pages and service overview page {kibana-pull}126679[#126679] +* Store Logs UI settings in a dedicated `infrastructure-monitoring-log-view` saved object {kibana-pull}125014[#125014] + +Platform:: +* The saved objects management table has a new "Last updated" column to easily access recently modified saved objects {kibana-pull}132525[#132525] +* Sync panels tooltips on dashboard level {kibana-pull}130449[#130449] + +Querying & Filtering:: +* Support fields custom label on filter editor {kibana-pull}130533[#130533] +* Allows comma delimiter on the filters multiple selections dropdowns {kibana-pull}130266[#130266] + +Security:: +* Disallows creating a role with an existing name in the role management page. Introduces an optional boolean `createOnly` parameter in the create role API to prevent overwriting existing roles; the default value is false, preserving the original API behavior {kibana-pull}132218[#132218] +* Adds experimental `csp.disableUnsafeEval` config option. Set this to `true` to remove the link:https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src#unsafe_eval_expressions[`unsafe-eval`] source expression from the `script-src` Content Security Policy (CSP) directive. The default value is `false`, which is identical to the original Kibana behavior {kibana-pull}124484[#124484] + +[float] +[[fixes-v8.3.0]] +=== Bug fixes +Alerting:: +* Don't load connectors and connector types when there isn't an encryptionKey {kibana-pull}133335[#133335] +* Adds cloud icon "ess-icon" at the end of the config keys in "alerting" {kibana-pull}131735[#131735] +* Fixes optional spaceId in rules_client {kibana-pull}130704[#130704] + +Content Managment:: +Fixes the listingLimit settings url {kibana-pull}129701[#129701] + +Dashboard:: +* Adds Fatal Error Handling {kibana-pull}133579[#133579] +* Hide in Print Mode {kibana-pull}133446[#133446] +* Send Control State to Reporting Via Locator {kibana-pull}133425[#133425] +* Fixes new controls causing unsaved changes bug {kibana-pull}132850[#132850] + +Design:: +* Keyboard shortcut popup {kibana-pull}133069[#133069] +* Adding aria-label for discover data grid select document checkbox {kibana-pull}131277[#131277] +* Adds item descriptions to edit button screen reader labels in TableListView {kibana-pull}125334[#125334] + +Discover:: +* Hide "Add a field", "Edit" and "Create a data view" buttons in viewer mode {kibana-pull}134582[#134582] +* Unify definition of field names and field descriptions {kibana-pull}134463[#134463] +* Address "Don't call Hooks" React warnings {kibana-pull}134339[#134339] +* Include current filters into "Test query" request {kibana-pull}134184[#134184] +* Prevent rule flyout from being open simultaneously with other popovers like search suggestions {kibana-pull}132108[#132108] +* Fixes link to open new window {kibana-pull}131930[#131930] +* Discover Classic View Filter In/Out placement when `truncate:maxHeight` is set to 0 {kibana-pull}129942[#129942] +* Fixes inconsistent usage of arrow icons on Surrounding documents page {kibana-pull}129292[#129292] +* Show a fallback empty message when no results are found {kibana-pull}128754[#128754] + +Elastic Security:: +For the Elastic Security 8.3.0 release information, refer to {security-guide}/release-notes.html[_Elastic Security Solution Release Notes_]. + +Fleet:: +* Bulk reassign kuery optimize {kibana-pull}134673[#134673] +* Fixes flickering tabs layout in add agent flyout {kibana-pull}133769[#133769] +* Adds $ProgressPreference to windows install command in flyout {kibana-pull}133756[#133756] +* Fixes sorting by size on data streams table {kibana-pull}132833[#132833] + +Infrastructure:: +Pass decorated server to routes {kibana-pull}133264[#133264] + +Lens & Visualizations:: +* Hide null cells in Heatmap {kibana-pull}134450[#134450] +* Fixes formula generate error in *Lens* {kibana-pull}134434[#134434] +* Better default for date_range agg in *Visualize* {kibana-pull}134220[#134220] +* Keep suggestions stable in *Lens* {kibana-pull}134212[#134212] +* Fixes voiceover drag and drop in *Lens* {kibana-pull}134196[#134196] +* Fixes palette bug {kibana-pull}134159[#134159] +* Fixes multi index pattern load on the server in *TSVB* {kibana-pull}134091[#134091] +* Fixes axis title visibility bug in *Lens* {kibana-pull}134082[#134082] +* Fixes broken drilldowns for gauges and heatmaps in *Lens* {kibana-pull}134008[#134008] +* Fixes application of suffix formats in *Lens* {kibana-pull}133780[#133780] +* Do not show edit field for record field in *Lens* {kibana-pull}133762[#133762] +* Fixes discover drilldown for non-time field case in *Lens* {kibana-pull}133334[#133334] +* Do not reset session on Lens load with filters in *Lens* {kibana-pull}133191[#133191] +* Fixes transition issue in *Lens* {kibana-pull}132956[#132956] +* Escape label in lodash set command in *TSVB* {kibana-pull}132932[#132932] +* Changing the `Data View` logic with an initially missed `Data View` does not work in *TSVB* {kibana-pull}132796[#132796] +* Terms with keyword field with "numbers" is displayed with a weird date in *TSVB* {kibana-pull}132226[#132226] +* TSVB] Chart is failing when the user tries to add a percentile_rank {kibana-pull}132105[#132105] +* Fixes metric label font size in *Visualize* {kibana-pull}132100[#132100] +* Datatable: Do not apply truncation in value popover in *Lens* {kibana-pull}132005[#132005] +* Fixes percentile rank math in *TSVB* {kibana-pull}132003[#132003] +* Fixes timezone bucket shift in *Timelion* {kibana-pull}131213[#131213] +* Fixes vega controls layout in *Vega* {kibana-pull}130954[#130954] +* Fixes requesting not permitted or used data views in *Timelion* {kibana-pull}130899[#130899] +* Fixed bugs when using `include/exclude` options for Terms in *TSVB* {kibana-pull}130884[#130884] +* Make series agg work after math in *TSVB* {kibana-pull}130867[#130867] +* Use elastic-charts axis calculation in *Lens* {kibana-pull}130429[#130429] +* Make suggestions depend on active data in *Lens* {kibana-pull}129326[#129326] +* Adds back setMapView function in *Vega* {kibana-pull}128914[#128914] +* Fixes the Order by setting for split chart in metric and custom metric visualizations {kibana-pull}128185[#128185] + +Machine Learning:: +* Fixes creation of the custom URLs for Kibana Dashboard {kibana-pull}134248[#134248] +* Fixes expanded row stats not loading all correctly whenever sort by cardinality {kibana-pull}134113[#134113] +* Fixes Data visualizer showing 0 count in the doc count chart even though documents do exist {kibana-pull}134083[#134083] +* Fixes querying anomalies for the Single Metric Viewer {kibana-pull}133419[#133419] +* Fixes Anomaly Charts filtering based on the swim lane job selection {kibana-pull}133299[#133299] +* Fixes handling of unrecognised URLs {kibana-pull}133157[#133157] +* Prevent duplicate field selection in detector modal {kibana-pull}133018[#133018] +* Fixes single metric job with doc_count field {kibana-pull}132997[#132997] +* Hide job messages clear notifications tooltip on click {kibana-pull}132982[#132982] +* Filtering category runtime fields in advanced wizard {kibana-pull}132916[#132916] +* Fixes trained model testing so it is available for users with ML read permissions {kibana-pull}132698[#132698] +* Adding type for job summary state {kibana-pull}131643[#131643] + +Management:: +* Fixes linebreaks (\r\n) mis-applied from history {kibana-pull}131037[#131037] +* Fixes Kibana DevTool Copy as CURL does not url encode special chars in indice date math {kibana-pull}130970[#130970] +* Fixes cat APIs returning as escaped string {kibana-pull}130638[#130638] +* Fixes Elasticsearch doc VIEW IN CONSOLE will clean local Kibana console form history {kibana-pull}127430[#127430] + +Maps:: +* Fixes icon markers fail to load when browser zoomed out {kibana-pull}134367[#134367] +* Hide create filter UI in canvas {kibana-pull}133943[#133943] +* Use label features from ES vector tile search API to fix multiple labels {kibana-pull}132080[#132080] +* Fixes Map panels should not show the user controls in a dashboard report {kibana-pull}131970[#131970] +* Show "no results" found for vector tile aggregations when there are no results {kibana-pull}130821[#130821] + +Monitoring:: +* Prevent exceptions in rule when no data present {kibana-pull}131332[#131332] +* Fixes displaying ES version for external collection {kibana-pull}131194[#131194] +* Fixes node type detection for external collection {kibana-pull}131156[#131156] +* Use server.publicBaseUrl in Alert links {kibana-pull}131154[#131154] + +Observability:: +* Fixes x-axis on error charts {kibana-pull}134193[#134193] +* Display ENVIRONMENT_ALL label instead of value {kibana-pull}133616[#133616] +* Fixes normalizers to not parse list values if they are already parsed {kibana-pull}133563[#133563] +* Change bucket_scripts to use params for thresholds {kibana-pull}133214[#133214] +* Use Observability rule type registry for list of rule types {kibana-pull}132484[#132484] +* APM anomaly rule type should appear in observability rules page {kibana-pull}132476[#132476] +* Fixes monitors details page errors {kibana-pull}132196[#132196] +* Set a valid `service_name` for python APM onboarding {kibana-pull}131959[#131959] +* Rename service groups template titles and links {kibana-pull}131381[#131381] +* Show service group icon only for service groups {kibana-pull}131138[#131138] +* Refactor Metric Threshold rule to push evaluations to Elasticsearch {kibana-pull}126214[#126214] +* Ellipsis truncation issue - dependencies and service section {kibana-pull}122203[#122203] +* Fixes lookback window for anomalies for anomaly alert {kibana-pull}93389[#93389] + +Operations:: +Fixes error handling on precommit hook {kibana-pull}132998[#132998] + +Platform:: +Prevents Kibana from bootlooping during migrations when Elasticsearch routing allocation settings are incompatible {kibana-pull}131809[#131809] + +Querying & Filtering:: +Allows the negative character on the number type fields {kibana-pull}130653[#130653] + +Reporting:: +Remove controls from reports {kibana-pull}134240[#134240] + +Security:: +* Session view process events index will now match on prefixed index {kibana-pull}133984[#133984] +* Timestamp issue fix + updated Jest to include mock date format {kibana-pull}132290[#132290] +* Session view alerts loading improvements, and other polish / bug fixes {kibana-pull}131773[#131773] + +[[release-notes-8.2.3]] +== {kib} 8.2.3 + +Review the following information about the {kib} 8.2.3 release. + +[float] +[[breaking-changes-8.2.3]] +=== Breaking changes + +Breaking changes can prevent your application from optimal operation and performance. +Before you upgrade, review the breaking changes, then mitigate the impact to your application. + +There are no breaking changes in {kib} 8.2.2. + +To review the breaking changes in previous versions, refer to the following: + +{kibana-ref-all}/8.2/release-notes-8.2.0.html#breaking-changes-8.2.0[8.2.0] | {kibana-ref-all}/8.1/release-notes-8.1.0.html#breaking-changes-8.1.0[8.1.0] | {kibana-ref-all}/8.0/release-notes-8.0.0.html#breaking-changes-8.0.0[8.0.0] | {kibana-ref-all}/8.0/release-notes-8.0.0-rc2.html#breaking-changes-8.0.0-rc2[8.0.0-rc2] | {kibana-ref-all}/8.0/release-notes-8.0.0-rc1.html#breaking-changes-8.0.0-rc1[8.0.0-rc1] | {kibana-ref-all}/8.0/release-notes-8.0.0-beta1.html#breaking-changes-8.0.0-beta1[8.0.0-beta1] | {kibana-ref-all}/8.0/release-notes-8.0.0-alpha2.html#breaking-changes-8.0.0-alpha2[8.0.0-alpha2] | {kibana-ref-all}/8.0/release-notes-8.0.0-alpha1.html#breaking-changes-8.0.0-alpha1[8.0.0-alpha1] + +[float] +[[fixes-v8.2.3]] +=== Bug fixes +Elastic Security:: +For the Elastic Security 8.2.3 release information, refer to {security-guide}/release-notes.html[_Elastic Security Solution Release Notes_]. +Fleet:: +* Elastic Agent integration now installs automatically if agent monitoring is turned on in the agent policy {kibana-pull}133530[#133530] +* Removes {beats} tutorials from the Elastic Stack category {kibana-pull}132957[#132957] +Management:: +Fixes an edge case in the Inspector request selector where duplicate request names could result in a UI bug {kibana-pull}133511[#133511] +Operations:: +Fixes an issue where `node.options` was reset between upgrades in deb and rpm packages {kibana-pull}133249[#133249] +Platform:: +defaultIndex attribute was migrated for config saved object {kibana-pull}133339[#133339] + +[[release-notes-8.2.2]] +== {kib} 8.2.2 + +Review the following information about the {kib} 8.2.2 release. + +[float] +[[breaking-changes-8.2.2]] +=== Breaking changes + +Breaking changes can prevent your application from optimal operation and performance. +Before you upgrade, review the breaking changes, then mitigate the impact to your application. + +There are no breaking changes in {kib} 8.2.2. + +To review the breaking changes in previous versions, refer to the following: + +{kibana-ref-all}/8.2/release-notes-8.2.0.html#breaking-changes-8.2.0[8.2.0] | {kibana-ref-all}/8.1/release-notes-8.1.0.html#breaking-changes-8.1.0[8.1.0] | {kibana-ref-all}/8.0/release-notes-8.0.0.html#breaking-changes-8.0.0[8.0.0] | {kibana-ref-all}/8.0/release-notes-8.0.0-rc2.html#breaking-changes-8.0.0-rc2[8.0.0-rc2] | {kibana-ref-all}/8.0/release-notes-8.0.0-rc1.html#breaking-changes-8.0.0-rc1[8.0.0-rc1] | {kibana-ref-all}/8.0/release-notes-8.0.0-beta1.html#breaking-changes-8.0.0-beta1[8.0.0-beta1] | {kibana-ref-all}/8.0/release-notes-8.0.0-alpha2.html#breaking-changes-8.0.0-alpha2[8.0.0-alpha2] | {kibana-ref-all}/8.0/release-notes-8.0.0-alpha1.html#breaking-changes-8.0.0-alpha1[8.0.0-alpha1] + +[float] +[[fixes-v8.2.2]] +=== Bug fix +Machine Learning:: +Fixes width of icon column in Messages table {kibana-pull}132444[#132444] + +[[release-notes-8.2.1]] +== {kib} 8.2.1 + +Review the following information about the {kib} 8.2.1 release. + +[float] +[[breaking-changes-8.2.1]] +=== Breaking changes + +Breaking changes can prevent your application from optimal operation and performance. +Before you upgrade, review the breaking changes, then mitigate the impact to your application. + +There are no breaking changes in {kib} 8.2.1. + +To review the breaking changes in previous versions, refer to the following: + +{kibana-ref-all}/8.2/release-notes-8.2.0.html#breaking-changes-8.2.0[8.2.0] | {kibana-ref-all}/8.1/release-notes-8.1.0.html#breaking-changes-8.1.0[8.1.0] | {kibana-ref-all}/8.0/release-notes-8.0.0.html#breaking-changes-8.0.0[8.0.0] | {kibana-ref-all}/8.0/release-notes-8.0.0-rc2.html#breaking-changes-8.0.0-rc2[8.0.0-rc2] | {kibana-ref-all}/8.0/release-notes-8.0.0-rc1.html#breaking-changes-8.0.0-rc1[8.0.0-rc1] | {kibana-ref-all}/8.0/release-notes-8.0.0-beta1.html#breaking-changes-8.0.0-beta1[8.0.0-beta1] | {kibana-ref-all}/8.0/release-notes-8.0.0-alpha2.html#breaking-changes-8.0.0-alpha2[8.0.0-alpha2] | {kibana-ref-all}/8.0/release-notes-8.0.0-alpha1.html#breaking-changes-8.0.0-alpha1[8.0.0-alpha1] + +[float] +[[enhancement-v8.2.1]] +=== Enhancements +Elastic Security:: +For the Elastic Security 8.2.1 release information, refer to {security-guide}/release-notes.html[_Elastic Security Solution Release Notes_]. +Monitoring:: +* Adds the ability collect Telemetry {kibana-pull}130498[#130498] +* Adds the ability to report panels in dashboards by type {kibana-pull}130166[#130166] + +[float] +[[fixes-v8.2.1]] +=== Bug fixes +Discover:: +* Fixes Document Explorer infinite height growth {kibana-pull}131723[#131723] +* Fixes links in helper callouts {kibana-pull}130873[#130873] +Elastic Security:: +For the Elastic Security 8.2.1 release information, refer to {security-guide}/release-notes.html[_Elastic Security Solution Release Notes_]. +Fleet:: +* Removes legacy component templates on package install {kibana-pull}130758[#130758] +Lens & Visualizations:: +* Fixes time shift bug in *Lens* {kibana-pull}132000[#132000] +* Fixes single color palette configuration {kibana-pull}131128[#131128] +Machine Learning:: +* Removes alerting_rules from general job list items {kibana-pull}131936[#131936] +* Fixes management app docs links {kibana-pull}130776[#130776] +Management:: +* Restores data view management field type conflict detail modal {kibana-pull}132197[#132197] +* Fixes test data for import and export between versions tests {kibana-pull}131470[#131470] +* Fixes condition auto-completion for templates in Console {kibana-pull}126881[#126881] +Maps:: +* Fixes background tiles in a map panel might not load in a screenshot report {kibana-pull}131185[#131185] +Observability:: +* Services without application metrics display an error {kibana-pull}131347[#131347] +* Correctly interprets the `resetting` and `reverting` job states {kibana-pull}129570[#129570] +Platform:: +* Migrations incorrectly detects cluster routing allocation setting as incompatible {kibana-pull}131712[#131712] +* Fixes resetting image values {kibana-pull}131610[#131610] +* Fixes a bug causing the newsfeed to not be properly displayed in locales other than english {kibana-pull}131315[#131315] + +[[release-notes-8.2.0]] +== {kib} 8.2.0 + +Review the following information about the {kib} 8.2.0 release. + +[float] +[[known-issue-v8.2.0]] +=== Known issue + +Lens & visualizations:: +A change in the Markdown library that {kib} uses to create *TSVB* *Markdown* visualizations and *Text* dashboard panels renders some tables differently. For more information, check out link:https://github.com/markdown-it/markdown-it/pull/767[#767]. + +[float] +[[breaking-changes-8.2.0]] +=== Breaking changes + +Breaking changes can prevent your application from optimal operation and performance. +Before you upgrade, review the breaking changes, then mitigate the impact to your application. + +There are no breaking changes in {kib} 8.2.0. + +To review the breaking changes in previous versions, refer to the following: + +{kibana-ref-all}/8.1/release-notes-8.1.0.html#breaking-changes-8.1.0[8.1.0] | {kibana-ref-all}/8.0/release-notes-8.0.0.html#breaking-changes-8.0.0[8.0.0] | {kibana-ref-all}/8.0/release-notes-8.0.0-rc2.html#breaking-changes-8.0.0-rc2[8.0.0-rc2] | {kibana-ref-all}/8.0/release-notes-8.0.0-rc1.html#breaking-changes-8.0.0-rc1[8.0.0-rc1] | {kibana-ref-all}/8.0/release-notes-8.0.0-beta1.html#breaking-changes-8.0.0-beta1[8.0.0-beta1] | {kibana-ref-all}/8.0/release-notes-8.0.0-alpha2.html#breaking-changes-8.0.0-alpha2[8.0.0-alpha2] | {kibana-ref-all}/8.0/release-notes-8.0.0-alpha1.html#breaking-changes-8.0.0-alpha1[8.0.0-alpha1] + +[float] +[[features-8.2.0]] +=== Features +{kib} 8.2.0 adds the following new and notable features. + +Alerting:: +* Keep the number_of_scheduled_actions in event log {kibana-pull}128438[#128438] +* Remove defaultRuleTaskTimeout and set ruleType specific timeout from kibana.yml {kibana-pull}128294[#128294] +* Limit the executable actions per rule execution {kibana-pull}128079[#128079] and {kibana-pull}126902[#126902] + +Cases:: +* Adds Cases to the Stack Management page as a technical preview feature {kibana-pull}125224[#125224] + +Dashboard:: +* Adds time slider control {kibana-pull}128305[#128305] +* Adds Control group search settings {kibana-pull}128090[#128090] +* Adds hierarchical chaining setting to Controls {kibana-pull}126649[#126649] +* Adds options list API and validation system {kibana-pull}123889[#123889] -* <> -* <> -* <> -* <> -* <> -* <> +Discover:: +* Enables document explorer by default {kibana-pull}125485[#125485] +* Adds `Copy to clipboard` ability for column name of Document Explorer {kibana-pull}123892[#123892] + +Elastic Security:: +For the Elastic Security 8.2.0 release information, refer to {security-guide}/release-notes.html[_Elastic Security Solution Release Notes_]. + +Lens & Visualizations:: +* Adds manual annotations in *Lens* {kibana-pull}126456[#126456] +* Adds multi-field group by in *TSVB* {kibana-pull}126015[#126015] +* Adds ability to navigate to *Lens* with your current *TSVB* configuration {kibana-pull}114794[#114794] + +Machine Learning:: +* Add link to maps in charts section of Anomaly Explorer {kibana-pull}128697[#128697] +* Testing trained models in UI {kibana-pull}128359[#128359] +* Space aware trained models {kibana-pull}123487[#123487] + +Management:: +* Adds support for auto-complete for data streams {kibana-pull}126235[#126235] +* Adds ability to filter Data View UI for runtime fields {kibana-pull}124114[#124114] +* Adds ability to share data views across spaces via data view management {kibana-pull}123991[#123991] + +Observability:: +* Adds button which allows users to signup for the Synthetics service public beta {kibana-pull}128798[#128798] +* Adds "View in App URL" {{context.viewInAppUrl}} variable to the rule templating language {kibana-pull}128281[#128281] +* Adds "View in App URL" {{context.viewInAppUrl}} variable to the rule templating language {kibana-pull}128243[#128243] +* Adds "View in App URL" {{context.viewInAppUrl}} variable to the rule templating language {kibana-pull}127890[#127890] +* Adds view in app url as an action variable in the alert message for uptime app {kibana-pull}127478[#127478] + +For more information about the features introduced in 8.2.0, refer to <>. + +[[enhancements-and-bug-fixes-v8.2.0]] +=== Enhancements and bug fixes + +For detailed information about the 8.2.0 release, review the enhancements and bug fixes. + +[float] +[[enhancement-v8.2.0]] +=== Enhancements +Alerting:: +* Adds error logs in rule details page {kibana-pull}128925[#128925] +* Simplify error banner on rules {kibana-pull}128705[#128705] +* Adds Previous Snooze button {kibana-pull}128539[#128539] +* Adds Snooze UI and Unsnooze API {kibana-pull}128214[#128214] +* Adds aggs to know how many rules are snoozed {kibana-pull}128212[#128212] +* Adds a connector for xMatters {kibana-pull}122357[#122357] + +Dashboard:: +* Adds option to open dashboard drilldowns in new tab or window {kibana-pull}125773[#125773] +* Adds range slider Control {kibana-pull}125584[#125584] + +Discover:: +Adds ability to edit histogram as vis {kibana-pull}125705[#125705] + +Elastic Security:: +For the Elastic Security 8.2.0 release information, refer to {security-guide}/release-notes.html[_Elastic Security Solution Release Notes_]. + +Enterprise Search:: +For the Elastic Enterprise Search 8.2.0 release information, refer to {enterprise-search-ref}/changelog.html[_Elastic Enterprise Search Documentation Release notes_]. + +Fleet:: +* Merge settings & mappings component template in @package {kibana-pull}128498[#128498] +* Redesign agent flyout {kibana-pull}128381[#128381] +* Adds a link from agent details page to agent dashboard {kibana-pull}127882[#127882] +* Update add agent instructions in fleet managed mode for Kubernetes {kibana-pull}127703[#127703] +* Added time_series_metric mapping for metric_type package field {kibana-pull}126322[#126322] +* Added support for dimension field {kibana-pull}126257[#126257] +* Refactor auto upgrade package policies logic {kibana-pull}125909[#125909] +* Move mappings from index template to component template {kibana-pull}124013[#124013] + +Lens & Visualizations:: +* Adds normalize_by_unit function and option in *Lens* {kibana-pull}128303[#128303] +* Adds suffix formatter in *Lens* {kibana-pull}128246[#128246] +* Adds Xy gap settings in *Lens* {kibana-pull}127749[#127749] +* Implements null instead of zero switch in *Lens* {kibana-pull}127731[#127731] +* Adds ability to include empty rows setting for date histogram in *Lens* {kibana-pull}127453[#127453] +* Adds support for multi rows headers for the table visualization in *Lens* {kibana-pull}127447[#127447] +* Adds ability to open *Lens* visualizations in *Discover* from dashboards {kibana-pull}127355[#127355] +* Auto-set exists filtering for last value in *Lens* {kibana-pull}127251[#127251] +* Adds ability to include number of values in default terms field label in *lens* {kibana-pull}127222[#127222] +* Adds ability to drop partial buckets option in *Lens* {kibana-pull}127153[#127153] +* Addds ability to allow top metric for last value in *Lens* {kibana-pull}127151[#127151] +* Improves Datatable content height with custom row height in *Lens* {kibana-pull}127134[#127134] +* Adds ability to set legend pixel width in *Lens* {kibana-pull}126018[#126018] +* Adds underlying data editor navigation in *Lens* {kibana-pull}125983[#125983] +* Adds top metrics aggregation to AggConfigs, Expressions, and Visualize {kibana-pull}125936[#125936] +* Adds the ability to detach from global time range in *Lens* {kibana-pull}125563[#125563] +* Adds last value, min and max on dates, allow last value on ip_range, number_range, and date_range in *Lens* {kibana-pull}125389[#125389] +* Adds version-aware sorting to data table in *Lens* {kibana-pull}125361[#125361] +* Cancel discarded searches in *Timelion* {kibana-pull}125255[#125255] +* Cancel discarded searches in *TSVB* {kibana-pull}125197[#125197] +* Adds the ability to allow users to disable auto-apply in *Lens* {kibana-pull}125158[#125158] +* Adds Filter custom label for kibanaAddFilter in *Vega* {kibana-pull}124498[#124498] +* Adds metric Viz config options, title position, and sizing in *Lens* {kibana-pull}124124[#124124] +* Adds the ability to make graph edges easier to click {kibana-pull}124053[#124053] +* Adds "Show empty rows" options to intervals function in *Lens* {kibana-pull}118855[#118855] + +Machine Learning:: +* Combines annotations into one block if multiple annotations overlap {kibana-pull}128782[#128782] +* Adds `throughput_last_minute` to the deployment stats {kibana-pull}128611[#128611] +* Adds new API endpoint to improve anomaly chart performance {kibana-pull}128165[#128165] +* Utilize ML memory stats endpoint for the memory overview chart {kibana-pull}127751[#127751] +* Deleting trained model space checks {kibana-pull}127438[#127438] +* Show at least one correlation value and consolidate correlations columns {kibana-pull}126683[#126683] +* Include fields not in docs in Data Visualizer field name control {kibana-pull}126519[#126519] +* Anomaly Explorer performance enhancements {kibana-pull}126274[#126274] +* Fixes Index data visualizer reaching Elasticsearch rate request limits {kibana-pull}124898[#124898] +* Adds cache for data recognizer module configs to reduce number of privilege checks {kibana-pull}126338[#126338] + +Management:: +* Extend Transform Health alerting rule with error messages check {kibana-pull}128731[#128731] +* Enable opening queries from any UI {kibana-pull}127461[#127461] +* No Data Views Component {kibana-pull}125403[#125403] + +Maps:: +* Remove usage of max file size advanced setting 1GB limit in geo file upload {kibana-pull}127639[#127639] +* Adds support for geohex_grid aggregation {kibana-pull}127170[#127170] +* Lens choropleth chart {kibana-pull}126819[#126819] +* Register GeoJson upload with integrations page {kibana-pull}126350[#126350] +* Support custom icons in maps {kibana-pull}113144[#113144] + +Observability:: +* Guided setup progress {kibana-pull}128382[#128382] +* Enable check for public beta {kibana-pull}128240[#128240] +* Guided setup button on the overview page {kibana-pull}128172[#128172] +* Show warning when users exceed a Synthetics Node throttling limits {kibana-pull}127961[#127961] +* Adds logging to Inventory Threshold Rule {kibana-pull}127838[#127838] +* O11y rules page {kibana-pull}127406[#127406] +* Enrich documents generated by the synthetics service with `port` information {kibana-pull}127180[#127180] +* Make UI indices space aware (support for spaces) {kibana-pull}126176[#126176] +* Setting for default env for service inventory {kibana-pull}126151[#126151] +* Alerts in overview page {kibana-pull}125337[#125337] +* Adds log rate to Exploratory View {kibana-pull}125109[#125109] +* Support switching between log source modes {kibana-pull}124929[#124929] +* Overview style updates {kibana-pull}124702[#124702] +* Adds full screen/copy button ability in browser inline script editing {kibana-pull}124500[#124500] +* Update position of legend and it's controls {kibana-pull}115854[#115854] + +Platform:: +Allow customizing {es} client maxSockets {kibana-pull}126937[#126937] + +[float] +[[fixes-v8.2.0]] +=== Bug Fixes +Alerting:: +* Fixes bug when providing a single value to the `fields` query parameter of the Cases find API {kibana-pull}128143[#128143] +* Fixes the count of alerts in the cases table. Only unique alerts are being counted {kibana-pull}127721[#127721] +* Do not show the lens action if Visualize feature is not enabled {kibana-pull}127613[#127613] + +Dashboard:: +* Fixes control removal {kibana-pull}128699[#128699] +* Select televant data view ID {kibana-pull}128440[#128440] +* Close controls flyouts on unmount, save, and view mode change {kibana-pull}128198[#128198] + +Discover:: +* Account for hidden time column in default sort {kibana-pull}129659[#129659] +* Make field icons consistent across field list and doc tables {kibana-pull}129621[#129621] +* Fixes `Filter for field present` in expanded document view of Document Explorer {kibana-pull}129588[#129588] +* Cancel long running request after navigating out from Discover {kibana-pull}129444[#129444] +* Fixes height of JSON tab in Document flyout when using Document explorer in Safari {kibana-pull}129348[#129348] +* Fixes stuck action menu in expanded document sidebar {kibana-pull}127588[#127588] + +Elastic Security:: +For the Elastic Security 8.2.0 release information, refer to {security-guide}/release-notes.html[_Elastic Security Solution Release Notes_]. + +Lens & Visualizations:: +* Fixes multi index pattern load bug in *TSVB* {kibana-pull}130428[#130428] +* Handle empty values for range formatters {kibana-pull}129572[#129572] +* Apply pinned filters to *Lens* {kibana-pull}129503[#129503] +* Imported vislib pie triggers unsaved viz warning when embedded on a dashboard in *Visualize* {kibana-pull}129336[#129336] +* Fixes auto session-renewal on non-timebased data views in *Lens* {kibana-pull}129313[#129313] +* Fixes steps behavior to happen at the change point in *TSVB* {kibana-pull}128741[#128741] +* Improve check for 0 opacity in *TSVB* {kibana-pull}128630[#128630] +* Fixes firefox scrollbars in *Vega* {kibana-pull}128515[#128515] +* Log data tables properly in *Lens* {kibana-pull}128297[#128297] +* Fixes annotation bounds bug in *TSVB* {kibana-pull}128242[#128242] +* Make sure x axis values are always strings in *Lens* {kibana-pull}128160[#128160] +* Use default number formatter as fallback if nothing else is specified in *Timelion* {kibana-pull}128155[#128155] +* Enable Save&Return button for canvas when dashboard permissions are off in *Visualize* {kibana-pull}128136[#128136] +* Fixes permission problem for "Save and return" button in *Lens* {kibana-pull}127963[#127963] +* Restore operation auto switch based on field type in *Lens* {kibana-pull}127861[#127861] +* Fixes mosaic color syncing in *Lens* {kibana-pull}127707[#127707] +* Make edge selection work {kibana-pull}127456[#127456] +* Remove opacity for fitting line series {kibana-pull}127176[#127176] +* Handle line/area fitting function when the editor has started with bar configuration in *Visualize* {kibana-pull}126891[#126891] +* Preserve custom label when changing with multi-terms settings in *Lens* {kibana-pull}126773[#126773] +* Fixes multi terms fields validation in *Lens* {kibana-pull}126618[#126618] +* Make Embeddable resilient when toggling actions in *Lens* {kibana-pull}126558[#126558] +* Make graph app resilient to no fields or missing data views {kibana-pull}126441[#126441] +* Fixes Formula to Quick functions does not preserve custom formatting in *Lens* {kibana-pull}124840[#124840] +* Inspector displays only visible content {kibana-pull}124677[#124677] +* Coloring tooltips in Heatmap are not properly positioned in *Visualize* {kibana-pull}124507[#124507] +* Adds rison helper and URL encoding for drilldown urls in *TSVB* {kibana-pull}124185[#124185] + +Machine Learning:: +* Fixes alignment of Anomaly Explorer swim lane annotations label on Firefox {kibana-pull}130274[#130274] +* Fixes Single Metric Viewer chart failing to load if no points during calendar event {kibana-pull}130000[#130000] +* Fixes Single Metric Viewer for jobs that haven't been run {kibana-pull}129063[#129063] +* Fix outlier detection results exploration color legend display {kibana-pull}129058[#129058] +* Fixes new anomaly detection job from saved search with no query filter {kibana-pull}129022[#129022] +* Fixes data frame analytics map saved object sync warning {kibana-pull}128876[#128876] +* Adds error toast to Data visualizer when using unpopulated time field {kibana-pull}127196[#127196] + +Management:: +* Transforms: Fix to not pass on default values in configurations {kibana-pull}129091[#129091] +* Encode + sign in ISO8601 time range in query {kibana-pull}126660[#126660] + +Maps:: +* Fixes lens region map visualization throws a silent error {kibana-pull}129608[#129608] +* Fixes double click issue when deleting a shape {kibana-pull}124661[#124661] + +Monitoring:: +* Exclude Malwarescore + Ransomware EP alerts from DRule telemetry {kibana-pull}130233[#130233] +* Rename "APM & Fleet Server" to "Integrations Server" {kibana-pull}128574[#128574] +* Fixes sorting by node status on nodes listing page {kibana-pull}128323[#128323] + +Observability:: +* Service environment should be selected when you edit the agent configuration {kibana-pull}129929[#129929] +* Adds migration to include synthetics and heartbeat indices on 8.2.0 {kibana-pull}129510[#129510] +* Rules summary on the Alerts view is not showing the count of rules {kibana-pull}129052[#129052] +* Fixes shadow for overview panels {kibana-pull}128878[#128878] +* Ensure rum_allow_origins setting only saves valid YAML strings {kibana-pull}128704[#128704] +* Standardize NOW as startedAt from executor options {kibana-pull}128020[#128020] +* Fixes synthetics recorder file upload {kibana-pull}127614[#127614] +* Service maps popover detail metrics are aggregates over all transaction types {kibana-pull}125580[#125580] + +Platform:: +* Fixes an issue where duplicate data appears in the inspector datatable in *Lens* for heatmap visualizations, and stale data persists in the inspector datatable when you remove layers {kibana-pull}126786[#126786] +* Fixes an issue that caused {kib} to become unresponsive while generating a PDF report {kibana-pull}124787[#124787] +* Fixes an issue where an unfriendly notification title displays after you create a report {kibana-pull}123607[#123607] + +Security:: +* Fixes styles for "You do not have permission" screen {kibana-pull}129715[#129715] +* Change session expiration to override on app leave behavior {kibana-pull}129384[#129384] + +[[release-notes-8.1.3]] +== {kib} 8.1.3 + +Review the following information about the {kib} 8.1.3 release. + +[float] +[[security-update-v8.1.3]] +=== Security update + +The 8.1.3 release contains a fix to a potential security vulnerability. For more information, check link:https://discuss.elastic.co/t/kibana-7-17-3-and-8-1-3-security-update/302826[Security Announcements]. + +[float] +[[breaking-changes-8.1.3]] +=== Breaking changes + +Breaking changes can prevent your application from optimal operation and performance. +Before you upgrade, review the breaking changes, then mitigate the impact to your application. + +There are no breaking changes in {kib} 8.1.3. + +To review the breaking changes in previous versions, refer to the following: + +{kibana-ref-all}/8.0/release-notes-8.0.0.html#breaking-changes-8.0.0[8.0.0] | {kibana-ref-all}/8.0/release-notes-8.0.0-rc2.html#breaking-changes-8.0.0-rc2[8.0.0-rc2] | {kibana-ref-all}/8.0/release-notes-8.0.0-rc1.html#breaking-changes-8.0.0-rc1[8.0.0-rc1] | {kibana-ref-all}/8.0/release-notes-8.0.0-beta1.html#breaking-changes-8.0.0-beta1[8.0.0-beta1] | {kibana-ref-all}/8.0/release-notes-8.0.0-alpha2.html#breaking-changes-8.0.0-alpha2[8.0.0-alpha2] | {kibana-ref-all}/8.0/release-notes-8.0.0-alpha1.html#breaking-changes-8.0.0-alpha1[8.0.0-alpha1] + +[float] +[[fixes-v8.1.3]] +=== Bug fix +Discover:: +* Fixes toggle table column for classic table {kibana-pull}128603[#128603] + +[[release-notes-8.1.2]] +== {kib} 8.1.2 + +Review the following information about the {kib} 8.1.2 release. + +[float] +[[breaking-changes-8.1.2]] +=== Breaking changes + +Breaking changes can prevent your application from optimal operation and performance. +Before you upgrade, review the breaking changes, then mitigate the impact to your application. + +There are no breaking changes in {kib} 8.1.2. + +To review the breaking changes in previous versions, refer to the following: + +{kibana-ref-all}/8.0/release-notes-8.0.0.html#breaking-changes-8.0.0[8.0.0] | {kibana-ref-all}/8.0/release-notes-8.0.0-rc2.html#breaking-changes-8.0.0-rc2[8.0.0-rc2] | {kibana-ref-all}/8.0/release-notes-8.0.0-rc1.html#breaking-changes-8.0.0-rc1[8.0.0-rc1] | {kibana-ref-all}/8.0/release-notes-8.0.0-beta1.html#breaking-changes-8.0.0-beta1[8.0.0-beta1] | {kibana-ref-all}/8.0/release-notes-8.0.0-alpha2.html#breaking-changes-8.0.0-alpha2[8.0.0-alpha2] | {kibana-ref-all}/8.0/release-notes-8.0.0-alpha1.html#breaking-changes-8.0.0-alpha1[8.0.0-alpha1] + +[float] +[[enhancement-v8.1.2]] +=== Enhancement +Dashboard:: +Improve controls management UX {kibana-pull}127524[#127524] + +[float] +[[fixes-v8.1.2]] +=== Bug fixes +Discover:: +* Fixes toggle table column for classic table {kibana-pull}128603[#128603] +* Fixes selection popover close action without making a selection in Document Explorer {kibana-pull}128124[#128124] + +Elastic Security:: +For the Elastic Security 8.1.2 release information, refer to {security-guide}/release-notes.html[_Elastic Security Solution Release Notes_]. + +Management:: +Handle scenario when user has no indices {kibana-pull}128066[#128066] + +Monitoring:: +Rename "APM & Fleet Server" to "Integrations Server" {kibana-pull}128574[#128574] + +Platform:: +Fixes KQL typeahead missing description and improve display for long field names {kibana-pull}128480[#128480] + +[[release-notes-8.1.1]] +== {kib} 8.1.1 + +Review the following information about the {kib} 8.1.1 release. + +[float] +[[breaking-changes-8.1.1]] +=== Breaking changes + +Breaking changes can prevent your application from optimal operation and performance. +Before you upgrade to 8.1.1, review the breaking changes, then mitigate the impact to your application. + +There are no breaking changes in {kib} 8.1.1. + +To review the breaking changes in previous versions, refer to the following: + +{kibana-ref-all}/8.0/release-notes-8.0.0.html#breaking-changes-8.0.0[8.0.0] | {kibana-ref-all}/8.0/release-notes-8.0.0-rc2.html#breaking-changes-8.0.0-rc2[8.0.0-rc2] | {kibana-ref-all}/8.0/release-notes-8.0.0-rc1.html#breaking-changes-8.0.0-rc1[8.0.0-rc1] | {kibana-ref-all}/8.0/release-notes-8.0.0-beta1.html#breaking-changes-8.0.0-beta1[8.0.0-beta1] | {kibana-ref-all}/8.0/release-notes-8.0.0-alpha2.html#breaking-changes-8.0.0-alpha2[8.0.0-alpha2] | {kibana-ref-all}/8.0/release-notes-8.0.0-alpha1.html#breaking-changes-8.0.0-alpha1[8.0.0-alpha1] + +[float] +[[enhancement-v8.1.1]] +=== Enhancement +Dashboard:: +Improves controls empty state {kibana-pull}125728[#125728] + +[float] +[[fixes-v8.1.1]] +=== Bug fixes +Data ingest:: +The dot expander processor in the Ingest Pipelines UI now allows setting a wildcard (`*`) for the field parameter {kibana-pull}123522[#123522] + +Elastic Security:: +For the Elastic Security 8.1.1 release information, refer to {security-guide}/release-notes.html[_Elastic Security Solution Release Notes_]. + +Enterprise Search:: +For the Elastic Enterprise Search 8.1.1 release information, refer to {enterprise-search-ref}/changelog.html[_Elastic Enterprise Search Documentation Release notes_]. + +Fleet:: +* Adds a new validation message {kibana-pull}127239[#127239] +* Fixes empty assets on package install {kibana-pull}127070[#127070] +* Hide enroll command when user creates a new agent policy in the Add agent flyout {kibana-pull}126431[#126431] +* Makes input IDs unique in agent policy yaml {kibana-pull}127343[#127343] +* Fixes links to Agent logs for APM, Endpoint, Synthetics, and OSQuery {kibana-pull}127480[#127480] + +[[release-notes-8.1.0]] +== {kib} 8.1.0 + +Review the following information about the {kib} 8.1.0 release. + +[float] +[[breaking-changes-8.1.0]] +=== Breaking changes + +Breaking changes can prevent your application from optimal operation and performance. +Before you upgrade to 8.1.0, review the breaking changes, then mitigate the impact to your application. + +[discrete] +[[breaking-121435]] +.Removes legacy CSV export type +[%collapsible] +==== +*Details* + +The `/api/reporting/generate/csv` endpoint has been removed. For more information, refer to {kibana-pull}121435[#121435]. + +*Impact* + +If you are using 7.13.0 and earlier, {kibana-ref-all}/8.1/automating-report-generation.html[regenerate the POST URLs] that you use to automatatically generate CSV reports. +==== + +[discrete] +[[breaking-121369]] +.Removes legacy PDF shim +[%collapsible] +==== +*Details* + +The POST URLs that you generated in {kib} 6.2.0 no longer work. For more information, refer to {kibana-pull}121369[#121369]. + +*Impact* + +{kibana-ref-all}/8.1/automating-report-generation.html[Regenerate the POST URLs] that you use to automatatically generate PDF reports. +==== + +To review the breaking changes in previous versions, refer to the following: + +{kibana-ref-all}/8.0/release-notes-8.0.0.html#breaking-changes-8.0.0[8.0.0] | {kibana-ref-all}/8.0/release-notes-8.0.0-rc2.html#breaking-changes-8.0.0-rc2[8.0.0-rc2] | {kibana-ref-all}/8.0/release-notes-8.0.0-rc1.html#breaking-changes-8.0.0-rc1[8.0.0-rc1] | {kibana-ref-all}/8.0/release-notes-8.0.0-beta1.html#breaking-changes-8.0.0-beta1[8.0.0-beta1] | {kibana-ref-all}/8.0/release-notes-8.0.0-alpha2.html#breaking-changes-8.0.0-alpha2[8.0.0-alpha2] | {kibana-ref-all}/8.0/release-notes-8.0.0-alpha1.html#breaking-changes-8.0.0-alpha1[8.0.0-alpha1] + +[float] +[[features-8.1.0]] +=== Features +{kib} 8.1.0 adds the following new and notable features. + +Canvas:: +* Adds Heatmap {kibana-pull}120239[#120239] +* Adds the *Filters* panel for element settings {kibana-pull}117270[#117270] and {kibana-pull}116592[#116592] + +Discover:: +* Adds document explorer callout {kibana-pull}123814[#123814] +* Adds ability to create data views from the sidebar {kibana-pull}123391[#123391] +* Adds redirect if there are no data views {kibana-pull}123366[#123366] +* Adds row height options {kibana-pull}122087[#122087] + +Elastic Security:: +For the Elastic Security 8.1.0 release information, refer to {security-guide}/release-notes.html[_Elastic Security Solution Release Notes_]. + +Lens & Visualizations:: +* Adds the waffle visualization type to *Lens* {kibana-pull}119339[#119339] +* Adds the gauge visualization type to *Lens* {kibana-pull}118616[#118616] +* Adds multi terms support to *Top Values* in *Lens* {kibana-pull}118600[#118600] +* Adds a new heatmap implementation with elastic-charts to *Visualize Library* {kibana-pull}118338[#118338] +* Adds the Mosaic or mekko visualization type to *Lens* {kibana-pull}117668[#117668] +* Adds the ability to configure the Metric visualization type color palette in *Lens* {kibana-pull}116170[#116170] + +Machine Learning:: +* Enable Field statistics table on by default {kibana-pull}124046[#124046] +* Adds grouping to the side nav {kibana-pull}123805[#123805] +* Integration part 1: Create anomalies layer in maps {kibana-pull}122862[#122862] +* Replace navigation bar with a side nav {kibana-pull}121652[#121652] +* Overview page redesign {kibana-pull}120966[#120966] + +Management:: +* Support suggesting index templates v2 {kibana-pull}124655[#124655] +* *Console* now supports autocompletion for index templates and component templates introduced in {es} 7.8.0. +* Transforms: Support to set destination ingest pipeline {kibana-pull}123911[#123911] +* Transforms: Adds reset action to transforms management {kibana-pull}123735[#123735] +* Transforms: Support for terms agg in pivot configurations {kibana-pull}123634[#123634] + +Observability:: +* Adds Tail-based sampling settings {kibana-pull}124025[#124025] +* APM UI changes for serverless services / AWS lambda {kibana-pull}122775[#122775] + +For more information about the features introduced in 8.1.0, refer to <>. + +[[enhancements-and-bug-fixes-v8.1.0]] +=== Enhancements and bug fixes + +For detailed information about the 8.1.0 release, review the enhancements and bug fixes. + +[float] +[[enhancement-v8.1.0]] +=== Enhancements +Alerting:: +* Adds P50/95/99 for rule execution duration in the rules table {kibana-pull}123603[#123603] +* Adds dropdown for number of executions in Rule Details view {kibana-pull}122595[#122595] + +Canvas:: +* Adds titles to the heatmap axis {kibana-pull}123992[#123992] +* Adds the esql Monaco editor {kibana-pull}118531[#118531] +* Adds expression `metrisVis` workpad arguments {kibana-pull}114808[#114808] + +Dashboard:: +Adds the ability to always allow internal URLs in *Vega* {kibana-pull}124705[#124705] + +Data ingest:: +Adds the ability to create ingest pipelines from a CSV upload that enables mapping custom data source into ECS {kibana-pull}101216[#101216] + +Discover:: +* Improves the document explorer flyout {kibana-pull}120116[#120116] +* Adds the ability to preserve *Discover* main route state in breadcrumb links {kibana-pull}119838[#119838] +* Adds error state if chart loading fails {kibana-pull}119289[#119289] +* Enable Field statistics table on by default {kibana-pull}124046[#124046] + +Elastic Security:: +For the Elastic Security 8.1.0 release information, refer to {security-guide}/release-notes.html[_Elastic Security Solution Release Notes_]. + +Fleet:: +* Adds shipper label {kibana-pull}122491[#122491] +* Adds support for non-superuser access to *Fleet* and *Integrations* {kibana-pull}122347[#122347] +* Adds support for bundling packages as zip archives with {kib} source {kibana-pull}122297[#122297] +* Makes the default integration install explicit {kibana-pull}121628[#121628] + +Lens & Visualizations:: +* Addx suport for timefilter/min/max in *Vega* URLs {kibana-pull}124077[#124077] +* The filtered field list now uses field caps API in *Lens* {kibana-pull}122915[#122915] +* Updates the *Lens* empty state copy {kibana-pull}122174[#122174] +* Adds a global filter for formulas in *Lens* {kibana-pull}121768[#121768] +* Adds rare terms in *Lens* {kibana-pull}121500[#121500] +* Adds previous time shift back in *Lens* {kibana-pull}121284[#121284] +* Adds the size ratio setting to pie and donut charts in *Lens* {kibana-pull}120101[#120101] +* Adds multi terms dnd support in *Lens* {kibana-pull}119841[#119841] +* Improves the color stop UI in *Lens* {kibana-pull}119165[#119165] +* Enables table pagination in *Lens* {kibana-pull}118557[#118557] +* Adds support for ephemeral sort to the data table embeddable {kibana-pull}117742[#117742] +* Debounce duplicate error messages in *Vega* {kibana-pull}116408[#116408] +* Replaces EUICodeEditor with Monaco in *Vega* {kibana-pull}116041[#116041] + +Machine Learning:: +* Adds missing document titles {kibana-pull}124125[#124125] +* Synchronize Anomaly charts cursor position for X-axis with *Lens* visualizations in *Dashboard* {kibana-pull}123951[#123951] +* Adds grouping to the side nav {kibana-pull}123805[#123805] +* Adds empty states for the Jobs list pages {kibana-pull}123462[#123462] +* Adds error messages to Index data visualizer and improve distribution charts for fields with low cardinality {kibana-pull}123306[#123306] +* Standardize Add embeddable flow from the Anomaly Explorer page {kibana-pull}123199[#123199] +* Integration part 1: Create anomalies layer in *Maps** {kibana-pull}122862[#122862] +* Adds options to exclude or include frozen data tier for Anomaly detection and Index data visualizer {kibana-pull}122306[#122306] +* Editing semi-structured text fields in grok pattern {kibana-pull}122274[#122274] +* Adds extra search deep links for nodes overview and file upload {kibana-pull}121740[#121740] +* Replace navigation bar with a side nav {kibana-pull}121652[#121652] +* File data visualizer reduce chunk size for slow processors {kibana-pull}121353[#121353] +* Adds ability to save session to Index data visualizer {kibana-pull}121053[#121053] +* Overview page redesign {kibana-pull}120966[#120966] +* Adds *Maps* UI action to Index data visualizer/*Discover* Field statistics {kibana-pull}120846[#120846] +* Adds auto generated drill down link to *Discover* for Anomaly explorer table {kibana-pull}120450[#120450] +* Adds multilayer time axis style to Data visualizer doc count chart {kibana-pull}117398[#117398] + +Management:: +* Transforms: Add call out warning & delete option if a task exists for a transform without a config {kibana-pull}123407[#123407] +* Adds warnings for actions for managed Anomaly detection jobs and Transforms {kibana-pull}122305[#122305] +* Refresh frequency refinements {kibana-pull}122125[#122125] +* Configure refresh frequency {kibana-pull}121874[#121874] +* Geo point field formatter {kibana-pull}121821[#121821] +* Adds links to docs {kibana-pull}121066[#121066] +* Highlight the tutorial example text with console syntax {kibana-pull}120474[#120474] +* Compress mappings response size for autocomplete {kibana-pull}120456[#120456] +* Handle binary data response {kibana-pull}119586[#119586] +* Improve error handling when local storage quota is full {kibana-pull}118495[#118495] +* Error handling {kibana-pull}109233[#109233] + +Maps:: +* Adds Shapefile import {kibana-pull}123764[#123764] +* Should be able to zoom in on selected range of timeslider {kibana-pull}122131[#122131] +* Delete button should be toggleable in Edit Features {kibana-pull}122017[#122017] +* Change "show as" from EuiSelect to EuiButtonGroup {kibana-pull}121960[#121960] +* Format counts {kibana-pull}119646[#119646] +* Convert maki icons to SDF sprites on-the-fly {kibana-pull}119245[#119245] +* Convert HeatmapLayer to vector tiles and add support for high resolution grids {kibana-pull}119070[#119070] +* Make the icon for max results limit more evident {kibana-pull}118044[#118044] +* Enable on-prem for *Vega* {kibana-pull}104422[#104422] + +Monitoring:: +Compatibility for agent data streams {kibana-pull}119112[#119112] + +Observability:: +* Adds Tail-based sampling settings {kibana-pull}124025[#124025] +* UI Monitor Management - Add namespace field {kibana-pull}123248[#123248] +* Default alert connectors email settings {kibana-pull}123244[#123244] +* Only show span.sync badge when relevant {kibana-pull}123038[#123038] +* Optimize waffle map {kibana-pull}122889[#122889] +* APM UI changes for serverless services / AWS lambda {kibana-pull}122775[#122775] +* Update the style of the service/backend info icons in the selected service/backend header {kibana-pull}122587[#122587] +* Adds basic infra metrics config {kibana-pull}120881[#120881] +* Adds comparision to service maps popover {kibana-pull}120839[#120839] +* Link originating service in traces list table {kibana-pull}120768[#120768] +* Prefer `service.name` for logs correlation {kibana-pull}120694[#120694] +* Query numerator & denominator simultaneously for log threshold alerts {kibana-pull}107566[#107566] + +Operations:: +Improves the file logging capabilities so that missing directories in the configured file path are now created before {kib} attempts to write to the file {kibana-pull}117666[#117666] + +Platform:: +* Add a new `elasticsearch.compression` configuration property to enable compression for communications between {kib} and {es} {kibana-pull}124009[#124009] +* Adds support of comments {kibana-pull}122457[#122457] +* Adds support for PNG and PDF reports on Darwin Arm64 architecture {kibana-pull}122057[#122057] +* Short URL client is now accessible on the frontend through plugin contract. *Dashboard* and *Discover* shared short URLs now contain a three word, human-readable slug {kibana-pull}121886[#121886] +* Adds the ability to add URL drilldowns to *Dashboard* panels {kibana-pull}121801[#121801] +* Adds a new structure to the report details flyout to help you find information faster {kibana-pull}120617[#120617] +* Adds HTML tag and impact level to axe-core CI violation reporter {kibana-pull}119903[#119903] +* Exposes {es} accuracy warnings to the user {kibana-pull}116632[#116632] + +Querying & Filtering:: +Improves the version field type {kibana-pull}123739[#123739] + +Security:: +* Audit logs now include records for individual saved objects when an entire space is deleted {kibana-pull}124145[#124145] +* User login audit events now include the session ID for better correlation, and single sign-on flows no longer result in an extra `user_logout` event {kibana-pull}124299[#124299] + +[float] +[[fixes-v8.1.0]] +=== Bug Fixes +Alerting:: +* Fixes the pagination results for fetching existing alerts {kibana-pull}122474[#122474] +* Running disabled rules are now skipped {kibana-pull}119239[#119239] + +Canvas:: +* Fixes an issue where the image repeat element was not updating {kibana-pull}118701[#118701] +* Fixes an issue where *Canvas* validated values before saving variables {kibana-pull}118694[#118694] + +Dashboard:: +Adds the listing page callout when new dashboards are in progress {kibana-pull}117237[#117237] + +Discover:: +* Adds the ability to close the expanded document sidebar when you change data views {kibana-pull}119736[#119736] +* Fixes search on page load tests {kibana-pull}119087[#119087] + +Elastic Security:: +For the Elastic Security 8.1.0 release information, refer to {security-guide}/release-notes.html[_Elastic Security Solution Release Notes_]. + +Enterprise Search:: +For the Elastic Enterprise Search 8.1.0 release information, refer to {enterprise-search-ref}/changelog.html[_Elastic Enterprise Search Documentation Release notes_]. + +Fleet:: +* Readded missing packages to keep up to date list {kibana-pull}125787[#125787] +* Trimmed whitespace from package policy names {kibana-pull}125400[#125400] + +Lens & Visualizations:: +* Fixes some dashboard visualizations that could show "Could not located index pattern" errors when copied from one space to another {kibana-pull}126499[#126499] +* Rarity is not allowed in some cases in *Lens* {kibana-pull}125523[#125523] +* Fixes formatting logic for terms in *Lens* {kibana-pull}125408[#125408] +* Fixes focus on submitting filter popover in *Lens* {kibana-pull}125247[#125247] +* Fixes agg filter for sibling pipeline aggs {kibana-pull}125227[#125227] +* Panel intervals are now used for annotations in *TSVB* {kibana-pull}125222[#125222] +* Outdated inspector data is now hidden in *Vega* {kibana-pull}125051[#125051] +* *Vega* visualizations are no longer missing in sample data reports {kibana-pull}124886[#124886] +* Lucene queries on dashboards are now accepted on annotations and tables in *TSVB* {kibana-pull}124802[#124802] +* Top values now work for custom numeric formatters in *Lens* {kibana-pull}124566[#124566] +* Coloring tooltip in Heatmap is now working for `">= n"` values in *Visualize Library* {kibana-pull}124521[#124521] +* Fixes a metric contrast issue in *TSVB* {kibana-pull}124509[#124509] +* Do not refresh session on "now" drift on incoming data in *Lens* {kibana-pull}124389[#124389] +* Coloring tooltips in Pie are not properly positioned in *Visualize* {kibana-pull}124330[#124330] +* Label placeholder always defaults to the lens proposed text in *Lens* {kibana-pull}124222[#124222] +* Show warning for completely static formula in *Lens* {kibana-pull}124213[#124213] +* Adds step value to make Safari validation work properly in *Lens* {kibana-pull}124210[#124210] +* Guard against parse failures in *Visualize* {kibana-pull}124209[#124209] +* Fixes heatmap suggestions in *Lens* {kibana-pull}124099[#124099] +* Fixes the percentage format for percentiles series {kibana-pull}124098[#124098] +* Displays custom bounds error for right axis when lower bound is above 0 in *Lens* {kibana-pull}124037[#124037] +* Clicking a series agg timeseries chart split by terms should not create a filter in *TSVB* {kibana-pull}124031[#124031] +* Save default data view in *TSVB* {kibana-pull}123997[#123997] +* Switch default bar width to 0px in *TSVB* {kibana-pull}123926[#123926] +* Formatting in the left axis is not respected when I have two separate axis in *TSVB* {kibana-pull}123903[#123903] +* Fixes series containing colon in *TSVB* {kibana-pull}123897[#123897] +* Fixes records field name and migrate in *Lens* {kibana-pull}123894[#123894] +* Hides ticks on the y axis for layers with the same format and different template in *TSVB* {kibana-pull}123598[#123598] +* Various fixes for Lens embeddables in *Lens* {kibana-pull}123587[#123587] +* Make sure session is updated and passed to the embeddable in *Visualize* {kibana-pull}123538[#123538] +* Fixes time range issue on save in *Lens* {kibana-pull}123536[#123536] +* Report override data views to the dashboard in *TSVB* {kibana-pull}123530[#123530] +* Handle ignore daylight time correctly and fix shift problem in *TSVB* {kibana-pull}123398[#123398] +* AggConfigs: Make base id check more stable {kibana-pull}123367[#123367] +* TSVB fix flickering {kibana-pull}122921[#122921] +* Hide tooltips while dragging dimensions in *Lens* {kibana-pull}122198[#122198] +* Make sure saved search id is carried over to saved object {kibana-pull}121082[#121082] +* Paginate through index patterns {kibana-pull}120972[#120972] +* Show generic error for invalid time shift string in *Lens* {kibana-pull}120077[#120077] +* Improves column type detection in table for alignment in *Lens* {kibana-pull}120007[#120007] +* Fixes the broken "aggregate function" in *TSVB* table {kibana-pull}119967[#119967] +* Hide fit from suggestions in *Timelion* {kibana-pull}119568[#119568] +* Match visualization type to first series type when available {kibana-pull}119377[#119377] +* Timelion & vega apply dataview from first filter in *Vega* {kibana-pull}119209[#119209] +* Reset filter state whenever group-by changed in *TSVB* {kibana-pull}118953[#118953] +* Prevent KQL Popovers From Stacking in *Lens* {kibana-pull}118258[#118258] +* Improves outside label placement for pie/donut charts in *Lens* {kibana-pull}115966[#115966] + +Machine Learning:: +* Fixes permission check for 'View examples' link from Anomaly detection explorer page {kibana-pull}125090[#125090] +* Fixes auto-refresh interval {kibana-pull}124851[#124851] +* Fixes permission check for Discover/data view redirect from Anomaly detection explorer page {kibana-pull}124408[#124408] +* Fixes breadcrumbs inconsistencies and titles capitalisation {kibana-pull}123019[#123019] + +Management:: +* Update painless antlr grammar for fields API $-syntax {kibana-pull}125818[#125818] +* Adds permission check for 'Set as default data view' button on data view detail page {kibana-pull}124897[#124897] +* In *Index Management*, index details now display previously missing values for the number of deleted documents and the primary storage size {kibana-pull}124731[#124731] +* Transforms: Fix retention policy reset {kibana-pull}124698[#124698] +* Transforms: Fix sort on field names containing dots not applied in wizard preview grid {kibana-pull}124587[#124587] +* Transforms: Fix refresh when transform list is filtered {kibana-pull}124267[#124267] +* Fixes autocomplete inserting comma in triple quotes {kibana-pull}123572[#123572] +* Encode pathname {kibana-pull}122080[#122080] +* Autocomplete missing comma on correct location {kibana-pull}121611[#121611] +* Fixes wrong values in field format editor; fix wrong value formatting in field preview {kibana-pull}121300[#121300] +* Fixes autocomplete suggestions for lowercase methods and other related bug {kibana-pull}121033[#121033] +* Fixes autocomplete suggestions for repository of type `fs` (typo) {kibana-pull}120775[#120775] +* Fixes editor error while adding second request {kibana-pull}120593[#120593] +* Dev Tools Console: Expose the error_trace parameter for completion {kibana-pull}120290[#120290] +* Auto complete for script suggests deprecated query type {kibana-pull}120283[#120283] +* Fixes "Expected one of GET/POST/PUT/DELETE/HEAD" for lowercase methods {kibana-pull}120209[#120209] +* Make the Define script label non clickable {kibana-pull}119947[#119947] +* Fixes error markers in editor output {kibana-pull}119831[#119831] +* Change suggestions for Sampler and Diversified sampler aggregations {kibana-pull}119355[#119355] +* Adds Autocompletion for boxplot aggregation in Kibana Dev tools {kibana-pull}117024[#117024] +* Adds overrides for request parameters for Logstash PUT Pipeline API {kibana-pull}116450[#116450] +* @timestamp as default for timestamp field name in index pattern {kibana-pull}116126[#116126] + +Maps:: +* Fixes vector tile URL not properly encoded {kibana-pull}126208[#126208] +* Allows feature editing with vector tile scaling {kibana-pull}123409[#123409] +* Fixes Error rendering cluster layer of geoshape documents styled by category {kibana-pull}123308[#123308] +* Fetch geometry from fields API {kibana-pull}122431[#122431] +* Fixes vector tile double counting geo_shapes that cross tile boundaries {kibana-pull}121703[#121703] +* Refactor map telemetry to incrementally calculate usage stats {kibana-pull}121467[#121467] +* Fixes creating filter from array fields {kibana-pull}119548[#119548] + +Monitoring:: +* Stronger typing for monitoring configs {kibana-pull}125467[#125467] +* Fixes Alerts and Rules menu persisting to other apps {kibana-pull}124291[#124291] +* Fixes Logstash Pipeline hover timestamp isn't visible {kibana-pull}123091[#123091] +* Fixes date picker range options {kibana-pull}121295[#121295] + +Observability:: +* Set display names for columns and fix reason message {kibana-pull}124570[#124570] +* Rename Backend to Dependency {kibana-pull}124067[#124067] +* Enable parseTechnicalFields to accept partial alert documents {kibana-pull}123983[#123983] +* Include error documents in fallback query for services {kibana-pull}123554[#123554] +* Rewrite the data fetching for Inventory Threshold rule {kibana-pull}123095[#123095] +* Optimizations for Inventory Threshold Alerts {kibana-pull}122460[#122460] +* Increase composite size to 10K for Metric Threshold Rule and optimize processing {kibana-pull}121904[#121904] +* Fixes missing EUI theme in context {kibana-pull}121796[#121796] +* Rename alerting types in triggers_actions_ui {kibana-pull}121107[#121107] +* Fixes loading message for correlations table {kibana-pull}120921[#120921] +* Prefer host.name over host.hostname {kibana-pull}119952[#119952] + +Platform:: +* Improve `bfetch` error handling {kibana-pull}123455[#123455] +* Fixes a CSV export Reporting issue where expensive queries were used to collect the data when they were not needed {kibana-pull}123412[#123412] +* Fixes URL drilldown placeholder text and add placeholder capability to Monaco {kibana-pull}121420[#121420] +* Consider expired tasks invalid {kibana-pull}119664[#119664] +* `columns`. Fixes Bugs caused by using name instead of ID {kibana-pull}118470[#118470] + +Security:: +User login audit events now include the session ID for better correlation, and single sign-on flows no longer result in an extra `user_logout` event {kibana-pull}124299[#124299] --- [[release-notes-8.0.0]] == {kib} 8.0.0 @@ -30,8 +3947,6 @@ Review the {kib} 8.0.0 changes, then use the {kibana-ref-all}/7.17/upgrade-assis Breaking changes can prevent your application from optimal operation and performance. Before you upgrade to 8.0.0, review the breaking change, then mitigate the impact to your application. -// tag::notable-breaking-changes[] - [discrete] [[breaking-123754]] .Removes the `console.ssl` setting @@ -44,9 +3959,6 @@ The `console.ssl` setting has been removed. For more information, refer to {kiba Before you upgrade to 8.0.0, remove `console.ssl` from kibana.yml. ==== -// end::notable-breaking-changes[] - - To review the breaking changes in previous versions, refer to the following: <> | <> | <> | <> | diff --git a/packages/kbn-securitysolution-grouping/src/components/accordion_panel/helpers.ts b/packages/kbn-securitysolution-grouping/src/components/accordion_panel/helpers.ts deleted file mode 100644 index e9e7453068ebe..0000000000000 --- a/packages/kbn-securitysolution-grouping/src/components/accordion_panel/helpers.ts +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0 and the Server Side Public License, v 1; you may not use this file except - * in compliance with, at your election, the Elastic License 2.0 or the Server - * Side Public License, v 1. - */ - -export const createGroupFilter = (selectedGroup: string, query?: string | null) => - query && selectedGroup - ? [ - { - meta: { - alias: null, - disabled: false, - key: selectedGroup, - negate: false, - params: { - query, - }, - type: 'phrase', - }, - query: { - match_phrase: { - [selectedGroup]: { - query, - }, - }, - }, - }, - ] - : []; - -export const getNullGroupFilter = (selectedGroup: string) => [ - { - meta: { - disabled: false, - negate: true, - alias: null, - key: selectedGroup, - field: selectedGroup, - value: 'exists', - type: 'exists', - }, - query: { - exists: { - field: selectedGroup, - }, - }, - }, -]; diff --git a/packages/kbn-securitysolution-grouping/src/components/accordion_panel/index.test.tsx b/packages/kbn-securitysolution-grouping/src/components/accordion_panel/index.test.tsx index ae5a722742ec3..effc032ea0c1f 100644 --- a/packages/kbn-securitysolution-grouping/src/components/accordion_panel/index.test.tsx +++ b/packages/kbn-securitysolution-grouping/src/components/accordion_panel/index.test.tsx @@ -8,8 +8,9 @@ import { fireEvent, render } from '@testing-library/react'; import { GroupPanel } from '.'; -import { createGroupFilter, getNullGroupFilter } from './helpers'; +import { createGroupFilter, getNullGroupFilter } from '../../containers/query/helpers'; import React from 'react'; +import { groupingBucket } from '../../mocks'; const onToggleGroup = jest.fn(); const renderChildComponent = jest.fn(); @@ -20,40 +21,10 @@ const testProps = { isLoading: false, isNullGroup: false, groupBucket: { + ...groupingBucket, selectedGroup, - key: [ruleName, ruleName], - key_as_string: `${ruleName}|${ruleName}`, - doc_count: 98, - hostsCountAggregation: { - value: 5, - }, - ruleTags: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [], - }, - alertsCount: { - value: 98, - }, - rulesCountAggregation: { - value: 1, - }, - severitiesSubAggregation: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [ - { - key: 'low', - doc_count: 98, - }, - ], - }, - countSeveritySubAggregation: { - value: 1, - }, - usersCountAggregation: { - value: 98, - }, + key: [ruleName], + key_as_string: `${ruleName}`, }, renderChildComponent, selectedGroup, @@ -68,7 +39,7 @@ describe('grouping accordion panel', () => { const { getByTestId } = render(); expect(getByTestId('grouping-accordion')).toBeInTheDocument(); expect(renderChildComponent).toHaveBeenCalledWith( - createGroupFilter(testProps.selectedGroup, ruleName) + createGroupFilter(testProps.selectedGroup, [ruleName]) ); }); it('creates the query for the selectedGroup attribute when the group is null', () => { @@ -82,8 +53,7 @@ describe('grouping accordion panel', () => { {...testProps} groupBucket={{ ...testProps.groupBucket, - // @ts-expect-error - key: null, + selectedGroup: 'wrong-group', }} /> ); diff --git a/packages/kbn-securitysolution-grouping/src/components/accordion_panel/index.tsx b/packages/kbn-securitysolution-grouping/src/components/accordion_panel/index.tsx index 81a46c56a6b0e..f51bec6f2c84b 100644 --- a/packages/kbn-securitysolution-grouping/src/components/accordion_panel/index.tsx +++ b/packages/kbn-securitysolution-grouping/src/components/accordion_panel/index.tsx @@ -9,9 +9,8 @@ import { EuiAccordion, EuiFlexGroup, EuiFlexItem, EuiTitle, EuiIconTip } from '@elastic/eui'; import type { Filter } from '@kbn/es-query'; import React, { useCallback, useEffect, useMemo, useRef } from 'react'; -import { firstNonNullValue } from '../../helpers'; import type { GroupingBucket } from '../types'; -import { createGroupFilter, getNullGroupFilter } from './helpers'; +import { createGroupFilter, getNullGroupFilter } from '../../containers/query/helpers'; interface GroupPanelProps { customAccordionButtonClassName?: string; @@ -41,9 +40,11 @@ const DefaultGroupPanelRenderer = ({ }) => (
- + -

{title}

+

+ {title} +

{isNullGroup && nullGroupMessage && ( @@ -81,17 +82,23 @@ const GroupPanelComponent = ({ lastForceState.current = 'open'; } }, [onGroupClose, forceState, selectedGroup]); - const groupFieldValue = useMemo( - () => (groupBucket.selectedGroup === selectedGroup ? firstNonNullValue(groupBucket.key) : null), - [groupBucket.key, groupBucket.selectedGroup, selectedGroup] + const groupFieldValue = useMemo<{ asString: string | null; asArray: string[] | null }>( + () => + groupBucket.selectedGroup === selectedGroup + ? { + asString: groupBucket.key_as_string, + asArray: groupBucket.key, + } + : { asString: null, asArray: null }, + [groupBucket.key, groupBucket.key_as_string, groupBucket.selectedGroup, selectedGroup] ); const groupFilters = useMemo( () => isNullGroup ? getNullGroupFilter(selectedGroup) - : createGroupFilter(selectedGroup, groupFieldValue), - [groupFieldValue, isNullGroup, selectedGroup] + : createGroupFilter(selectedGroup, groupFieldValue.asArray), + [groupFieldValue.asArray, isNullGroup, selectedGroup] ); const onToggle = useCallback( @@ -103,14 +110,14 @@ const GroupPanelComponent = ({ [groupBucket, onToggleGroup] ); - return !groupFieldValue ? null : ( + return !groupFieldValue.asString ? null : ( {groupPanelRenderer ?? ( @@ -123,7 +130,7 @@ const GroupPanelComponent = ({ extraAction={extraAction} forceState={forceState} isLoading={isLoading} - id={`group${groupingLevel}-${groupFieldValue}`} + id={`group${groupingLevel}-${groupFieldValue.asString}`} onToggle={onToggle} paddingSize="m" > diff --git a/packages/kbn-securitysolution-grouping/src/components/grouping.test.tsx b/packages/kbn-securitysolution-grouping/src/components/grouping.test.tsx index 151b83e45cfd5..2b581ed774d5d 100644 --- a/packages/kbn-securitysolution-grouping/src/components/grouping.test.tsx +++ b/packages/kbn-securitysolution-grouping/src/components/grouping.test.tsx @@ -10,7 +10,7 @@ import { fireEvent, render, within } from '@testing-library/react'; import React from 'react'; import { I18nProvider } from '@kbn/i18n-react'; import { Grouping } from './grouping'; -import { createGroupFilter, getNullGroupFilter } from './accordion_panel/helpers'; +import { createGroupFilter, getNullGroupFilter } from '../containers/query/helpers'; import { METRIC_TYPE } from '@kbn/analytics'; import { getTelemetryEvent } from '../telemetry/const'; @@ -79,12 +79,12 @@ describe('grouping container', () => { fireEvent.click(group1); expect(renderChildComponent).toHaveBeenNthCalledWith( 1, - createGroupFilter(testProps.selectedGroup, host1Name) + createGroupFilter(testProps.selectedGroup, [host1Name]) ); fireEvent.click(group2); expect(renderChildComponent).toHaveBeenNthCalledWith( 2, - createGroupFilter(testProps.selectedGroup, host2Name) + createGroupFilter(testProps.selectedGroup, [host2Name]) ); }); diff --git a/packages/kbn-securitysolution-grouping/src/components/grouping.tsx b/packages/kbn-securitysolution-grouping/src/components/grouping.tsx index 74cc899121b91..ca5a4e2f50e9b 100644 --- a/packages/kbn-securitysolution-grouping/src/components/grouping.tsx +++ b/packages/kbn-securitysolution-grouping/src/components/grouping.tsx @@ -17,19 +17,19 @@ import type { Filter } from '@kbn/es-query'; import React, { useMemo, useState } from 'react'; import { METRIC_TYPE, UiCounterMetricType } from '@kbn/analytics'; import { defaultUnit, firstNonNullValue } from '../helpers'; -import { createGroupFilter, getNullGroupFilter } from './accordion_panel/helpers'; +import { createGroupFilter, getNullGroupFilter } from '../containers/query/helpers'; import { GroupPanel } from './accordion_panel'; import { GroupStats } from './accordion_panel/group_stats'; import { EmptyGroupingComponent } from './empty_results_panel'; import { countCss, groupingContainerCss, groupingContainerCssLevel } from './styles'; import { GROUPS_UNIT, NULL_GROUP } from './translations'; -import type { GroupingAggregation, GroupPanelRenderer } from './types'; -import { GroupStatsRenderer, OnGroupToggle } from './types'; +import type { ParsedGroupingAggregation, GroupPanelRenderer } from './types'; +import { GroupingBucket, GroupStatsRenderer, OnGroupToggle } from './types'; import { getTelemetryEvent } from '../telemetry/const'; export interface GroupingProps { activePage: number; - data?: GroupingAggregation; + data?: ParsedGroupingAggregation; groupPanelRenderer?: GroupPanelRenderer; groupSelector?: JSX.Element; // list of custom UI components which correspond to your custom rendered metrics aggregations @@ -92,7 +92,7 @@ const GroupingComponent = ({ const groupPanels = useMemo( () => - data?.groupByFields?.buckets?.map((groupBucket, groupNumber) => { + data?.groupByFields?.buckets?.map((groupBucket: GroupingBucket, groupNumber) => { const group = firstNonNullValue(groupBucket.key); const groupKey = `group-${groupNumber}-${group}`; const isNullGroup = groupBucket.isNullGroup ?? false; @@ -112,7 +112,10 @@ const GroupingComponent = ({ groupFilter={ isNullGroup ? getNullGroupFilter(selectedGroup) - : createGroupFilter(selectedGroup, group) + : createGroupFilter( + selectedGroup, + Array.isArray(groupBucket.key) ? groupBucket.key : [groupBucket.key] + ) } groupNumber={groupNumber} statRenderers={ diff --git a/packages/kbn-securitysolution-grouping/src/components/types.ts b/packages/kbn-securitysolution-grouping/src/components/types.ts index c22f32e73aa56..6987a09c083f8 100644 --- a/packages/kbn-securitysolution-grouping/src/components/types.ts +++ b/packages/kbn-securitysolution-grouping/src/components/types.ts @@ -6,7 +6,6 @@ * Side Public License, v 1. */ -// copied from common/search_strategy/common export interface GenericBuckets { key: string | string[]; key_as_string?: string; // contains, for example, formatted dates @@ -17,15 +16,16 @@ export const NONE_GROUP_KEY = 'none'; export type RawBucket = GenericBuckets & T; export type GroupingBucket = RawBucket & { + key: string[]; + key_as_string: string; selectedGroup: string; isNullGroup?: boolean; }; /** Defines the shape of the aggregation returned by Elasticsearch */ -// TODO: write developer docs for these fields export interface RootAggregation { groupByFields?: { - buckets?: Array>; + buckets?: Array>; }; groupsCount?: { value?: number | null; @@ -38,6 +38,12 @@ export interface RootAggregation { }; } +export type ParsedRootAggregation = RootAggregation & { + groupByFields?: { + buckets?: Array>; + }; +}; + export type GroupingFieldTotalAggregation = Record< string, { @@ -47,6 +53,8 @@ export type GroupingFieldTotalAggregation = Record< >; export type GroupingAggregation = RootAggregation & GroupingFieldTotalAggregation; +export type ParsedGroupingAggregation = ParsedRootAggregation & + GroupingFieldTotalAggregation; export interface BadgeMetric { value: number; diff --git a/packages/kbn-securitysolution-grouping/src/containers/query/helpers.test.ts b/packages/kbn-securitysolution-grouping/src/containers/query/helpers.test.ts new file mode 100644 index 0000000000000..c83cf813ef6c6 --- /dev/null +++ b/packages/kbn-securitysolution-grouping/src/containers/query/helpers.test.ts @@ -0,0 +1,35 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +import { createGroupFilter } from './helpers'; + +const selectedGroup = 'host.name'; +describe('createGroupFilter', () => { + it('returns an array of Filter objects with correct meta and query properties when values and selectedGroup are truthy', () => { + const values = ['host1', 'host2']; + const result = createGroupFilter(selectedGroup, values); + expect(result).toHaveLength(3); + expect(result[0].meta.key).toBe(selectedGroup); + expect(result[0].query.script.script.params.field).toBe(selectedGroup); + expect(result[0].query.script.script.params.size).toBe(values.length); + expect(result[1].meta.key).toBe(selectedGroup); + expect(result[1].query.match_phrase[selectedGroup].query).toBe(values[0]); + expect(result[2].meta.key).toBe(selectedGroup); + expect(result[2].query.match_phrase[selectedGroup].query).toBe(values[1]); + }); + + it('returns an empty array when values is an empty array and selectedGroup is truthy', () => { + const result = createGroupFilter(selectedGroup, []); + expect(result).toHaveLength(0); + }); + + it('returns an empty array when values is null and selectedGroup is truthy', () => { + const result = createGroupFilter(selectedGroup, null); + expect(result).toHaveLength(0); + }); +}); diff --git a/packages/kbn-securitysolution-grouping/src/containers/query/helpers.ts b/packages/kbn-securitysolution-grouping/src/containers/query/helpers.ts index 0de0e66fe3df0..530af49c7e6f0 100644 --- a/packages/kbn-securitysolution-grouping/src/containers/query/helpers.ts +++ b/packages/kbn-securitysolution-grouping/src/containers/query/helpers.ts @@ -6,32 +6,82 @@ * Side Public License, v 1. */ -import { ES_FIELD_TYPES } from '@kbn/field-types'; -/** - * Returns a tuple of values according to the `esType` param, these values are meant to be applied in the _missing_ - * property of the query aggregation of the grouping, to look up for missing values in the response buckets. - * These values do not need to be anything in particular, the only requirement is they have to be 2 different values that validate against the field type. - */ -export function getFieldTypeMissingValues(esType: string[]): [number, number] | [string, string] { - const knownType: ES_FIELD_TYPES = esType[0] as ES_FIELD_TYPES; - switch (knownType) { - case ES_FIELD_TYPES.BYTE: - case ES_FIELD_TYPES.DOUBLE: - case ES_FIELD_TYPES.INTEGER: - case ES_FIELD_TYPES.LONG: - case ES_FIELD_TYPES.FLOAT: - case ES_FIELD_TYPES.HALF_FLOAT: - case ES_FIELD_TYPES.SCALED_FLOAT: - case ES_FIELD_TYPES.SHORT: - case ES_FIELD_TYPES.UNSIGNED_LONG: - case ES_FIELD_TYPES.DATE: - case ES_FIELD_TYPES.DATE_NANOS: - return [0, 1]; - case ES_FIELD_TYPES.IP: - return ['0.0.0.0', '::']; - default: - return ['-', '--']; - } -} - +import { Filter, FILTERS } from '@kbn/es-query'; export const getEmptyValue = () => '—'; + +type StrictFilter = Filter & { + query: Record; +}; + +export const createGroupFilter = ( + selectedGroup: string, + values?: string[] | null +): StrictFilter[] => + values != null && values.length > 0 + ? values.reduce( + (acc: StrictFilter[], query) => [ + ...acc, + { + meta: { + alias: null, + disabled: false, + key: selectedGroup, + negate: false, + params: { + query, + }, + type: 'phrase', + }, + query: { + match_phrase: { + [selectedGroup]: { + query, + }, + }, + }, + }, + ], + [ + { + meta: { + alias: null, + disabled: false, + type: FILTERS.CUSTOM, + negate: false, + key: selectedGroup, + }, + query: { + script: { + script: { + // this will give us an exact match for events with multiple values on the group field + // for example, when values === ['a'], we match events with ['a'], but not ['a', 'b', 'c'] + source: "doc[params['field']].size()==params['size']", + params: { + field: selectedGroup, + size: values.length, + }, + }, + }, + }, + }, + ] + ) + : []; + +export const getNullGroupFilter = (selectedGroup: string): StrictFilter[] => [ + { + meta: { + disabled: false, + negate: true, + alias: null, + key: selectedGroup, + value: 'exists', + type: 'exists', + }, + query: { + exists: { + field: selectedGroup, + }, + }, + }, +]; diff --git a/packages/kbn-securitysolution-grouping/src/containers/query/index.test.ts b/packages/kbn-securitysolution-grouping/src/containers/query/index.test.ts index 5ec51efb62d5f..be7bd25f63730 100644 --- a/packages/kbn-securitysolution-grouping/src/containers/query/index.test.ts +++ b/packages/kbn-securitysolution-grouping/src/containers/query/index.test.ts @@ -10,6 +10,7 @@ import type { GroupingQueryArgs } from './types'; import { getGroupingQuery, parseGroupingQuery } from '.'; import { getEmptyValue } from './helpers'; import { GroupingAggregation } from '../../..'; +import { groupingBucket } from '../../mocks'; const testProps: GroupingQueryArgs = { additionalFilters: [], @@ -55,7 +56,7 @@ const testProps: GroupingQueryArgs = { pageNumber: 0, rootAggregations: [], runtimeMappings: {}, - selectedGroupEsTypes: ['keyword'], + uniqueValue: 'whatAGreatAndUniqueValue', size: 25, to: '2023-02-23T06:59:59.999Z', }; @@ -63,14 +64,11 @@ describe('group selector', () => { beforeEach(() => { jest.clearAllMocks(); }); - it('Sets multi terms query with missing argument for 2 default values', () => { + it('Sets runtime field and terms query', () => { const result = getGroupingQuery(testProps); - result.aggs.groupByFields?.multi_terms?.terms.forEach((term, i) => { - expect(term).toEqual({ - field: 'host.name', - missing: i === 0 ? '-' : '--', - }); - }); + + expect(result.runtime_mappings.groupByField.script.params.selectedGroup).toEqual('host.name'); + expect(result.aggs.groupByFields.aggs).toEqual({ bucket_truncate: { bucket_sort: { from: 0, size: 25 } }, alertsCount: { cardinality: { field: 'kibana.alert.uuid' } }, @@ -137,100 +135,120 @@ describe('group selector', () => { }); expect(result.query.bool.filter.length).toEqual(2); }); - it('Uses 0/1 for number fields', () => { - const result = getGroupingQuery({ ...testProps, selectedGroupEsTypes: ['long'] }); - result.aggs.groupByFields?.multi_terms?.terms.forEach((term, i) => { - expect(term).toEqual({ - field: 'host.name', - missing: i === 0 ? 0 : 1, - }); - }); - }); - it('Uses 0.0.0.0/:: for ip fields', () => { - const result = getGroupingQuery({ ...testProps, selectedGroupEsTypes: ['ip'] }); - result.aggs.groupByFields?.multi_terms?.terms.forEach((term, i) => { - expect(term).toEqual({ - field: 'host.name', - missing: i === 0 ? '0.0.0.0' : '::', - }); - }); - }); + const groupingAggs = { groupByFields: { buckets: [ { - key: ['20.80.64.28', '20.80.64.28'], - key_as_string: '20.80.64.28|20.80.64.28', - selectedGroup: 'source.ip', - doc_count: 75, + ...groupingBucket, + key: '20.80.64.28', }, { - key: ['0.0.0.0', '0.0.0.0'], - key_as_string: '0.0.0.0|0.0.0.0', - selectedGroup: 'source.ip', - doc_count: 75, + ...groupingBucket, + key: '0.0.0.0', }, { - key: ['0.0.0.0', '::'], - key_as_string: '0.0.0.0|::', - selectedGroup: 'source.ip', - doc_count: 75, + ...groupingBucket, + key: testProps.uniqueValue, }, ], }, unitsCount: { value: 100, }, - unitsCountWithoutNull: { - value: 100, - }, groupsCount: { value: 20, }, }; it('parseGroupingQuery finds and flags the null group', () => { - const result = parseGroupingQuery('source.ip', groupingAggs); + const result = parseGroupingQuery('source.ip', testProps.uniqueValue, groupingAggs); expect(result).toEqual({ groupByFields: { buckets: [ { + ...groupingBucket, key: ['20.80.64.28'], key_as_string: '20.80.64.28', selectedGroup: 'source.ip', - doc_count: 75, }, { + ...groupingBucket, key: ['0.0.0.0'], key_as_string: '0.0.0.0', selectedGroup: 'source.ip', - doc_count: 75, }, { + ...groupingBucket, key: [getEmptyValue()], key_as_string: getEmptyValue(), selectedGroup: 'source.ip', isNullGroup: true, - doc_count: 75, }, ], }, unitsCount: { value: 100, }, - unitsCountWithoutNull: { - value: 100, - }, groupsCount: { value: 20, }, }); }); - it('parseGroupingQuery adjust group count when null field group is present', () => { - const result: GroupingAggregation<{}> = parseGroupingQuery('source.ip', { + it('parseGroupingQuery parses and formats fields witih multiple values', () => { + const multiValuedAggs = { ...groupingAggs, - unitsCountWithoutNull: { value: 99 }, - }); + groupByFields: { + buckets: [ + { + ...groupingBucket, + key: `20.80.64.28${testProps.uniqueValue}0.0.0.0${testProps.uniqueValue}1.1.1.1`, + }, + { + ...groupingBucket, + key: `0.0.0.0`, + }, + { + ...groupingBucket, + key: `ip.with,comma${testProps.uniqueValue}ip.without.comma`, + }, + ], + }, + }; + const result: GroupingAggregation<{}> = parseGroupingQuery( + 'source.ip', + testProps.uniqueValue, + multiValuedAggs + ); - expect(result.groupsCount?.value).toEqual(21); + expect(result).toEqual({ + groupByFields: { + buckets: [ + { + ...groupingBucket, + key: ['20.80.64.28', '0.0.0.0', '1.1.1.1'], + key_as_string: '20.80.64.28, 0.0.0.0, 1.1.1.1', + selectedGroup: 'source.ip', + }, + { + ...groupingBucket, + key: ['0.0.0.0'], + key_as_string: '0.0.0.0', + selectedGroup: 'source.ip', + }, + { + ...groupingBucket, + key: ['ip.with,comma', 'ip.without.comma'], + key_as_string: 'ip.with,comma, ip.without.comma', + selectedGroup: 'source.ip', + }, + ], + }, + unitsCount: { + value: 100, + }, + groupsCount: { + value: 20, + }, + }); }); }); diff --git a/packages/kbn-securitysolution-grouping/src/containers/query/index.ts b/packages/kbn-securitysolution-grouping/src/containers/query/index.ts index 49afbff5ec902..bc866ea34c7d7 100644 --- a/packages/kbn-securitysolution-grouping/src/containers/query/index.ts +++ b/packages/kbn-securitysolution-grouping/src/containers/query/index.ts @@ -6,8 +6,8 @@ * Side Public License, v 1. */ -import { getEmptyValue, getFieldTypeMissingValues } from './helpers'; -import { GroupingAggregation } from '../..'; +import { getEmptyValue } from './helpers'; +import { GroupingAggregation, ParsedGroupingAggregation } from '../..'; import type { GroupingQueryArgs, GroupingQuery } from './types'; /** The maximum number of groups to render */ export const DEFAULT_GROUP_BY_FIELD_SIZE = 10; @@ -26,11 +26,11 @@ export const MAX_QUERY_SIZE = 10000; * @param rootAggregations Top level aggregations to get the groups number or overall groups metrics. * Array of {@link NamedAggregation} * @param runtimeMappings mappings of runtime fields [see runtimeMappings]{@link GroupingQueryArgs.runtimeMappings} - * @param selectedGroupEsTypes array of selected group types * @param size number of grouping results per page * @param sort add one or more sorts on specific fields * @param statsAggregations group level aggregations which correspond to {@link GroupStatsRenderer} configuration * @param to ending timestamp + * @param uniqueValue unique value to use for crazy query magic * * @returns query dsl {@link GroupingQuery} */ @@ -42,32 +42,40 @@ export const getGroupingQuery = ({ pageNumber, rootAggregations, runtimeMappings, - selectedGroupEsTypes, size = DEFAULT_GROUP_BY_FIELD_SIZE, sort, statsAggregations, to, + uniqueValue, }: GroupingQueryArgs): GroupingQuery => ({ size: 0, + runtime_mappings: { + ...runtimeMappings, + groupByField: { + type: 'keyword', + script: { + source: + // when size()==0, emits a uniqueValue as the value to represent this group else join by uniqueValue. + "if (doc[params['selectedGroup']].size()==0) { emit(params['uniqueValue']) }" + + // Else, join the values with uniqueValue. We cannot simply emit the value like doc[params['selectedGroup']].value, + // the runtime field will only return the first value in an array. + // The docs advise that if the field has multiple values, "Scripts can call the emit method multiple times to emit multiple values." + // However, this gives us a group for each value instead of combining the values like we're aiming for. + // Instead of .value, we can retrieve all values with .join(). + // Instead of joining with a "," we should join with a unique value to avoid splitting a value that happens to contain a ",". + // We will format into a proper array in parseGroupingQuery . + " else { emit(doc[params['selectedGroup']].join(params['uniqueValue']))}", + params: { + selectedGroup: groupByField, + uniqueValue, + }, + }, + }, + }, aggs: { groupByFields: { - multi_terms: { - terms: [ - // by looking up multiple missing values, we can ensure we're not overwriting an existing group with the default value - { - field: groupByField, - // the AggregationsMultiTermLookup type is wrong in the elasticsearch node package - // when this issues is resolved, we can remove these ts expect errors - // https://github.com/elastic/elasticsearch/issues/95628 - // @ts-expect-error - missing: getFieldTypeMissingValues(selectedGroupEsTypes)[0], - }, - { - field: groupByField, - // @ts-expect-error - missing: getFieldTypeMissingValues(selectedGroupEsTypes)[1], - }, - ], + terms: { + field: 'groupByField', size: MAX_QUERY_SIZE, }, aggs: { @@ -84,14 +92,8 @@ export const getGroupingQuery = ({ }, }, - unitsCountWithoutNull: { value_count: { field: groupByField } }, - unitsCount: { - value_count: { - field: groupByField, - missing: getFieldTypeMissingValues(selectedGroupEsTypes)[0], - }, - }, - groupsCount: { cardinality: { field: groupByField } }, + unitsCount: { value_count: { field: 'groupByField' } }, + groupsCount: { cardinality: { field: 'groupByField' } }, ...(rootAggregations ? rootAggregations.reduce((aggObj, subAgg) => Object.assign(aggObj, subAgg), {}) @@ -112,7 +114,6 @@ export const getGroupingQuery = ({ ], }, }, - runtime_mappings: runtimeMappings, _source: false, }); @@ -120,46 +121,45 @@ export const getGroupingQuery = ({ * Parses the grouping query response to add the isNullGroup * flag to the buckets and to format the bucket keys * @param selectedGroup from the grouping query - * @param aggs aggs returned from the grouping query + * @param uniqueValue from the grouping query + * @param aggs aggregation response from the grouping query */ export const parseGroupingQuery = ( selectedGroup: string, + uniqueValue: string, aggs?: GroupingAggregation -): GroupingAggregation | {} => { +): ParsedGroupingAggregation | {} => { if (!aggs) { return {}; } const groupByFields = aggs?.groupByFields?.buckets?.map((group) => { - if (!Array.isArray(group.key)) { - return group; - } const emptyValue = getEmptyValue(); - // If the keys are different means that the `missing` values of the multi_terms aggregation have been applied, we use the default empty string. - // If the keys are equal means the `missing` values have not been applied, they are stored values. - return group.key[0] === group.key[1] - ? { - ...group, - key: [group.key[0]], - selectedGroup, - key_as_string: group.key[0], - } - : { - ...group, - key: [emptyValue], - selectedGroup, - key_as_string: emptyValue, - isNullGroup: true, - }; + if (group.key === uniqueValue) { + return { + ...group, + key: [emptyValue], + selectedGroup, + key_as_string: emptyValue, + isNullGroup: true, + }; + } + // doing isArray check for TS + // the key won't be an array, runtime fields cannot be multivalued + const groupKey = Array.isArray(group.key) ? group.key[0] : group.key; + const valueAsArray = groupKey.split(uniqueValue); + return { + ...group, + key: valueAsArray, + selectedGroup, + key_as_string: valueAsArray.join(', '), + }; }); return { ...aggs, groupByFields: { buckets: groupByFields }, groupsCount: { - value: - (aggs.unitsCount?.value !== aggs.unitsCountWithoutNull?.value - ? (aggs.groupsCount?.value ?? 0) + 1 - : aggs.groupsCount?.value) ?? 0, + value: aggs.groupsCount?.value ?? 0, }, }; }; diff --git a/packages/kbn-securitysolution-grouping/src/containers/query/types.ts b/packages/kbn-securitysolution-grouping/src/containers/query/types.ts index 4a370094d0d5c..095bf90ea01e8 100644 --- a/packages/kbn-securitysolution-grouping/src/containers/query/types.ts +++ b/packages/kbn-securitysolution-grouping/src/containers/query/types.ts @@ -6,7 +6,11 @@ * Side Public License, v 1. */ -import type { MappingRuntimeFields } from '@elastic/elasticsearch/lib/api/typesWithBodyKey'; +import type { + InlineScript, + MappingRuntimeField, + MappingRuntimeFields, +} from '@elastic/elasticsearch/lib/api/typesWithBodyKey'; import type { BoolQuery } from '@kbn/es-query'; import type * as estypes from '@elastic/elasticsearch/lib/api/typesWithBodyKey'; @@ -28,7 +32,7 @@ export interface GroupingQueryArgs { runtimeMappings?: MappingRuntimeFields; additionalAggregationsRoot?: NamedAggregation[]; pageNumber?: number; - selectedGroupEsTypes: string[]; + uniqueValue: string; size?: number; sort?: Array<{ [category: string]: { order: 'asc' | 'desc' } }>; statsAggregations?: NamedAggregation[]; @@ -38,10 +42,18 @@ export interface GroupingQueryArgs { export interface MainAggregation extends NamedAggregation { groupByFields: { aggs: NamedAggregation; - multi_terms: estypes.AggregationsAggregationContainer['multi_terms']; + terms: estypes.AggregationsAggregationContainer['terms']; }; } +export interface GroupingRuntimeField extends MappingRuntimeField { + script: InlineScript & { + params: Record; + }; +} + +type GroupingMappingRuntimeFields = Record<'groupByField', GroupingRuntimeField>; + export interface GroupingQuery extends estypes.QueryDslQueryContainer { aggs: MainAggregation; query: { @@ -49,7 +61,7 @@ export interface GroupingQuery extends estypes.QueryDslQueryContainer { filter: Array; }; }; - runtime_mappings: MappingRuntimeFields | undefined; + runtime_mappings: MappingRuntimeFields & GroupingMappingRuntimeFields; size: number; _source: boolean; } diff --git a/packages/kbn-securitysolution-grouping/src/mocks.ts b/packages/kbn-securitysolution-grouping/src/mocks.ts new file mode 100644 index 0000000000000..e9d9469cc6b68 --- /dev/null +++ b/packages/kbn-securitysolution-grouping/src/mocks.ts @@ -0,0 +1,26 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +export const groupingBucket = { + key: '192.168.0.4', + doc_count: 75, + hostsCountAggregation: { value: 1 }, + rulesCountAggregation: { value: 32 }, + unitsCount: { value: 1920 }, + severitiesSubAggregation: { + doc_count_error_upper_bound: 0, + sum_other_doc_count: 0, + buckets: [ + { key: 'critical', doc_count: 480 }, + { key: 'high', doc_count: 480 }, + { key: 'low', doc_count: 480 }, + { key: 'medium', doc_count: 480 }, + ], + }, + countSeveritySubAggregation: { value: 4 }, +}; diff --git a/packages/kbn-securitysolution-grouping/tsconfig.json b/packages/kbn-securitysolution-grouping/tsconfig.json index efecb457f96de..6322bf0596c70 100644 --- a/packages/kbn-securitysolution-grouping/tsconfig.json +++ b/packages/kbn-securitysolution-grouping/tsconfig.json @@ -26,6 +26,5 @@ "@kbn/shared-svg", "@kbn/ui-theme", "@kbn/analytics", - "@kbn/field-types" ] } diff --git a/x-pack/plugins/cloud_defend/public/common/utils.test.ts b/x-pack/plugins/cloud_defend/public/common/utils.test.ts index 7e93728eee3b8..ede1dfec5b421 100644 --- a/x-pack/plugins/cloud_defend/public/common/utils.test.ts +++ b/x-pack/plugins/cloud_defend/public/common/utils.test.ts @@ -57,6 +57,7 @@ describe('getSelectorConditions', () => { expect(options.includes('targetFilePath')).toBeTruthy(); // check that process specific conditions are not included + expect(options.includes('processName')).toBeFalsy(); expect(options.includes('processExecutable')).toBeFalsy(); expect(options.includes('sessionLeaderInteractive')).toBeFalsy(); }); @@ -73,6 +74,7 @@ describe('getSelectorConditions', () => { expect(options.includes('targetFilePath')).toBeFalsy(); // check that process specific conditions are not included + expect(options.includes('processName')).toBeTruthy(); expect(options.includes('processExecutable')).toBeTruthy(); expect(options.includes('sessionLeaderInteractive')).toBeTruthy(); }); diff --git a/x-pack/plugins/cloud_defend/public/common/utils.ts b/x-pack/plugins/cloud_defend/public/common/utils.ts index e1477ee5fe0b1..2e10d8982f82e 100644 --- a/x-pack/plugins/cloud_defend/public/common/utils.ts +++ b/x-pack/plugins/cloud_defend/public/common/utils.ts @@ -5,6 +5,7 @@ * 2.0. */ import yaml from 'js-yaml'; +import { uniq } from 'lodash'; import { NewPackagePolicy } from '@kbn/fleet-plugin/public'; import { i18n } from '@kbn/i18n'; import { errorBlockActionRequiresTargetFilePath } from '../components/control_general_view/translations'; @@ -209,7 +210,7 @@ export function validateStringValuesForCondition(condition: SelectorCondition, v } }); - return errors; + return uniq(errors); } export function getRestrictedValuesForCondition( diff --git a/x-pack/plugins/cloud_defend/public/components/control_general_view/index.test.tsx b/x-pack/plugins/cloud_defend/public/components/control_general_view/index.test.tsx index 9244286de0e67..c8ca5d281f954 100644 --- a/x-pack/plugins/cloud_defend/public/components/control_general_view/index.test.tsx +++ b/x-pack/plugins/cloud_defend/public/components/control_general_view/index.test.tsx @@ -47,7 +47,7 @@ describe('', () => { const json = yaml.load(configuration); expect(json.file.selectors.length).toBe(getAllByTestId('cloud-defend-selector').length); - expect(json.file.responses.length).toBe(getAllByTestId('cloud-defend-response').length); + expect(json.file.responses.length).toBe(getAllByTestId('cloud-defend-file-response').length); expect(json.file.selectors.length).toBe(3); expect(json.file.responses.length).toBe(2); } catch (err) { @@ -93,7 +93,31 @@ describe('', () => { try { const json = yaml.load(configuration); - expect(json.file.responses.length).toBe(getAllByTestId('cloud-defend-response').length); + expect(json.file.responses.length).toBe(getAllByTestId('cloud-defend-file-response').length); + } catch (err) { + throw err; + } + }); + + it('allows a user to add a process response', async () => { + const { getAllByTestId, getByTestId, rerender } = render(); + + userEvent.click(getByTestId('cloud-defend-btnAddResponse')); + await waitFor(() => userEvent.click(getByTestId('cloud-defend-btnAddProcessResponse'))); + + const policy = onChange.mock.calls[0][0].updatedPolicy; + + rerender(); + + const input = getInputFromPolicy(policy, INPUT_CONTROL); + const configuration = input?.vars?.configuration?.value; + + try { + const json = yaml.load(configuration); + + expect(json.process.responses.length).toBe( + getAllByTestId('cloud-defend-process-response').length + ); } catch (err) { throw err; } @@ -130,6 +154,26 @@ describe('', () => { expect(getByTitle('Remove excludeCustomNginxBuild3 from selection in this group')).toBeTruthy(); }); + it('removes a selector from a match/exclude list of a response if it is deleted', async () => { + const { getByTestId, getAllByTestId } = render(); + const btnSelectorPopover = getAllByTestId('cloud-defend-btnselectorpopover')[0]; + btnSelectorPopover.click(); + + await waitFor(() => getByTestId('cloud-defend-btndeleteselector').click()); + + const policy = onChange.mock.calls[0][0].updatedPolicy; + const input = getInputFromPolicy(policy, INPUT_CONTROL); + const configuration = input?.vars?.configuration?.value; + + try { + const json = yaml.load(configuration); + + expect(json.file.responses[0].match).toHaveLength(1); + } catch (err) { + throw err; + } + }); + it('doesnt blow up if invalid yaml passed in', async () => { const { queryAllByTestId } = render( @@ -149,4 +193,24 @@ describe('', () => { userEvent.click(getByTestId('cloud-defend-btnAddSelector')); expect(getByTestId('cloud-defend-btnAddFileSelector')).toBeDisabled(); }); + + it('allows the user to duplicate the selector', async () => { + const { getByTestId, getAllByTestId } = render(); + const btnSelectorPopover = getAllByTestId('cloud-defend-btnselectorpopover')[0]; + btnSelectorPopover.click(); + + await waitFor(() => getByTestId('cloud-defend-btnduplicateselector').click()); + const policy = onChange.mock.calls[0][0].updatedPolicy; + const input = getInputFromPolicy(policy, INPUT_CONTROL); + const configuration = input?.vars?.configuration?.value; + + try { + const json = yaml.load(configuration); + + expect(json.file.selectors).toHaveLength(4); + expect(json.file.selectors[3].name).toEqual(json.file.selectors[0].name + '1'); + } catch (err) { + throw err; + } + }); }); diff --git a/x-pack/plugins/cloud_defend/public/components/control_general_view/translations.ts b/x-pack/plugins/cloud_defend/public/components/control_general_view/translations.ts index 2cb349e1804e2..aae5e8d921025 100644 --- a/x-pack/plugins/cloud_defend/public/components/control_general_view/translations.ts +++ b/x-pack/plugins/cloud_defend/public/components/control_general_view/translations.ts @@ -124,6 +124,22 @@ export const unusedSelectorHelp = i18n.translate('xpack.cloudDefend.unusedSelect defaultMessage: 'This selector is not in use by any response.', }); +export const errorInvalidTargetFilePath = i18n.translate( + 'xpack.cloudDefend.errorInvalidTargetFilePath', + { + defaultMessage: + '"Target file path" values must use absolute paths. A trailing * wildcard may be used to match all files in the target directory. Use double ** to match all files recursively. e.g /etc/**', + } +); + +export const errorInvalidProcessExecutable = i18n.translate( + 'xpack.cloudDefend.errorInvalidProcessExecutable', + { + defaultMessage: + '"Process executable" values must use absolute paths. A trailing * wildcard may be used to match all files in the target directory. Use double ** to match all files recursively. e.g /usr/bin/**', + } +); + export const errorInvalidPodLabel = i18n.translate('xpack.cloudDefend.errorInvalidPodLabel', { defaultMessage: 'Kubernetes pod label values must have the format: "key:value". A wildcard "*" can be used at the end of the value. e.g. "key:val*". To match on an empty label value, use "key:".', diff --git a/x-pack/plugins/cloud_defend/public/components/control_general_view_response/index.test.tsx b/x-pack/plugins/cloud_defend/public/components/control_general_view_response/index.test.tsx index 099ce4a1c2a2e..aabf4e25599b3 100644 --- a/x-pack/plugins/cloud_defend/public/components/control_general_view_response/index.test.tsx +++ b/x-pack/plugins/cloud_defend/public/components/control_general_view_response/index.test.tsx @@ -24,7 +24,7 @@ describe('', () => { const mockSelector: Selector = { type: 'file', name: 'mock', - operation: ['createExecutable'], + operation: ['createFile'], }; const mockSelector2: Selector = { @@ -33,12 +33,25 @@ describe('', () => { operation: ['modifyExecutable'], }; + const mockSelector3: Selector = { + type: 'file', + name: 'mock3', + operation: ['createFile'], + targetFilePath: ['/**'], + }; + const mockExclude: Selector = { type: 'file', name: 'mockExclude', containerImageName: ['nginx'], }; + const mockProcessSelector: Selector = { + type: 'process', + name: 'mockProcess', + operation: ['exec'], + }; + const mockResponse: Response = { type: 'file', match: [mockSelector.name], @@ -51,6 +64,18 @@ describe('', () => { actions: ['alert', 'block'], }; + const mockResponse3: Response = { + type: 'file', + match: [mockSelector3.name], + actions: ['alert', 'block'], + }; + + const mockProcessResponse: Response = { + type: 'process', + match: [mockProcessSelector.name], + actions: ['alert', 'block'], + }; + const WrappedComponent = ({ response = { ...mockResponse }, responses, @@ -62,9 +87,9 @@ describe('', () => { ', () => { const options = getByTestId( 'comboBoxOptionsList cloud-defend-responsematch-optionsList' ).querySelectorAll('.euiComboBoxOption__content'); - expect(options).toHaveLength(2); + expect(options).toHaveLength(3); expect(options[0].textContent).toBe('mock2'); userEvent.click(options[0]); @@ -110,8 +135,9 @@ describe('', () => { const updatedOptions = getByTestId( 'comboBoxOptionsList cloud-defend-responsematch-optionsList' ).querySelectorAll('.euiComboBoxOption__content'); - expect(updatedOptions).toHaveLength(1); - expect(updatedOptions[0].textContent).toContain('mockExclude'); + expect(updatedOptions).toHaveLength(2); + expect(updatedOptions[0].textContent).toContain('mock3'); + expect(updatedOptions[1].textContent).toContain('mockExclude'); }); it('ensures there is at least 1 selector to match', () => { @@ -141,11 +167,12 @@ describe('', () => { '.euiComboBoxOption__content' ) ); - expect(options).toHaveLength(2); + expect(options).toHaveLength(3); expect(options[0].textContent).toBe('mock2'); - expect(options[1].textContent).toBe('mockExclude'); + expect(options[1].textContent).toBe('mock3'); + expect(options[2].textContent).toBe('mockExclude'); - userEvent.click(options[1]); + userEvent.click(options[2]); updatedResponse = onChange.mock.calls[0][0]; rerender(); @@ -158,7 +185,7 @@ describe('', () => { options = getByTestId( 'comboBoxOptionsList cloud-defend-responsematch-optionsList' ).querySelectorAll('.euiComboBoxOption__content'); - expect(options).toHaveLength(1); + expect(options).toHaveLength(2); expect(options[0].textContent).toBe('mock2'); }); @@ -175,6 +202,25 @@ describe('', () => { expect(response.actions).toContain('block'); }); + it('doesnt show block action for process responses', () => { + const { findByTestId } = render(); + const checkBox = findByTestId('cloud-defend-chkblockaction'); + + expect(checkBox).toMatchObject({}); + }); + + it('shows an error if user is using block w/o targetFilePath', () => { + const { getByText } = render(); + + expect(getByText(i18n.errorBlockActionRequiresTargetFilePath)).toBeTruthy(); + }); + + it('shows a warning if user is using block w targetFilePath /**', () => { + const { getByText } = render(); + + expect(getByText(i18n.warningFIMUsingSlashStarStarTitle)).toBeTruthy(); + }); + it('allows the user to remove the response', async () => { const { getByTestId } = render(); const btnPopover = getByTestId('cloud-defend-btnresponsepopover'); diff --git a/x-pack/plugins/cloud_defend/public/components/control_general_view_response/index.tsx b/x-pack/plugins/cloud_defend/public/components/control_general_view_response/index.tsx index d01b8efa219b6..05ab2dca5fc60 100644 --- a/x-pack/plugins/cloud_defend/public/components/control_general_view_response/index.tsx +++ b/x-pack/plugins/cloud_defend/public/components/control_general_view_response/index.tsx @@ -255,7 +255,7 @@ export const ControlGeneralViewResponse = ({ id={'response_' + index} forceState={accordionState} onToggle={onToggleAccordion} - data-test-subj="cloud-defend-response" + data-test-subj={`cloud-defend-${response.type}-response`} paddingSize="m" buttonContent={ diff --git a/x-pack/plugins/cloud_defend/public/components/control_general_view_selector/index.test.tsx b/x-pack/plugins/cloud_defend/public/components/control_general_view_selector/index.test.tsx index df99541546c57..e54047a169a6e 100644 --- a/x-pack/plugins/cloud_defend/public/components/control_general_view_selector/index.test.tsx +++ b/x-pack/plugins/cloud_defend/public/components/control_general_view_selector/index.test.tsx @@ -5,7 +5,7 @@ * 2.0. */ import React from 'react'; -import { act, render, waitFor } from '@testing-library/react'; +import { act, render, waitFor, fireEvent } from '@testing-library/react'; import { coreMock } from '@kbn/core/public/mocks'; import userEvent from '@testing-library/user-event'; import { TestProvider } from '../../test/test_provider'; @@ -22,20 +22,32 @@ describe('', () => { // defining this here to avoid a warning in testprovider with params.history changing on rerender. const params = coreMock.createAppMountParameters(); - const mockSelector: Selector = { + const mockFileSelector: Selector = { type: 'file', - name: 'mock', + name: 'mockFile', operation: ['createExecutable'], }; - const mockSelector2: Selector = { + const mockFileSelector2: Selector = { type: 'file', - name: 'mock2', + name: 'mockFile2', operation: ['createExecutable', 'modifyExecutable'], }; + const mockProcessSelector: Selector = { + type: 'process', + name: 'mockProcess', + operation: ['exec'], + }; + + const mockProcessSelector2: Selector = { + type: 'process', + name: 'mockProcess2', + operation: [], + }; + const WrappedComponent = ({ - selector = { ...mockSelector }, + selector = { ...mockFileSelector }, selectors, }: { selector?: Selector; @@ -44,7 +56,7 @@ describe('', () => { return ( ', () => { expect(getByTestId('cloud-defend-selectorcondition-operation')).toBeTruthy(); }); + it('allows the user to change a selector name', () => { + const { getByTestId } = render(); + + const input = getByTestId('cloud-defend-selectorcondition-name'); + input.focus(); + + fireEvent.change(input, { target: { value: 'newName' } }); + + const updatedSelector: Selector = onChange.mock.calls[0][0]; + + expect(updatedSelector.name).toEqual('newName'); + }); + it('renders a badge to show that the selector is unused', () => { const { getByText } = render(); expect(getByText(i18n.unusedSelector)).toBeTruthy(); }); - it('allows the user to add a limited set of operations', () => { + it('allows the user to add a limited set of file operations', () => { const { getByTestId, rerender } = render(); getByTestId('cloud-defend-selectorcondition-operation').click(); @@ -107,6 +132,36 @@ describe('', () => { expect(updatedOptions).toHaveLength(3); }); + it('allows the user to add a limited set of process operations', () => { + const { getByTestId, rerender } = render(); + + getByTestId('cloud-defend-selectorcondition-operation').click(); + getByTestId('comboBoxSearchInput').focus(); + + const options = getByTestId( + 'comboBoxOptionsList cloud-defend-selectorcondition-operation-optionsList' + ).querySelectorAll('.euiComboBoxOption__content'); + expect(options).toHaveLength(2); + expect(options[0].textContent).toBe('fork'); + expect(options[1].textContent).toBe('exec'); + + act(() => { + userEvent.click(options[1]); // select exec + }); + + const updatedSelector: Selector = onChange.mock.calls[0][0]; + + rerender(); + + expect(updatedSelector.operation).toContain('exec'); + + // test that only 1 option is remaining + const updatedOptions = getByTestId( + 'comboBoxOptionsList cloud-defend-selectorcondition-operation-optionsList' + ).querySelectorAll('.euiComboBoxOption__content'); + expect(updatedOptions).toHaveLength(1); + }); + it('allows the user add additional conditions', async () => { const { getByTestId, rerender } = render(); const addConditionBtn = getByTestId('cloud-defend-btnaddselectorcondition'); @@ -222,6 +277,203 @@ describe('', () => { expect(getByText('"targetFilePath" values cannot exceed 255 bytes')).toBeTruthy(); }); + it('validates targetFilePath conditions values', async () => { + const { findByText, getByText, getByTestId, rerender } = render(); + + const addConditionBtn = getByTestId('cloud-defend-btnaddselectorcondition'); + addConditionBtn.click(); + + await waitFor(() => getByText('Target file path').click()); + + let updatedSelector: Selector = onChange.mock.calls[0][0]; + + rerender(); + + const el = getByTestId('cloud-defend-selectorcondition-targetFilePath').querySelector('input'); + + const errorStr = i18n.errorInvalidTargetFilePath; + + if (el) { + userEvent.type(el, '/usr/bin/**{enter}'); + } else { + throw new Error("Can't find input"); + } + + updatedSelector = onChange.mock.calls[1][0]; + rerender(); + + expect(findByText(errorStr)).toMatchObject({}); + + userEvent.type(el, '/*{enter}'); + updatedSelector = onChange.mock.calls[2][0]; + rerender(); + + expect(findByText(errorStr)).toMatchObject({}); + + userEvent.type(el, 'badpath{enter}'); + updatedSelector = onChange.mock.calls[3][0]; + + rerender(); + + expect(getByText(errorStr)).toBeTruthy(); + }); + + it('validates processExecutable conditions values', async () => { + const { findByText, getByText, getByTestId, rerender } = render( + + ); + + const addConditionBtn = getByTestId('cloud-defend-btnaddselectorcondition'); + addConditionBtn.click(); + + await waitFor(() => getByText('Process executable').click()); + + let updatedSelector: Selector = onChange.mock.calls[0][0]; + + rerender(); + + const el = getByTestId('cloud-defend-selectorcondition-processExecutable').querySelector( + 'input' + ); + + const errorStr = i18n.errorInvalidProcessExecutable; + + if (el) { + userEvent.type(el, '/usr/bin/**{enter}'); + } else { + throw new Error("Can't find input"); + } + + updatedSelector = onChange.mock.calls[1][0]; + rerender(); + + expect(findByText(errorStr)).toMatchObject({}); + + userEvent.type(el, '/*{enter}'); + updatedSelector = onChange.mock.calls[2][0]; + rerender(); + + expect(findByText(errorStr)).toMatchObject({}); + + userEvent.type(el, '/usr/bin/ls{enter}'); + updatedSelector = onChange.mock.calls[3][0]; + rerender(); + + expect(findByText(errorStr)).toMatchObject({}); + + userEvent.type(el, 'badpath{enter}'); + updatedSelector = onChange.mock.calls[4][0]; + + rerender(); + + expect(getByText(errorStr)).toBeTruthy(); + }); + + it('validates containerImageFullName conditions values', async () => { + const { findByText, getByText, getByTestId, rerender } = render(); + + const addConditionBtn = getByTestId('cloud-defend-btnaddselectorcondition'); + addConditionBtn.click(); + + await waitFor(() => getByText('Container image full name').click()); + + let updatedSelector: Selector = onChange.mock.calls[0][0]; + + rerender(); + + const el = getByTestId('cloud-defend-selectorcondition-containerImageFullName').querySelector( + 'input' + ); + + const errorStr = i18n.errorInvalidFullContainerImageName; + + if (el) { + userEvent.type(el, 'docker.io/nginx{enter}'); + } else { + throw new Error("Can't find input"); + } + + updatedSelector = onChange.mock.calls[1][0]; + rerender(); + + expect(findByText(errorStr)).toMatchObject({}); + + userEvent.type(el, 'nginx{enter}'); + updatedSelector = onChange.mock.calls[2][0]; + rerender(); + + expect(getByText(errorStr)).toBeTruthy(); + }); + + it('validates kubernetesPodLabel conditions values', async () => { + const { findByText, getByText, getByTestId, rerender } = render(); + + const addConditionBtn = getByTestId('cloud-defend-btnaddselectorcondition'); + addConditionBtn.click(); + + await waitFor(() => getByText('Kubernetes pod label').click()); + + let updatedSelector: Selector = onChange.mock.calls[0][0]; + + rerender(); + + const el = getByTestId('cloud-defend-selectorcondition-kubernetesPodLabel').querySelector( + 'input' + ); + + const errorStr = i18n.errorInvalidPodLabel; + + if (el) { + userEvent.type(el, 'key1:value1{enter}'); + } else { + throw new Error("Can't find input"); + } + + updatedSelector = onChange.mock.calls[1][0]; + rerender(); + + expect(findByText(errorStr)).toMatchObject({}); + + userEvent.type(el, 'key1:value*{enter}'); + updatedSelector = onChange.mock.calls[2][0]; + rerender(); + + userEvent.type(el, 'key1*:value{enter}'); + updatedSelector = onChange.mock.calls[3][0]; + rerender(); + + userEvent.type(el, '{backspace}key1{enter}'); + updatedSelector = onChange.mock.calls[5][0]; + rerender(); + + expect(getByText(errorStr)).toBeTruthy(); + }); + + it('prevents processName conditions from having values that exceed 15 bytes', async () => { + const { getByText, getByTestId, rerender } = render( + + ); + + const addConditionBtn = getByTestId('cloud-defend-btnaddselectorcondition'); + addConditionBtn.click(); + + await waitFor(() => getByText('Process name').click()); + + const updatedSelector: Selector = onChange.mock.calls[0][0]; + + rerender(); + + const el = getByTestId('cloud-defend-selectorcondition-processName').querySelector('input'); + + if (el) { + userEvent.type(el, new Array(17).join('a') + '{enter}'); + } else { + throw new Error("Can't find input"); + } + + expect(getByText('"processName" values cannot exceed 15 bytes')).toBeTruthy(); + }); + it('shows an error if condition values fail their pattern regex', async () => { const { getByText, getByTestId, rerender } = render(); @@ -276,7 +528,7 @@ describe('', () => { onRemove.mockClear(); - rerender(); + rerender(); // try and delete again, and ensure the last selector can't be deleted. btnSelectorPopover.click(); @@ -284,14 +536,26 @@ describe('', () => { expect(onRemove.mock.calls).toHaveLength(0); }); - it('allows the user to duplicate the selector', async () => { - const { getByTestId } = render(); - const btnSelectorPopover = getByTestId('cloud-defend-btnselectorpopover'); - btnSelectorPopover.click(); + it('allows the user to expand/collapse selector', async () => { + const { getByText, getByTestId, findByTestId } = render(); + const title = getByText(mockFileSelector.name); + const selector = getByTestId('cloud-defend-selector'); + + // should start as closed. + // there are two mock selectors, and the last one will auto open + expect(selector.querySelector('.euiAccordion-isOpen')).toBeFalsy(); + + const count = getByTestId('cloud-defend-conditions-count'); + expect(count).toBeTruthy(); + expect(count.childNodes[0]).toHaveTextContent('Conditions:'); + expect(count.childNodes[1]).toHaveTextContent('1'); + expect(count.querySelector(`[title^='operation']`)).toBeTruthy(); + + act(() => title.click()); - await waitFor(() => getByTestId('cloud-defend-btnduplicateselector').click()); + waitFor(() => expect(selector.querySelector('.euiAccordion-isOpen')).toBeTruthy()); - expect(onDuplicate.mock.calls).toHaveLength(1); - expect(onDuplicate.mock.calls[0][0]).toEqual(mockSelector); + const noCount = findByTestId('cloud-defend-conditions-count'); + expect(noCount).toMatchObject({}); }); }); diff --git a/x-pack/plugins/cloud_defend/public/components/control_general_view_selector/index.tsx b/x-pack/plugins/cloud_defend/public/components/control_general_view_selector/index.tsx index 80ffff0a3bd6a..a7db0be56ccab 100644 --- a/x-pack/plugins/cloud_defend/public/components/control_general_view_selector/index.tsx +++ b/x-pack/plugins/cloud_defend/public/components/control_general_view_selector/index.tsx @@ -396,14 +396,14 @@ export const ControlGeneralViewSelector = ({
{accordionState === 'closed' && ( - <> +
{i18n.conditions} {conditionsAdded.length} - +
)} {!usedByResponse && ( diff --git a/x-pack/plugins/cloud_defend/public/components/fleet_extensions/package_policy_replace_define_step_extension.tsx b/x-pack/plugins/cloud_defend/public/components/fleet_extensions/package_policy_replace_define_step_extension.tsx new file mode 100644 index 0000000000000..a5855f3d051ed --- /dev/null +++ b/x-pack/plugins/cloud_defend/public/components/fleet_extensions/package_policy_replace_define_step_extension.tsx @@ -0,0 +1,24 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import React, { memo } from 'react'; +import type { PackagePolicyReplaceDefineStepExtensionComponentProps } from '@kbn/fleet-plugin/public/types'; +import { PolicySettings } from '../policy_settings'; + +export const CloudDefendFleetPolicyReplaceDefineStepExtension = + memo( + ({ newPolicy, onChange }: PackagePolicyReplaceDefineStepExtensionComponentProps) => { + const policy = JSON.parse(JSON.stringify(newPolicy)); + + return ; + } + ); + +CloudDefendFleetPolicyReplaceDefineStepExtension.displayName = + 'CloudDefendFleetPolicyReplaceDefineStepExtension'; + +// eslint-disable-next-line import/no-default-export +export { CloudDefendFleetPolicyReplaceDefineStepExtension as default }; diff --git a/x-pack/plugins/cloud_defend/public/components/fleet_extensions/policy_extension_create.tsx b/x-pack/plugins/cloud_defend/public/components/fleet_extensions/policy_extension_create.tsx deleted file mode 100644 index 1de04cf513b73..0000000000000 --- a/x-pack/plugins/cloud_defend/public/components/fleet_extensions/policy_extension_create.tsx +++ /dev/null @@ -1,20 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ -import React, { memo } from 'react'; -import type { PackagePolicyCreateExtensionComponentProps } from '@kbn/fleet-plugin/public'; -import { PolicySettings } from '../policy_settings'; - -export const CloudDefendCreatePolicyExtension = memo( - ({ newPolicy, onChange }) => { - return ; - } -); - -CloudDefendCreatePolicyExtension.displayName = 'CloudDefendCreatePolicyExtension'; - -// eslint-disable-next-line import/no-default-export -export { CloudDefendCreatePolicyExtension as default }; diff --git a/x-pack/plugins/cloud_defend/public/components/fleet_extensions/policy_extension_edit.tsx b/x-pack/plugins/cloud_defend/public/components/fleet_extensions/policy_extension_edit.tsx deleted file mode 100644 index 8de06ae9255a5..0000000000000 --- a/x-pack/plugins/cloud_defend/public/components/fleet_extensions/policy_extension_edit.tsx +++ /dev/null @@ -1,20 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ -import React, { memo } from 'react'; -import type { PackagePolicyEditExtensionComponentProps } from '@kbn/fleet-plugin/public'; -import { PolicySettings } from '../policy_settings'; - -export const CloudDefendEditPolicyExtension = memo( - ({ newPolicy, onChange }) => { - return ; - } -); - -CloudDefendEditPolicyExtension.displayName = 'CloudDefendEditPolicyExtension'; - -// eslint-disable-next-line import/no-default-export -export { CloudDefendEditPolicyExtension as default }; diff --git a/x-pack/plugins/cloud_defend/public/components/policy_settings/index.test.tsx b/x-pack/plugins/cloud_defend/public/components/policy_settings/index.test.tsx index f7a10a3ec99d0..f4d0a4ddc6b5b 100644 --- a/x-pack/plugins/cloud_defend/public/components/policy_settings/index.test.tsx +++ b/x-pack/plugins/cloud_defend/public/components/policy_settings/index.test.tsx @@ -28,6 +28,36 @@ describe('', () => { onChange.mockClear(); }); + it('allows user to set name of integration', () => { + const { getByTestId } = render(); + const input = getByTestId('cloud-defend-policy-name'); + + if (input) { + userEvent.type(input, '1'); + } else { + throw new Error("Can't find input"); + } + + const { updatedPolicy } = onChange.mock.calls[0][0]; + + expect(updatedPolicy.name).toEqual('some-cloud_defend-policy1'); + }); + + it('allows user to set description of integration', () => { + const { getByTestId } = render(); + const input = getByTestId('cloud-defend-policy-description'); + + if (input) { + userEvent.type(input, '1'); + } else { + throw new Error("Can't find input"); + } + + const { updatedPolicy } = onChange.mock.calls[0][0]; + + expect(updatedPolicy.description).toEqual('1'); + }); + it('renders a checkbox to toggle BPF/LSM control mechanism', () => { const { getByTestId } = render(); const input = getByTestId('cloud-defend-controltoggle'); diff --git a/x-pack/plugins/cloud_defend/public/components/policy_settings/index.tsx b/x-pack/plugins/cloud_defend/public/components/policy_settings/index.tsx index 5b47bf12e87d7..6c1e6abdc93cb 100644 --- a/x-pack/plugins/cloud_defend/public/components/policy_settings/index.tsx +++ b/x-pack/plugins/cloud_defend/public/components/policy_settings/index.tsx @@ -4,49 +4,111 @@ * 2.0; you may not use this file except in compliance with the Elastic License * 2.0. */ -import React, { useCallback, useMemo } from 'react'; -import { EuiSwitch, EuiSpacer, EuiText, EuiFlexGroup, EuiFlexItem } from '@elastic/eui'; +import React, { useCallback, FormEvent, useState } from 'react'; +import { + EuiTextArea, + EuiSwitch, + EuiSpacer, + EuiText, + EuiFlexGroup, + EuiFlexItem, + EuiForm, + EuiFormRow, + EuiFieldText, + EuiHorizontalRule, +} from '@elastic/eui'; import { INPUT_CONTROL } from '../../../common/constants'; import { getInputFromPolicy } from '../../common/utils'; import * as i18n from './translations'; import { ControlSettings } from '../control_settings'; -import type { SettingsDeps } from '../../types'; +import { SettingsDeps, OnChangeDeps } from '../../types'; export const PolicySettings = ({ policy, onChange }: SettingsDeps) => { + const [policyHasErrors, setPolicyHasErrors] = useState(false); const controlInput = getInputFromPolicy(policy, INPUT_CONTROL); const controlEnabled = !!controlInput?.enabled; - const policyCopy = useMemo(() => JSON.parse(JSON.stringify(policy)), [policy]); - const onToggleEnabled = useCallback( (e) => { if (controlInput) { controlInput.enabled = e.target.checked; - onChange({ isValid: true, updatedPolicy: policy }); + onChange({ isValid: !policyHasErrors, updatedPolicy: { ...policy } }); } }, - [controlInput, onChange, policy] + [controlInput, onChange, policyHasErrors, policy] + ); + + const onNameChange = useCallback( + (event: FormEvent) => { + const name = event.currentTarget.value; + + onChange({ isValid: !policyHasErrors, updatedPolicy: { ...policy, name } }); + }, + [onChange, policyHasErrors, policy] + ); + + const onDescriptionChange = useCallback( + (event: FormEvent) => { + const description = event.currentTarget.value; + + onChange({ isValid: !policyHasErrors, updatedPolicy: { ...policy, description } }); + }, + [onChange, policyHasErrors, policy] + ); + + const onPolicyChange = useCallback( + (props: OnChangeDeps) => { + setPolicyHasErrors(!props.isValid); + onChange(props); + }, + [onChange] ); return ( - - - - {i18n.enableControlHelp} - + + + + + + + + + + + + + + {i18n.enableControlHelp} + + + + {controlEnabled && ( )} diff --git a/x-pack/plugins/cloud_defend/public/components/policy_settings/translations.ts b/x-pack/plugins/cloud_defend/public/components/policy_settings/translations.ts index 8cb10aa562c06..d42ba1fa5e3f0 100644 --- a/x-pack/plugins/cloud_defend/public/components/policy_settings/translations.ts +++ b/x-pack/plugins/cloud_defend/public/components/policy_settings/translations.ts @@ -7,11 +7,18 @@ import { i18n } from '@kbn/i18n'; +export const name = i18n.translate('xpack.cloudDefend.name', { + defaultMessage: 'Name', +}); + +export const description = i18n.translate('xpack.cloudDefend.description', { + defaultMessage: 'Description', +}); + export const enableControl = i18n.translate('xpack.cloudDefend.enableControl', { - defaultMessage: 'Enable drift prevention', + defaultMessage: 'Enable policy', }); export const enableControlHelp = i18n.translate('xpack.cloudDefend.enableControlHelp', { - defaultMessage: - 'Toggles enablement of drift prevention policy to alert and/or block file operations.', + defaultMessage: 'Enables drift prevention, alert, and logging policy shown below.', }); diff --git a/x-pack/plugins/cloud_defend/public/plugin.tsx b/x-pack/plugins/cloud_defend/public/plugin.tsx index b9272993e6b55..7c69912e54d96 100755 --- a/x-pack/plugins/cloud_defend/public/plugin.tsx +++ b/x-pack/plugins/cloud_defend/public/plugin.tsx @@ -19,9 +19,8 @@ import { INTEGRATION_PACKAGE_NAME } from '../common/constants'; import { LoadingState } from './components/loading_state'; import { SetupContext } from './application/setup_context'; -const LazyEditPolicy = lazy(() => import('./components/fleet_extensions/policy_extension_edit')); -const LazyCreatePolicy = lazy( - () => import('./components/fleet_extensions/policy_extension_create') +const LazyPolicyReplaceDefineStepExtension = lazy( + () => import('./components/fleet_extensions/package_policy_replace_define_step_extension') ); const RouterLazy = lazy(() => import('./application/router')); @@ -55,14 +54,8 @@ export class CloudDefendPlugin public start(core: CoreStart, plugins: CloudDefendPluginStartDeps): CloudDefendPluginStart { plugins.fleet.registerExtension({ package: INTEGRATION_PACKAGE_NAME, - view: 'package-policy-create', - Component: LazyCreatePolicy, - }); - - plugins.fleet.registerExtension({ - package: INTEGRATION_PACKAGE_NAME, - view: 'package-policy-edit', - Component: LazyEditPolicy, + view: 'package-policy-replace-define-step', + Component: LazyPolicyReplaceDefineStepExtension, }); const CloudDefendRouter = (props: CloudDefendRouterProps) => ( diff --git a/x-pack/plugins/cloud_defend/public/types.ts b/x-pack/plugins/cloud_defend/public/types.ts index 124b64a1fb891..d8f23302b3baa 100755 --- a/x-pack/plugins/cloud_defend/public/types.ts +++ b/x-pack/plugins/cloud_defend/public/types.ts @@ -134,11 +134,24 @@ export const SelectorConditionsMap: SelectorConditionsMapProps = { selectorType: 'file', type: 'stringArray', maxValueBytes: 255, + pattern: '^(?:\\/[^\\/\\*]+)+(?:\\/\\*|\\/\\*\\*)?$', + patternError: i18n.errorInvalidTargetFilePath, }, ignoreVolumeFiles: { selectorType: 'file', type: 'flag', not: ['ignoreVolumeMounts'] }, ignoreVolumeMounts: { selectorType: 'file', type: 'flag', not: ['ignoreVolumeFiles'] }, - processExecutable: { selectorType: 'process', type: 'stringArray', not: ['processName'] }, - processName: { selectorType: 'process', type: 'stringArray', not: ['processExecutable'] }, + processExecutable: { + selectorType: 'process', + type: 'stringArray', + not: ['processName'], + pattern: '^(?:\\/[^\\/\\*]+)+(?:\\/\\*|\\/\\*\\*)?$', + patternError: i18n.errorInvalidProcessExecutable, + }, + processName: { + selectorType: 'process', + type: 'stringArray', + not: ['processExecutable'], + maxValueBytes: 15, + }, sessionLeaderInteractive: { selectorType: 'process', type: 'boolean' }, }; diff --git a/x-pack/plugins/enterprise_search/common/types/ml.ts b/x-pack/plugins/enterprise_search/common/types/ml.ts index 4625753cf36f1..278fed907a3ba 100644 --- a/x-pack/plugins/enterprise_search/common/types/ml.ts +++ b/x-pack/plugins/enterprise_search/common/types/ml.ts @@ -22,6 +22,7 @@ export interface MlModelDeploymentStatus { nodeAllocationCount: number; startTime: number; targetAllocationCount: number; + threadsPerAllocation: number; } // TODO - we can remove this extension once the new types are available diff --git a/x-pack/plugins/enterprise_search/public/applications/applications/components/engine/engine_connect/engine_connect.tsx b/x-pack/plugins/enterprise_search/public/applications/applications/components/engine/engine_connect/engine_connect.tsx index 018470da69410..128ba894aaf79 100644 --- a/x-pack/plugins/enterprise_search/public/applications/applications/components/engine/engine_connect/engine_connect.tsx +++ b/x-pack/plugins/enterprise_search/public/applications/applications/components/engine/engine_connect/engine_connect.tsx @@ -51,15 +51,15 @@ const getTabBreadCrumb = (tabId: string) => { }; export const EngineConnect: React.FC = () => { - const { engineName, isLoadingEngine } = useValues(EngineViewLogic); + const { engineName, isLoadingEngine, hasSchemaConflicts } = useValues(EngineViewLogic); const { connectTabId = SearchApplicationConnectTabs.API } = useParams<{ connectTabId?: string; }>(); const onTabClick = (tab: SearchApplicationConnectTabs) => () => { KibanaLogic.values.navigateToUrl( generateEncodedPath(SEARCH_APPLICATION_CONTENT_PATH, { - engineName, connectTabId: tab, + engineName, }) ); }; @@ -76,6 +76,7 @@ export const EngineConnect: React.FC = () => { rightSideItems: [], }} engineName={engineName} + hasSchemaConflicts={hasSchemaConflicts} > @@ -101,6 +102,7 @@ export const EngineConnect: React.FC = () => { ], }} engineName={engineName} + hasSchemaConflicts={hasSchemaConflicts} > {connectTabId === SearchApplicationConnectTabs.API && } diff --git a/x-pack/plugins/enterprise_search/public/applications/applications/components/engine/engine_schema.tsx b/x-pack/plugins/enterprise_search/public/applications/applications/components/engine/engine_schema.tsx index 73ecdf5d09ba0..829fe8fff48ae 100644 --- a/x-pack/plugins/enterprise_search/public/applications/applications/components/engine/engine_schema.tsx +++ b/x-pack/plugins/enterprise_search/public/applications/applications/components/engine/engine_schema.tsx @@ -5,9 +5,9 @@ * 2.0. */ -import React, { useEffect, useState, useCallback, useMemo } from 'react'; +import React, { useState, useCallback, useMemo } from 'react'; -import { useActions, useValues } from 'kea'; +import { useValues } from 'kea'; import { EuiBadge, @@ -45,8 +45,6 @@ import { generateEncodedPath } from '../../../shared/encode_path_params'; import { KibanaLogic } from '../../../shared/kibana'; import { EuiLinkTo } from '../../../shared/react_router_helpers'; -import { EngineIndicesLogic } from './engine_indices_logic'; - import { EngineViewLogic } from './engine_view_logic'; const SchemaFieldDetails: React.FC<{ schemaField: SchemaField }> = ({ schemaField }) => { @@ -147,6 +145,7 @@ const SchemaFieldDetails: React.FC<{ schemaField: SchemaField }> = ({ schemaFiel css={{ '& .euiTable': { backgroundColor: 'transparent' } }} columns={columns} items={schemaField.indices} + responsive={false} /> @@ -154,10 +153,8 @@ const SchemaFieldDetails: React.FC<{ schemaField: SchemaField }> = ({ schemaFiel }; export const EngineSchema: React.FC = () => { - const { engineName } = useValues(EngineIndicesLogic); const [onlyShowConflicts, setOnlyShowConflicts] = useState(false); - const { isLoadingEngineSchema, schemaFields } = useValues(EngineViewLogic); - const { fetchEngineSchema } = useActions(EngineViewLogic); + const { isLoadingEngineSchema, schemaFields, hasSchemaConflicts } = useValues(EngineViewLogic); const [isFilterByPopoverOpen, setIsFilterByPopoverOpen] = useState(false); const [itemIdToExpandedRowMap, setItemIdToExpandedRowMap] = useState>( @@ -201,10 +198,6 @@ export const EngineSchema: React.FC = () => { ? schemaFieldsMaybeWithConflicts.length - filteredSchemaFields.length : 0; - useEffect(() => { - fetchEngineSchema({ engineName }); - }, [engineName]); - const toggleDetails = (schemaField: SchemaField) => { const newItemIdToExpandedRowMap = { ...itemIdToExpandedRowMap }; if (itemIdToExpandedRowMap[schemaField.name]) { @@ -224,7 +217,7 @@ export const EngineSchema: React.FC = () => { if (type !== 'conflict') return null; return ; }, - width: '2%', + width: '24px', }, { name: i18n.translate('xpack.enterpriseSearch.content.engine.schema.field_name.columnTitle', { @@ -238,7 +231,6 @@ export const EngineSchema: React.FC = () => { ), - width: '43%', }, { name: i18n.translate('xpack.enterpriseSearch.content.engine.schema.field_type.columnTitle', { @@ -267,7 +259,7 @@ export const EngineSchema: React.FC = () => { ); }, - width: '30%', + width: '180px', }, { name: i18n.translate( @@ -296,15 +288,16 @@ export const EngineSchema: React.FC = () => { ); }, - width: '15%', + width: '110px', }, { + isExpander: true, render: (schemaField: SchemaField) => { const { name, type, indices } = schemaField; if (type === 'conflict' || indices.some((i) => i.type === 'unmapped')) { const icon = itemIdToExpandedRowMap[name] ? 'arrowUp' : 'arrowDown'; return ( - + { } return null; }, - width: '10%', + width: '115px', }, ]; const filterButton = ( @@ -346,7 +339,32 @@ export const EngineSchema: React.FC = () => { return ( <> - + {hasSchemaConflicts && ( + +

+ +

+ {!onlyShowConflicts && ( + + + + )} + + )} + { itemId="name" itemIdToExpandedRowMap={itemIdToExpandedRowMap} isExpandable + responsive={false} /> {totalConflictsHiddenByTypeFilters > 0 && ( void; showConfiguration: boolean; } const ConfigurationPopover: React.FC = ({ engineName, - showConfiguration, + hasSchemaConflicts, setCloseConfiguration, + showConfiguration, }) => { const { navigateToUrl } = useValues(KibanaLogic); const { engineData } = useValues(EngineViewLogic); @@ -184,7 +187,7 @@ const ConfigurationPopover: React.FC = ({ : 'kqlField'} onClick={() => navigateToUrl( generateEncodedPath(SEARCH_APPLICATION_CONTENT_PATH, { @@ -194,12 +197,20 @@ const ConfigurationPopover: React.FC = ({ ) } > - {i18n.translate( - 'xpack.enterpriseSearch.content.engine.searchPreview.configuration.content.Schema', - { - defaultMessage: 'Schema', - } - )} + + + {hasSchemaConflicts && ( + + + + )} + @@ -282,7 +293,7 @@ export const EngineSearchPreview: React.FC = () => { // const [showAPICallFlyout, setShowAPICallFlyout] = useState(false); Uncomment when view this API call is needed const [showConfigurationPopover, setShowConfigurationPopover] = useState(false); // const [lastAPICall, setLastAPICall] = useState(null); Uncomment when view this API call is needed - const { engineName, isLoadingEngine } = useValues(EngineViewLogic); + const { engineName, isLoadingEngine, hasSchemaConflicts } = useValues(EngineViewLogic); const { resultFields, sortableFields } = useValues(EngineSearchPreviewLogic); const { engineData } = useValues(EngineIndicesLogic); @@ -326,6 +337,7 @@ export const EngineSearchPreview: React.FC = () => { <> setShowConfigurationPopover(!showConfigurationPopover)} /> @@ -333,6 +345,7 @@ export const EngineSearchPreview: React.FC = () => { ], }} engineName={engineName} + hasSchemaConflicts={hasSchemaConflicts} > diff --git a/x-pack/plugins/enterprise_search/public/applications/applications/components/engine/engine_view.tsx b/x-pack/plugins/enterprise_search/public/applications/applications/components/engine/engine_view.tsx index 0f83fecc90238..7838aac08bf0b 100644 --- a/x-pack/plugins/enterprise_search/public/applications/applications/components/engine/engine_view.tsx +++ b/x-pack/plugins/enterprise_search/public/applications/applications/components/engine/engine_view.tsx @@ -36,8 +36,13 @@ import { SearchApplicationContent } from './search_application_content'; export const EngineView: React.FC = () => { const { fetchEngine, closeDeleteEngineModal } = useActions(EngineViewLogic); - const { engineName, fetchEngineApiError, fetchEngineApiStatus, isDeleteModalVisible } = - useValues(EngineViewLogic); + const { + engineName, + fetchEngineApiError, + fetchEngineApiStatus, + hasSchemaConflicts, + isDeleteModalVisible, + } = useValues(EngineViewLogic); const { tabId = EngineViewTabs.PREVIEW } = useParams<{ tabId?: string; }>(); @@ -61,6 +66,7 @@ export const EngineView: React.FC = () => { }} engineName={engineName} emptyState={} + hasSchemaConflicts={hasSchemaConflicts} /> ); } @@ -97,6 +103,7 @@ export const EngineView: React.FC = () => { rightSideItems: [], }} engineName={engineName} + hasSchemaConflicts={hasSchemaConflicts} > diff --git a/x-pack/plugins/enterprise_search/public/applications/applications/components/engine/engine_view_logic.test.ts b/x-pack/plugins/enterprise_search/public/applications/applications/components/engine/engine_view_logic.test.ts index b4ade46b24b26..83050a3b4f184 100644 --- a/x-pack/plugins/enterprise_search/public/applications/applications/components/engine/engine_view_logic.test.ts +++ b/x-pack/plugins/enterprise_search/public/applications/applications/components/engine/engine_view_logic.test.ts @@ -19,13 +19,14 @@ import { EngineViewLogic, EngineViewValues } from './engine_view_logic'; const DEFAULT_VALUES: EngineViewValues = { engineData: undefined, engineName: 'my-test-engine', + engineSchemaData: undefined, fetchEngineApiError: undefined, fetchEngineApiStatus: Status.IDLE, - isDeleteModalVisible: false, - isLoadingEngine: true, - engineSchemaData: undefined, fetchEngineSchemaApiError: undefined, fetchEngineSchemaApiStatus: Status.IDLE, + hasSchemaConflicts: false, + isDeleteModalVisible: false, + isLoadingEngine: true, isLoadingEngineSchema: true, schemaFields: [], }; diff --git a/x-pack/plugins/enterprise_search/public/applications/applications/components/engine/engine_view_logic.ts b/x-pack/plugins/enterprise_search/public/applications/applications/components/engine/engine_view_logic.ts index 5b82dd3f7640a..1ff4ea75131a4 100644 --- a/x-pack/plugins/enterprise_search/public/applications/applications/components/engine/engine_view_logic.ts +++ b/x-pack/plugins/enterprise_search/public/applications/applications/components/engine/engine_view_logic.ts @@ -40,6 +40,7 @@ export interface EngineViewValues { fetchEngineApiStatus: typeof FetchEngineApiLogic.values.status; fetchEngineSchemaApiError?: typeof FetchEngineFieldCapabilitiesApiLogic.values.error; fetchEngineSchemaApiStatus: typeof FetchEngineFieldCapabilitiesApiLogic.values.status; + hasSchemaConflicts: boolean; isDeleteModalVisible: boolean; isLoadingEngine: boolean; isLoadingEngineSchema: boolean; @@ -78,6 +79,9 @@ export const EngineViewLogic = kea { + actions.fetchEngineSchema({ engineName }); + }, }), path: ['enterprise_search', 'content', 'engine_view_logic'], reducers: () => ({ @@ -90,6 +94,10 @@ export const EngineViewLogic = kea ({ + hasSchemaConflicts: [ + () => [selectors.schemaFields], + (data: EngineViewValues['schemaFields']) => data.some((f) => f.type === 'conflict'), + ], isLoadingEngine: [ () => [selectors.fetchEngineApiStatus, selectors.engineData], (status: EngineViewValues['fetchEngineApiStatus'], data: EngineViewValues['engineData']) => { diff --git a/x-pack/plugins/enterprise_search/public/applications/applications/components/engine/search_application_content.tsx b/x-pack/plugins/enterprise_search/public/applications/applications/components/engine/search_application_content.tsx index bac3b2899d599..117e823d1fc8f 100644 --- a/x-pack/plugins/enterprise_search/public/applications/applications/components/engine/search_application_content.tsx +++ b/x-pack/plugins/enterprise_search/public/applications/applications/components/engine/search_application_content.tsx @@ -10,7 +10,7 @@ import { useParams } from 'react-router-dom'; import { useActions, useValues } from 'kea'; -import { EuiButton, EuiIcon } from '@elastic/eui'; +import { EuiButton, EuiIcon, EuiFlexGroup } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; import { generateEncodedPath } from '../../../shared/encode_path_params'; @@ -65,7 +65,7 @@ const getTabBreadCrumb = (tabId: string) => { const ContentTabs: string[] = Object.values(SearchApplicationContentTabs); export const SearchApplicationContent = () => { - const { engineName, isLoadingEngine } = useValues(EngineViewLogic); + const { engineName, isLoadingEngine, hasSchemaConflicts } = useValues(EngineViewLogic); const { addIndicesFlyoutOpen } = useValues(EngineIndicesLogic); const { closeAddIndicesFlyout, openAddIndicesFlyout } = useActions(EngineIndicesLogic); const { contentTabId = SearchApplicationContentTabs.INDICES } = useParams<{ @@ -85,6 +85,7 @@ export const SearchApplicationContent = () => { rightSideItems: [], }} engineName={engineName} + hasSchemaConflicts={hasSchemaConflicts} > @@ -146,12 +147,18 @@ export const SearchApplicationContent = () => { }, { isSelected: contentTabId === SearchApplicationContentTabs.SCHEMA, - label: SCHEMA_TAB_TITLE, + label: ( + + {hasSchemaConflicts && } + {SCHEMA_TAB_TITLE} + + ), onClick: onTabClick(SearchApplicationContentTabs.SCHEMA), }, ], }} engineName={engineName} + hasSchemaConflicts={hasSchemaConflicts} > {contentTabId === SearchApplicationContentTabs.INDICES && } {contentTabId === SearchApplicationContentTabs.SCHEMA && } diff --git a/x-pack/plugins/enterprise_search/public/applications/applications/components/layout/engines_page_template.tsx b/x-pack/plugins/enterprise_search/public/applications/applications/components/layout/engines_page_template.tsx index 94f0d9ae56e7c..54e6085a7948a 100644 --- a/x-pack/plugins/enterprise_search/public/applications/applications/components/layout/engines_page_template.tsx +++ b/x-pack/plugins/enterprise_search/public/applications/applications/components/layout/engines_page_template.tsx @@ -15,12 +15,24 @@ import { SendEnterpriseSearchTelemetry } from '../../../shared/telemetry'; export type EnterpriseSearchEnginesPageTemplateProps = PageTemplateProps & { engineName?: string; + hasSchemaConflicts?: boolean; }; export const EnterpriseSearchEnginesPageTemplate: React.FC< EnterpriseSearchEnginesPageTemplateProps -> = ({ children, pageChrome, pageViewTelemetry, engineName, ...pageTemplateProps }) => { - const navItems = useEnterpriseSearchEngineNav(engineName, pageTemplateProps.isEmptyState); +> = ({ + children, + pageChrome, + pageViewTelemetry, + engineName, + hasSchemaConflicts, + ...pageTemplateProps +}) => { + const navItems = useEnterpriseSearchEngineNav( + engineName, + pageTemplateProps.isEmptyState, + hasSchemaConflicts + ); return ( { diff --git a/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/pipelines/ml_inference/text_expansion_callout.test.tsx b/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/pipelines/ml_inference/text_expansion_callout.test.tsx index c6d55a0099bea..2b7b28732fc91 100644 --- a/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/pipelines/ml_inference/text_expansion_callout.test.tsx +++ b/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/pipelines/ml_inference/text_expansion_callout.test.tsx @@ -22,6 +22,7 @@ import { ModelDeployed, TextExpansionDismissButton, ModelStarted, + FineTuneModelsButton, } from './text_expansion_callout'; import { TextExpansionErrors } from './text_expansion_errors'; @@ -214,17 +215,27 @@ describe('TextExpansionCallOut', () => { describe('ModelStarted', () => { it('renders dismiss button if it is set to dismissable', () => { - const wrapper = shallow( {}} isCompact={false} isDismissable />); + const wrapper = shallow( + {}} isCompact={false} isDismissable isSingleThreaded /> + ); expect(wrapper.find(TextExpansionDismissButton).length).toBe(1); }); it('does not render dismiss button if it is set to non-dismissable', () => { const wrapper = shallow( - {}} isCompact={false} isDismissable={false} /> + {}} isCompact={false} isDismissable={false} isSingleThreaded /> ); expect(wrapper.find(TextExpansionDismissButton).length).toBe(0); }); + it('renders fine-tune button if the model is running single-threaded', () => { + const wrapper = shallow( + {}} isCompact={false} isDismissable isSingleThreaded /> + ); + expect(wrapper.find(FineTuneModelsButton).length).toBe(1); + }); it('does not render description if it is set to compact', () => { - const wrapper = shallow( {}} isCompact isDismissable />); + const wrapper = shallow( + {}} isCompact isDismissable isSingleThreaded /> + ); expect(wrapper.find(EuiText).length).toBe(1); // Title only }); }); diff --git a/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/pipelines/ml_inference/text_expansion_callout.tsx b/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/pipelines/ml_inference/text_expansion_callout.tsx index aa4a975dd32f6..6743d79d820b9 100644 --- a/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/pipelines/ml_inference/text_expansion_callout.tsx +++ b/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/pipelines/ml_inference/text_expansion_callout.tsx @@ -40,6 +40,7 @@ export interface TextExpansionCallOutState { isCompact: boolean; isCreateButtonDisabled: boolean; isDismissable: boolean; + isSingleThreaded: boolean; isStartButtonDisabled: boolean; show: boolean; } @@ -49,6 +50,8 @@ export interface TextExpansionCallOutProps { isDismissable?: boolean; } +const TRAINED_MODELS_PATH = '/app/ml/trained_models'; + export const TextExpansionDismissButton = ({ dismiss, }: Pick) => { @@ -64,6 +67,25 @@ export const TextExpansionDismissButton = ({ ); }; +export const FineTuneModelsButton: React.FC = () => ( + + KibanaLogic.values.navigateToUrl(TRAINED_MODELS_PATH, { + shouldNotCreateHref: true, + }) + } + > + {i18n.translate( + 'xpack.enterpriseSearch.content.indices.pipelines.textExpansionCallOut.fineTuneModelButton', + { + defaultMessage: 'Fine-tune performance', + } + )} + +); + export const DeployModel = ({ dismiss, ingestionMethod, @@ -277,19 +299,7 @@ export const ModelDeployed = ({ - - KibanaLogic.values.navigateToUrl('/app/ml/trained_models', { - shouldNotCreateHref: true, - }) - } - > - {i18n.translate('xpack.enterpriseSearch.content.engine.api.step1.viewKeysButton', { - defaultMessage: 'Fine-tune performance', - })} - + @@ -302,7 +312,11 @@ export const ModelStarted = ({ dismiss, isCompact, isDismissable, -}: Pick) => ( + isSingleThreaded, +}: Pick< + TextExpansionCallOutState, + 'dismiss' | 'isCompact' | 'isDismissable' | 'isSingleThreaded' +>) => ( @@ -313,7 +327,17 @@ export const ModelStarted = ({

- {isCompact + {isSingleThreaded + ? isCompact + ? i18n.translate( + 'xpack.enterpriseSearch.content.index.pipelines.textExpansionCallOut.startedSingleThreadedTitleCompact', + { defaultMessage: 'Your ELSER model is running single-threaded.' } + ) + : i18n.translate( + 'xpack.enterpriseSearch.content.index.pipelines.textExpansionCallOut.startedSingleThreadedTitle', + { defaultMessage: 'Your ELSER model has started single-threaded.' } + ) + : isCompact ? i18n.translate( 'xpack.enterpriseSearch.content.index.pipelines.textExpansionCallOut.startedTitleCompact', { defaultMessage: 'Your ELSER model is running.' } @@ -333,16 +357,60 @@ export const ModelStarted = ({ {!isCompact && ( - - -

- {i18n.translate( - 'xpack.enterpriseSearch.content.index.pipelines.textExpansionCallOut.startedBody', - { defaultMessage: 'Enjoy the power of ELSER in your custom Inference pipeline.' } - )} -

- - + <> + + +

+ {isSingleThreaded + ? i18n.translate( + 'xpack.enterpriseSearch.content.index.pipelines.textExpansionCallOut.startedSingleThreadedBody', + { + defaultMessage: + 'This single-threaded configuration is great for testing your custom inference pipelines, however performance should be fine-tuned for production.', + } + ) + : i18n.translate( + 'xpack.enterpriseSearch.content.index.pipelines.textExpansionCallOut.startedBody', + { + defaultMessage: + 'Enjoy the power of ELSER in your custom Inference pipeline.', + } + )} +

+ + + + + + {isSingleThreaded ? ( + + ) : ( + + KibanaLogic.values.navigateToUrl(TRAINED_MODELS_PATH, { + shouldNotCreateHref: true, + }) + } + > + {i18n.translate( + 'xpack.enterpriseSearch.content.indices.pipelines.textExpansionCallOut.viewModelsButton', + { + defaultMessage: 'View details', + } + )} + + )} + + + + )} @@ -357,6 +425,7 @@ export const TextExpansionCallOut: React.FC = (props) isCreateButtonDisabled, isModelDownloadInProgress, isModelDownloaded, + isModelRunningSingleThreaded, isModelStarted, isStartButtonDisabled, startTextExpansionModelError, @@ -384,7 +453,14 @@ export const TextExpansionCallOut: React.FC = (props) /> ); } else if (isModelStarted) { - return ; + return ( + + ); } return ( diff --git a/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/pipelines/ml_inference/text_expansion_callout_data.tsx b/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/pipelines/ml_inference/text_expansion_callout_data.tsx index b55ef9cb81ffd..849bcd7964f76 100644 --- a/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/pipelines/ml_inference/text_expansion_callout_data.tsx +++ b/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/pipelines/ml_inference/text_expansion_callout_data.tsx @@ -24,7 +24,8 @@ export const useTextExpansionCallOutData = ({ isDismissable = false, }: TextExpansionCallOutProps): TextExpansionCallOutState => { const { ingestionMethod } = useValues(IndexViewLogic); - const { isCreateButtonDisabled, isStartButtonDisabled } = useValues(TextExpansionCalloutLogic); + const { isCreateButtonDisabled, isModelRunningSingleThreaded, isStartButtonDisabled } = + useValues(TextExpansionCalloutLogic); const [show, setShow] = useState(() => { if (!isDismissable) return true; @@ -56,6 +57,7 @@ export const useTextExpansionCallOutData = ({ isCompact, isCreateButtonDisabled, isDismissable, + isSingleThreaded: isModelRunningSingleThreaded, isStartButtonDisabled, show, }; diff --git a/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/pipelines/ml_inference/text_expansion_callout_logic.test.ts b/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/pipelines/ml_inference/text_expansion_callout_logic.test.ts index ae781bfb3bd1d..744eb9af56042 100644 --- a/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/pipelines/ml_inference/text_expansion_callout_logic.test.ts +++ b/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/pipelines/ml_inference/text_expansion_callout_logic.test.ts @@ -28,6 +28,7 @@ const DEFAULT_VALUES: TextExpansionCalloutValues = { isCreateButtonDisabled: false, isModelDownloadInProgress: false, isModelDownloaded: false, + isModelRunningSingleThreaded: false, isModelStarted: false, isPollingTextExpansionModelActive: false, isStartButtonDisabled: false, @@ -135,6 +136,9 @@ describe('TextExpansionCalloutLogic', () => { const data = { deploymentState: MlModelDeploymentState.Downloading, modelId: 'mock-model-id', + targetAllocationCount: 1, + nodeAllocationCount: 1, + threadsPerAllocation: 1, }; it('starts polling when the model is downloading and polling is not active', () => { @@ -170,6 +174,9 @@ describe('TextExpansionCalloutLogic', () => { TextExpansionCalloutLogic.actions.fetchTextExpansionModelSuccess({ deploymentState: MlModelDeploymentState.Downloaded, modelId: 'mock-model-id', + targetAllocationCount: 1, + nodeAllocationCount: 1, + threadsPerAllocation: 1, }); expect(TextExpansionCalloutLogic.actions.stopPollingTextExpansionModel).toHaveBeenCalled(); @@ -291,6 +298,9 @@ describe('TextExpansionCalloutLogic', () => { FetchTextExpansionModelApiLogic.actions.apiSuccess({ deploymentState: MlModelDeploymentState.Downloading, modelId: 'mock-model-id', + targetAllocationCount: 1, + nodeAllocationCount: 1, + threadsPerAllocation: 1, }); expect(TextExpansionCalloutLogic.values.isModelDownloadInProgress).toBe(true); }); @@ -298,6 +308,9 @@ describe('TextExpansionCalloutLogic', () => { FetchTextExpansionModelApiLogic.actions.apiSuccess({ deploymentState: MlModelDeploymentState.Started, modelId: 'mock-model-id', + targetAllocationCount: 1, + nodeAllocationCount: 1, + threadsPerAllocation: 1, }); expect(TextExpansionCalloutLogic.values.isModelDownloadInProgress).toBe(false); }); @@ -308,6 +321,9 @@ describe('TextExpansionCalloutLogic', () => { FetchTextExpansionModelApiLogic.actions.apiSuccess({ deploymentState: MlModelDeploymentState.Downloaded, modelId: 'mock-model-id', + targetAllocationCount: 1, + nodeAllocationCount: 1, + threadsPerAllocation: 1, }); expect(TextExpansionCalloutLogic.values.isModelDownloaded).toBe(true); }); @@ -315,16 +331,55 @@ describe('TextExpansionCalloutLogic', () => { FetchTextExpansionModelApiLogic.actions.apiSuccess({ deploymentState: MlModelDeploymentState.NotDeployed, modelId: 'mock-model-id', + targetAllocationCount: 1, + nodeAllocationCount: 1, + threadsPerAllocation: 1, }); expect(TextExpansionCalloutLogic.values.isModelDownloaded).toBe(false); }); }); + describe('isModelRunningSingleThreaded', () => { + it('is set to true if the model has 1 target allocation and 1 thread', () => { + FetchTextExpansionModelApiLogic.actions.apiSuccess({ + deploymentState: MlModelDeploymentState.FullyAllocated, + modelId: 'mock-model-id', + targetAllocationCount: 1, + nodeAllocationCount: 1, + threadsPerAllocation: 1, + }); + expect(TextExpansionCalloutLogic.values.isModelRunningSingleThreaded).toBe(true); + }); + it('is set to false if the model has multiple target allocations', () => { + FetchTextExpansionModelApiLogic.actions.apiSuccess({ + deploymentState: MlModelDeploymentState.FullyAllocated, + modelId: 'mock-model-id', + targetAllocationCount: 2, + nodeAllocationCount: 2, + threadsPerAllocation: 1, + }); + expect(TextExpansionCalloutLogic.values.isModelRunningSingleThreaded).toBe(false); + }); + it('is set to false if the model runs on multiple threads', () => { + FetchTextExpansionModelApiLogic.actions.apiSuccess({ + deploymentState: MlModelDeploymentState.FullyAllocated, + modelId: 'mock-model-id', + targetAllocationCount: 1, + nodeAllocationCount: 1, + threadsPerAllocation: 4, + }); + expect(TextExpansionCalloutLogic.values.isModelRunningSingleThreaded).toBe(false); + }); + }); + describe('isModelStarted', () => { it('is set to true if the model is started', () => { FetchTextExpansionModelApiLogic.actions.apiSuccess({ deploymentState: MlModelDeploymentState.FullyAllocated, modelId: 'mock-model-id', + targetAllocationCount: 1, + nodeAllocationCount: 1, + threadsPerAllocation: 1, }); expect(TextExpansionCalloutLogic.values.isModelStarted).toBe(true); }); @@ -332,6 +387,9 @@ describe('TextExpansionCalloutLogic', () => { FetchTextExpansionModelApiLogic.actions.apiSuccess({ deploymentState: MlModelDeploymentState.NotDeployed, modelId: 'mock-model-id', + targetAllocationCount: 1, + nodeAllocationCount: 1, + threadsPerAllocation: 1, }); expect(TextExpansionCalloutLogic.values.isModelStarted).toBe(false); }); diff --git a/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/pipelines/ml_inference/text_expansion_callout_logic.ts b/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/pipelines/ml_inference/text_expansion_callout_logic.ts index dda1be828ee0a..a775ad3f05b89 100644 --- a/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/pipelines/ml_inference/text_expansion_callout_logic.ts +++ b/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/pipelines/ml_inference/text_expansion_callout_logic.ts @@ -56,6 +56,7 @@ export interface TextExpansionCalloutValues { isCreateButtonDisabled: boolean; isModelDownloadInProgress: boolean; isModelDownloaded: boolean; + isModelRunningSingleThreaded: boolean; isModelStarted: boolean; isPollingTextExpansionModelActive: boolean; isStartButtonDisabled: boolean; @@ -260,5 +261,11 @@ export const TextExpansionCalloutLogic = kea< () => [selectors.startTextExpansionModelStatus], (status: Status) => status !== Status.IDLE && status !== Status.ERROR, ], + isModelRunningSingleThreaded: [ + () => [selectors.textExpansionModel], + (data: FetchTextExpansionModelResponse) => + // Running single threaded if model has max 1 deployment on 1 node with 1 thread + data?.targetAllocationCount * data?.threadsPerAllocation <= 1, + ], }), }); diff --git a/x-pack/plugins/enterprise_search/public/applications/shared/layout/nav.test.tsx b/x-pack/plugins/enterprise_search/public/applications/shared/layout/nav.test.tsx index 0f303b02648df..9c30aab9dfa56 100644 --- a/x-pack/plugins/enterprise_search/public/applications/shared/layout/nav.test.tsx +++ b/x-pack/plugins/enterprise_search/public/applications/shared/layout/nav.test.tsx @@ -291,28 +291,38 @@ describe('useEnterpriseSearchEngineNav', () => { // @ts-ignore const engineItem: EuiSideNavItemType = enginesItem!.items[0]; - expect(engineItem).toEqual({ - href: `/app/enterprise_search/applications/search_applications/${engineName}`, - id: 'engineId', - items: [ - { - href: `/app/enterprise_search/applications/search_applications/${engineName}/preview`, - id: 'enterpriseSearchEnginePreview', - name: 'Search Preview', - }, - { - href: `/app/enterprise_search/applications/search_applications/${engineName}/content`, - id: 'enterpriseSearchApplicationsContent', - name: 'Content', - }, - { - href: `/app/enterprise_search/applications/search_applications/${engineName}/connect`, - id: 'enterpriseSearchApplicationConnect', - name: 'Connect', - }, - ], - name: engineName, - }); + expect(engineItem).toMatchInlineSnapshot(` + Object { + "href": "/app/enterprise_search/applications/search_applications/my-test-engine", + "id": "engineId", + "items": Array [ + Object { + "href": "/app/enterprise_search/applications/search_applications/my-test-engine/preview", + "id": "enterpriseSearchEnginePreview", + "items": undefined, + "name": "Search Preview", + }, + Object { + "href": "/app/enterprise_search/applications/search_applications/my-test-engine/content", + "id": "enterpriseSearchApplicationsContent", + "items": undefined, + "name": + Content + , + }, + Object { + "href": "/app/enterprise_search/applications/search_applications/my-test-engine/connect", + "id": "enterpriseSearchApplicationConnect", + "items": undefined, + "name": "Connect", + }, + ], + "name": "my-test-engine", + } + `); }); it('returns selected engine without tabs when isEmpty', () => { @@ -343,6 +353,37 @@ describe('useEnterpriseSearchEngineNav', () => { name: engineName, }); }); + + it('returns selected engine with conflict warning when hasSchemaConflicts', () => { + const engineName = 'my-test-engine'; + const navItems = useEnterpriseSearchEngineNav(engineName, false, true); + + // @ts-ignore + const engineItem = navItems + .find((ni: EuiSideNavItemType) => ni.id === 'applications') + .items.find((ni: EuiSideNavItemType) => ni.id === 'searchApplications') + .items[0].items.find( + (ni: EuiSideNavItemType) => ni.id === 'enterpriseSearchApplicationsContent' + ); + + expect(engineItem).toMatchInlineSnapshot(` + Object { + "href": "/app/enterprise_search/applications/search_applications/my-test-engine/content", + "id": "enterpriseSearchApplicationsContent", + "items": undefined, + "name": + Content + + , + } + `); + }); }); describe('useEnterpriseSearchAnalyticsNav', () => { diff --git a/x-pack/plugins/enterprise_search/public/applications/shared/layout/nav.tsx b/x-pack/plugins/enterprise_search/public/applications/shared/layout/nav.tsx index c137739e22164..ce293cbc29c59 100644 --- a/x-pack/plugins/enterprise_search/public/applications/shared/layout/nav.tsx +++ b/x-pack/plugins/enterprise_search/public/applications/shared/layout/nav.tsx @@ -5,9 +5,11 @@ * 2.0. */ +import React from 'react'; + import { useValues } from 'kea'; -import { EuiSideNavItemType } from '@elastic/eui'; +import { EuiFlexGroup, EuiIcon, EuiSideNavItemType } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; import { @@ -170,7 +172,11 @@ export const useEnterpriseSearchNav = () => { return navItems; }; -export const useEnterpriseSearchEngineNav = (engineName?: string, isEmptyState?: boolean) => { +export const useEnterpriseSearchEngineNav = ( + engineName?: string, + isEmptyState?: boolean, + hasSchemaConflicts?: boolean +) => { const navItems = useEnterpriseSearchNav(); if (!navItems) return undefined; if (!engineName) return navItems; @@ -188,7 +194,7 @@ export const useEnterpriseSearchEngineNav = (engineName?: string, isEmptyState?: name: engineName, ...generateNavLink({ shouldNotCreateHref: true, - shouldShowActiveForSubroutes: true, + shouldShowActiveForSubroutes: false, to: enginePath, }), items: [ @@ -204,9 +210,14 @@ export const useEnterpriseSearchEngineNav = (engineName?: string, isEmptyState?: }, { id: 'enterpriseSearchApplicationsContent', - name: i18n.translate('xpack.enterpriseSearch.nav.engine.contentTitle', { - defaultMessage: 'Content', - }), + name: ( + + {i18n.translate('xpack.enterpriseSearch.nav.engine.contentTitle', { + defaultMessage: 'Content', + })} + {hasSchemaConflicts && } + + ), ...generateNavLink({ shouldNotCreateHref: true, shouldShowActiveForSubroutes: true, diff --git a/x-pack/plugins/enterprise_search/server/lib/ml/get_ml_model_deployment_status.test.ts b/x-pack/plugins/enterprise_search/server/lib/ml/get_ml_model_deployment_status.test.ts index e2944ad7a0e91..0b0a42630bcc7 100644 --- a/x-pack/plugins/enterprise_search/server/lib/ml/get_ml_model_deployment_status.test.ts +++ b/x-pack/plugins/enterprise_search/server/lib/ml/get_ml_model_deployment_status.test.ts @@ -198,6 +198,7 @@ describe('getMlModelDeploymentStatus', () => { target_allocation_count: 3, }, start_time: 123456, + threads_per_allocation: 1, }, model_id: 'mockModelName', }, @@ -221,6 +222,7 @@ describe('getMlModelDeploymentStatus', () => { expect(deployedStatus.nodeAllocationCount).toEqual(1); expect(deployedStatus.startTime).toEqual(123456); expect(deployedStatus.targetAllocationCount).toEqual(3); + expect(deployedStatus.threadsPerAllocation).toEqual(1); }); it('should return fully allocated if the model is fully allocated', async () => { diff --git a/x-pack/plugins/enterprise_search/server/lib/ml/get_ml_model_deployment_status.ts b/x-pack/plugins/enterprise_search/server/lib/ml/get_ml_model_deployment_status.ts index f44aa1b649bba..069395baec777 100644 --- a/x-pack/plugins/enterprise_search/server/lib/ml/get_ml_model_deployment_status.ts +++ b/x-pack/plugins/enterprise_search/server/lib/ml/get_ml_model_deployment_status.ts @@ -84,6 +84,7 @@ export const getMlModelDeploymentStatus = async ( nodeAllocationCount: modelDeployment?.allocation_status.allocation_count || 0, startTime: modelDeployment?.start_time || 0, targetAllocationCount: modelDeployment?.allocation_status.target_allocation_count || 0, + threadsPerAllocation: modelDeployment?.threads_per_allocation || 0, }; }; @@ -97,6 +98,7 @@ function getDefaultStatusReturn( nodeAllocationCount: 0, startTime: 0, targetAllocationCount: 0, + threadsPerAllocation: 0, }; } diff --git a/x-pack/plugins/enterprise_search/server/lib/ml/start_ml_model_deployment.test.ts b/x-pack/plugins/enterprise_search/server/lib/ml/start_ml_model_deployment.test.ts index ae11a89ed5ac0..619debc514f2a 100644 --- a/x-pack/plugins/enterprise_search/server/lib/ml/start_ml_model_deployment.test.ts +++ b/x-pack/plugins/enterprise_search/server/lib/ml/start_ml_model_deployment.test.ts @@ -54,6 +54,7 @@ describe('startMlModelDeployment', () => { nodeAllocationCount: 0, startTime: 123456, targetAllocationCount: 3, + threadsPerAllocation: 1, }) ); @@ -73,6 +74,7 @@ describe('startMlModelDeployment', () => { nodeAllocationCount: 0, startTime: 123456, targetAllocationCount: 3, + threadsPerAllocation: 1, }) ); @@ -94,6 +96,7 @@ describe('startMlModelDeployment', () => { nodeAllocationCount: 0, startTime: 123456, targetAllocationCount: 3, + threadsPerAllocation: 1, }) ) .mockReturnValueOnce( @@ -103,6 +106,7 @@ describe('startMlModelDeployment', () => { nodeAllocationCount: 0, startTime: 123456, targetAllocationCount: 3, + threadsPerAllocation: 1, }) ); mockTrainedModelsProvider.startTrainedModelDeployment.mockImplementation(async () => {}); diff --git a/x-pack/plugins/enterprise_search/server/lib/ml/start_ml_model_download.test.ts b/x-pack/plugins/enterprise_search/server/lib/ml/start_ml_model_download.test.ts index 3c4cfa2f66ee9..084a6382a6c36 100644 --- a/x-pack/plugins/enterprise_search/server/lib/ml/start_ml_model_download.test.ts +++ b/x-pack/plugins/enterprise_search/server/lib/ml/start_ml_model_download.test.ts @@ -53,6 +53,7 @@ describe('startMlModelDownload', () => { nodeAllocationCount: 0, startTime: 123456, targetAllocationCount: 3, + threadsPerAllocation: 1, }) ); @@ -74,6 +75,7 @@ describe('startMlModelDownload', () => { nodeAllocationCount: 0, startTime: 123456, targetAllocationCount: 3, + threadsPerAllocation: 1, }) ) .mockReturnValueOnce( @@ -83,6 +85,7 @@ describe('startMlModelDownload', () => { nodeAllocationCount: 0, startTime: 123456, targetAllocationCount: 3, + threadsPerAllocation: 1, }) ); diff --git a/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/utils/get_install_route_options.ts b/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/utils/get_install_route_options.ts index 572a0d33d3f04..54db4346582bd 100644 --- a/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/utils/get_install_route_options.ts +++ b/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/utils/get_install_route_options.ts @@ -12,6 +12,7 @@ import { PLUGIN_ID, INTEGRATIONS_PLUGIN_ID, pagePathGetters } from '../../../../ const EXCLUDED_PACKAGES = [ 'apm', 'cloud_security_posture', + 'cloud_defend', 'dga', 'fleet_server', 'osquery_manager', diff --git a/x-pack/plugins/fleet/server/services/epm/elasticsearch/template/install.ts b/x-pack/plugins/fleet/server/services/epm/elasticsearch/template/install.ts index b9b48168ab98d..8dd0c7b6c14c2 100644 --- a/x-pack/plugins/fleet/server/services/epm/elasticsearch/template/install.ts +++ b/x-pack/plugins/fleet/server/services/epm/elasticsearch/template/install.ts @@ -219,10 +219,46 @@ export async function installComponentAndIndexTemplateForDataStream({ componentTemplates: TemplateMap; indexTemplate: IndexTemplateEntry; }) { + // update index template first in case TSDS was removed, so that it does not become invalid + await updateIndexTemplateIfTsdsDisabled({ esClient, logger, indexTemplate }); + await installDataStreamComponentTemplates({ esClient, logger, componentTemplates }); await installTemplate({ esClient, logger, template: indexTemplate }); } +async function updateIndexTemplateIfTsdsDisabled({ + esClient, + logger, + indexTemplate, +}: { + esClient: ElasticsearchClient; + logger: Logger; + indexTemplate: IndexTemplateEntry; +}) { + try { + const existingIndexTemplate = await esClient.indices.getIndexTemplate({ + name: indexTemplate.templateName, + }); + if ( + existingIndexTemplate.index_templates?.[0]?.index_template.template?.settings?.index?.mode === + 'time_series' && + indexTemplate.indexTemplate.template.settings.index.mode !== 'time_series' + ) { + await installTemplate({ esClient, logger, template: indexTemplate }); + } + } catch (e) { + if (e.statusCode === 404) { + logger.debug( + `Index template ${indexTemplate.templateName} does not exist, skipping time_series check` + ); + } else { + logger.warn( + `Error while trying to install index template before component template: ${e.message}` + ); + } + } +} + function putComponentTemplate( esClient: ElasticsearchClient, logger: Logger, diff --git a/x-pack/plugins/infra/common/http_api/host_details/process_list.ts b/x-pack/plugins/infra/common/http_api/host_details/process_list.ts index 0058a5e35e529..34b7defc289fc 100644 --- a/x-pack/plugins/infra/common/http_api/host_details/process_list.ts +++ b/x-pack/plugins/infra/common/http_api/host_details/process_list.ts @@ -78,6 +78,9 @@ export const ProcessListAPIQueryAggregationRT = rt.type({ }), }); +// string in case of 'N?A' +const summaryPropertyRT = rt.union([rt.number, rt.string]); + export const ProcessListAPIResponseRT = rt.type({ processList: rt.array( rt.type({ @@ -92,14 +95,14 @@ export const ProcessListAPIResponseRT = rt.type({ ), summary: rt.exact( rt.partial({ - total: rt.number, - running: rt.number, - sleeping: rt.number, - dead: rt.number, - stopped: rt.number, - idle: rt.number, - zombie: rt.number, - unknown: rt.number, + total: summaryPropertyRT, + running: summaryPropertyRT, + sleeping: summaryPropertyRT, + dead: summaryPropertyRT, + stopped: summaryPropertyRT, + idle: summaryPropertyRT, + zombie: summaryPropertyRT, + unknown: summaryPropertyRT, }) ), }); diff --git a/x-pack/plugins/infra/public/pages/metrics/hosts/components/error_callout.tsx b/x-pack/plugins/infra/public/pages/metrics/hosts/components/error_callout.tsx new file mode 100644 index 0000000000000..41aab614f21cd --- /dev/null +++ b/x-pack/plugins/infra/public/pages/metrics/hosts/components/error_callout.tsx @@ -0,0 +1,124 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React from 'react'; +import { + EuiButton, + EuiEmptyPrompt, + EuiFlexGroup, + EuiFlexItem, + EuiSpacer, + EuiCodeBlock, +} from '@elastic/eui'; +import { KQLSyntaxError } from '@kbn/es-query'; +import { i18n } from '@kbn/i18n'; +import { FormattedMessage } from '@kbn/i18n-react'; + +import { useKibanaContextForPlugin } from '../../../../hooks/use_kibana'; + +interface Props { + error: Error; + titleOverride?: string; + messageOverride?: string; + hasDetailsModal?: boolean; + hasTryAgainButton?: boolean; + onTryAgainClick?: () => void; +} + +export const ErrorCallout = ({ + error, + titleOverride, + messageOverride, + hasDetailsModal = false, + hasTryAgainButton = false, + onTryAgainClick, +}: Props) => { + const { + services: { notifications }, + } = useKibanaContextForPlugin(); + + const errorContent = getErrorContent(error); + const title = titleOverride ? titleOverride : errorContent.title; + + const openDetails = () => { + notifications.showErrorDialog({ title, error }); + }; + + return ( + {title}

} + data-test-subj="hostsViewErrorCallout" + body={ + <> + {messageOverride ?

{messageOverride}

: errorContent.body} + + {hasDetailsModal && ( + + + + + + )} + {hasTryAgainButton && ( + + + + + + )} + + + } + /> + ); +}; + +const getErrorContent = (error: Error): { title: string; body: JSX.Element } => { + if (error instanceof KQLSyntaxError) { + return { + title: i18n.translate('xpack.infra.hostsViewPage.error.kqlErrorTitle', { + defaultMessage: 'Invalid KQL expression', + }), + body: ( + <> + + + + {error.message} + + + ), + }; + } + + return { + title: i18n.translate('xpack.infra.hostsViewPage.error.unknownErrorTitle', { + defaultMessage: 'An error occurred', + }), + body: <>{error.message}, + }; +}; diff --git a/x-pack/plugins/infra/public/pages/metrics/hosts/components/hosts_container.tsx b/x-pack/plugins/infra/public/pages/metrics/hosts/components/hosts_container.tsx index d42944857af34..f9352e98629bf 100644 --- a/x-pack/plugins/infra/public/pages/metrics/hosts/components/hosts_container.tsx +++ b/x-pack/plugins/infra/public/pages/metrics/hosts/components/hosts_container.tsx @@ -5,24 +5,20 @@ * 2.0. */ import React from 'react'; -import { EuiFlexGroup, EuiFlexItem, EuiSpacer } from '@elastic/eui'; +import { EuiSpacer } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; import { InfraLoadingPanel } from '../../../../components/loading'; import { useMetricsDataViewContext } from '../hooks/use_data_view'; import { UnifiedSearchBar } from './search_bar/unified_search_bar'; -import { HostsTable } from './hosts_table'; -import { KPIGrid } from './kpis/kpi_grid'; -import { Tabs } from './tabs/tabs'; -import { AlertsQueryProvider } from '../hooks/use_alerts_query'; -import { HostsViewProvider } from '../hooks/use_hosts_view'; -import { HostsTableProvider } from '../hooks/use_hosts_table'; +import { HostsContent } from './hosts_content'; +import { ErrorCallout } from './error_callout'; export const HostContainer = () => { - const { dataView, loading, hasError } = useMetricsDataViewContext(); + const { dataView, loading, error, metricAlias, loadDataView } = useMetricsDataViewContext(); const isLoading = loading || !dataView; - if (isLoading && !hasError) { + if (isLoading && !error) { return ( { ); } - return hasError ? null : ( + return error ? ( + + ) : ( <> - - - - - - - - - - - - - - - - - + ); }; diff --git a/x-pack/plugins/infra/public/pages/metrics/hosts/components/hosts_content.tsx b/x-pack/plugins/infra/public/pages/metrics/hosts/components/hosts_content.tsx new file mode 100644 index 0000000000000..24b7c7ae86918 --- /dev/null +++ b/x-pack/plugins/infra/public/pages/metrics/hosts/components/hosts_content.tsx @@ -0,0 +1,47 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import React from 'react'; +import { EuiFlexGroup, EuiFlexItem } from '@elastic/eui'; + +import { HostsTable } from './hosts_table'; +import { KPIGrid } from './kpis/kpi_grid'; +import { Tabs } from './tabs/tabs'; +import { AlertsQueryProvider } from '../hooks/use_alerts_query'; +import { HostsViewProvider } from '../hooks/use_hosts_view'; +import { HostsTableProvider } from '../hooks/use_hosts_table'; +import { ErrorCallout } from './error_callout'; +import { useUnifiedSearchContext } from '../hooks/use_unified_search'; + +export const HostsContent = () => { + const { error } = useUnifiedSearchContext(); + + return ( + <> + {error ? ( + + ) : ( + + + + + + + + + + + + + + + + + + )} + + ); +}; diff --git a/x-pack/plugins/infra/public/pages/metrics/hosts/components/search_bar/limit_options.tsx b/x-pack/plugins/infra/public/pages/metrics/hosts/components/search_bar/limit_options.tsx index 3b08d6fd060f3..5c77556483b77 100644 --- a/x-pack/plugins/infra/public/pages/metrics/hosts/components/search_bar/limit_options.tsx +++ b/x-pack/plugins/infra/public/pages/metrics/hosts/components/search_bar/limit_options.tsx @@ -5,7 +5,7 @@ * 2.0. */ -import React from 'react'; +import React, { useState } from 'react'; import { EuiButtonGroup, EuiButtonGroupOptionProps, @@ -26,6 +26,11 @@ interface Props { } export const LimitOptions = ({ limit, onChange }: Props) => { + const [idSelected, setIdSelected] = useState(limit as number); + const onSelected = (value: number) => { + setIdSelected(value); + onChange(value); + }; return ( { legend={i18n.translate('xpack.infra.hostsViewPage.tabs.alerts.alertStatusFilter.legend', { defaultMessage: 'Filter by', })} - idSelected={buildId(limit)} + idSelected={buildId(idSelected)} options={options} - onChange={(_, value: number) => onChange(value)} + onChange={(_, value: number) => onSelected(value)} /> diff --git a/x-pack/plugins/infra/public/pages/metrics/hosts/components/search_bar/unified_search_bar.tsx b/x-pack/plugins/infra/public/pages/metrics/hosts/components/search_bar/unified_search_bar.tsx index 2ae8d8743b37d..b2e82c9ef4c7f 100644 --- a/x-pack/plugins/infra/public/pages/metrics/hosts/components/search_bar/unified_search_bar.tsx +++ b/x-pack/plugins/infra/public/pages/metrics/hosts/components/search_bar/unified_search_bar.tsx @@ -6,7 +6,13 @@ */ import React, { useMemo } from 'react'; -import { compareFilters, COMPARE_ALL_OPTIONS, type Filter } from '@kbn/es-query'; +import { + compareFilters, + COMPARE_ALL_OPTIONS, + type Query, + type TimeRange, + type Filter, +} from '@kbn/es-query'; import { i18n } from '@kbn/i18n'; import { EuiFlexGrid, @@ -20,7 +26,6 @@ import { useKibanaContextForPlugin } from '../../../../../hooks/use_kibana'; import { useUnifiedSearchContext } from '../../hooks/use_unified_search'; import { ControlsContent } from './controls_content'; import { useMetricsDataViewContext } from '../../hooks/use_data_view'; -import { HostsSearchPayload } from '../../hooks/use_unified_search_url_state'; import { LimitOptions } from './limit_options'; import { HostLimitOptions } from '../../types'; @@ -43,7 +48,7 @@ export const UnifiedSearchBar = () => { } }; - const handleRefresh = (payload: HostsSearchPayload, isUpdate?: boolean) => { + const handleRefresh = (payload: { query?: Query; dateRange: TimeRange }, isUpdate?: boolean) => { // This makes sure `onQueryChange` is only called when the submit button is clicked if (isUpdate === false) { onSubmit(payload); diff --git a/x-pack/plugins/infra/public/pages/metrics/hosts/hooks/use_data_view.test.ts b/x-pack/plugins/infra/public/pages/metrics/hosts/hooks/use_data_view.test.ts index 60fd87f095a3e..49e20d9890ccb 100644 --- a/x-pack/plugins/infra/public/pages/metrics/hosts/hooks/use_data_view.test.ts +++ b/x-pack/plugins/infra/public/pages/metrics/hosts/hooks/use_data_view.test.ts @@ -8,24 +8,20 @@ import { useDataView } from './use_data_view'; import { renderHook } from '@testing-library/react-hooks'; import { type KibanaReactContextValue, useKibana } from '@kbn/kibana-react-plugin/public'; -import { coreMock, notificationServiceMock } from '@kbn/core/public/mocks'; +import { coreMock } from '@kbn/core/public/mocks'; import type { DataView, DataViewsServicePublic } from '@kbn/data-views-plugin/public'; import type { InfraClientStartDeps } from '../../../../types'; import { CoreStart } from '@kbn/core/public'; -jest.mock('@kbn/i18n'); jest.mock('@kbn/kibana-react-plugin/public'); let dataViewMock: jest.Mocked; const useKibanaMock = useKibana as jest.MockedFunction; -const notificationMock = notificationServiceMock.createStartContract(); -const prop = { metricAlias: 'test' }; const mockUseKibana = () => { useKibanaMock.mockReturnValue({ services: { ...coreMock.createStart(), - notifications: notificationMock, dataViews: dataViewMock, } as Partial & Partial, } as unknown as KibanaReactContextValue & Partial>); @@ -43,34 +39,21 @@ const mockDataView = { describe('useDataView hook', () => { beforeEach(() => { dataViewMock = { - create: jest.fn(), - find: jest.fn(), + create: jest.fn().mockImplementation(() => Promise.resolve(mockDataView)), } as Partial as jest.Mocked; mockUseKibana(); }); it('should create a new ad-hoc data view', async () => { - dataViewMock.create.mockReturnValue(Promise.resolve(mockDataView)); - const { result, waitForNextUpdate } = renderHook(() => useDataView(prop)); + const { result, waitForNextUpdate } = renderHook(() => useDataView({ metricAlias: 'test' })); await waitForNextUpdate(); expect(result.current.loading).toEqual(false); - expect(result.current.hasError).toEqual(false); + expect(result.current.error).toBeUndefined(); expect(result.current.dataView).toEqual(mockDataView); }); - it('should display a toast when it fails to load the data view', async () => { - dataViewMock.create.mockReturnValue(Promise.reject()); - const { result, waitForNextUpdate } = renderHook(() => useDataView(prop)); - - await waitForNextUpdate(); - expect(result.current.loading).toEqual(false); - expect(result.current.hasError).toEqual(true); - expect(result.current.dataView).toBeUndefined(); - expect(notificationMock.toasts.addDanger).toBeCalledTimes(1); - }); - it('should create a dataview with unique id for metricAlias metrics', async () => { const { waitForNextUpdate } = renderHook(() => useDataView({ metricAlias: 'metrics' })); diff --git a/x-pack/plugins/infra/public/pages/metrics/hosts/hooks/use_data_view.ts b/x-pack/plugins/infra/public/pages/metrics/hosts/hooks/use_data_view.ts index 83fedf4292937..95cce647eb346 100644 --- a/x-pack/plugins/infra/public/pages/metrics/hosts/hooks/use_data_view.ts +++ b/x-pack/plugins/infra/public/pages/metrics/hosts/hooks/use_data_view.ts @@ -5,14 +5,10 @@ * 2.0. */ -import { i18n } from '@kbn/i18n'; import { v5 as uuidv5 } from 'uuid'; -import { useEffect, useMemo, useState } from 'react'; -import { useKibana } from '@kbn/kibana-react-plugin/public'; import createContainer from 'constate'; -import type { DataView, DataViewSpec } from '@kbn/data-views-plugin/public'; -import { useTrackedPromise } from '../../../../utils/use_tracked_promise'; -import type { InfraClientStartDeps } from '../../../../types'; +import useAsyncRetry from 'react-use/lib/useAsyncRetry'; +import { useKibanaContextForPlugin } from '../../../../hooks/use_kibana'; import { DATA_VIEW_PREFIX, TIMESTAMP_FIELD } from '../constants'; export const generateDataViewId = (indexPattern: string) => { @@ -22,60 +18,25 @@ export const generateDataViewId = (indexPattern: string) => { export const useDataView = ({ metricAlias }: { metricAlias: string }) => { const { - services: { dataViews, notifications }, - } = useKibana(); + services: { dataViews }, + } = useKibanaContextForPlugin(); - const [dataView, setDataView] = useState(); - const [hasError, setHasError] = useState(false); - - const [createAdhocDataViewRequest, createAdhocDataView] = useTrackedPromise( - { - createPromise: (config: DataViewSpec): Promise => { - return dataViews.create(config); - }, - onResolve: (response: DataView) => { - setDataView(response); - setHasError(false); - }, - onReject: () => { - setHasError(true); - }, - cancelPreviousOn: 'creation', - }, - [] - ); - - const loading = useMemo( - () => - createAdhocDataViewRequest.state === 'pending' || - createAdhocDataViewRequest.state === 'uninitialized', - [createAdhocDataViewRequest.state] - ); - - useEffect(() => { - createAdhocDataView({ + const state = useAsyncRetry(() => { + return dataViews.create({ id: generateDataViewId(metricAlias), title: metricAlias, timeFieldName: TIMESTAMP_FIELD, }); - }, [createAdhocDataView, metricAlias]); + }, [metricAlias]); - useEffect(() => { - if (hasError && notifications) { - notifications.toasts.addDanger( - i18n.translate('xpack.infra.hostsViewPage.errorOnCreateOrLoadDataview', { - defaultMessage: 'There was an error trying to create a Data View: {metricAlias}', - values: { metricAlias }, - }) - ); - } - }, [hasError, notifications, metricAlias]); + const { value, loading, error, retry } = state; return { metricAlias, - dataView, + dataView: value, loading, - hasError, + loadDataView: retry, + error, }; }; diff --git a/x-pack/plugins/infra/public/pages/metrics/hosts/hooks/use_unified_search.ts b/x-pack/plugins/infra/public/pages/metrics/hosts/hooks/use_unified_search.ts index 4261f630319f8..516c2fcb03f99 100644 --- a/x-pack/plugins/infra/public/pages/metrics/hosts/hooks/use_unified_search.ts +++ b/x-pack/plugins/infra/public/pages/metrics/hosts/hooks/use_unified_search.ts @@ -5,13 +5,14 @@ * 2.0. */ import createContainer from 'constate'; -import { useCallback, useEffect } from 'react'; +import { useCallback, useEffect, useState } from 'react'; import DateMath from '@kbn/datemath'; -import { buildEsQuery, type Query } from '@kbn/es-query'; +import { buildEsQuery, fromKueryExpression, type Query } from '@kbn/es-query'; import { map, skip, startWith } from 'rxjs/operators'; import { combineLatest } from 'rxjs'; import deepEqual from 'fast-deep-equal'; import useEffectOnce from 'react-use/lib/useEffectOnce'; +import { useKibanaQuerySettings } from '../../../../utils/use_kibana_query_settings'; import { useKibanaContextForPlugin } from '../../../../hooks/use_kibana'; import { telemetryTimeRangeFormatter } from '../../../../../common/formatters/telemetry_time_range'; import { useMetricsDataViewContext } from './use_data_view'; @@ -48,9 +49,12 @@ const getDefaultTimestamps = () => { }; export const useUnifiedSearch = () => { + const [error, setError] = useState(null); const [searchCriteria, setSearch] = useHostsUrlState(); const { dataView } = useMetricsDataViewContext(); const { services } = useKibanaContextForPlugin(); + const kibanaQuerySettings = useKibanaQuerySettings(); + const { data: { query: { @@ -62,7 +66,37 @@ export const useUnifiedSearch = () => { telemetry, } = services; - const onSubmit = (params?: HostsSearchPayload) => setSearch(params ?? {}); + const validateQuery = useCallback( + (query: Query) => { + fromKueryExpression(query.query, kibanaQuerySettings); + }, + [kibanaQuerySettings] + ); + + const onSubmit = useCallback( + (params?: HostsSearchPayload) => { + try { + setError(null); + /* + / Validates the Search Bar input values before persisting them in the state. + / Since the search can be triggered by components that are unaware of the Unified Search state (e.g Controls and Host Limit), + / this will always validates the query bar value, regardless of whether it's been sent in the current event or not. + */ + validateQuery(params?.query ?? (queryStringService.getQuery() as Query)); + setSearch(params ?? {}); + } catch (err) { + /* + / Persists in the state the params so they can be used in case the query bar is fixed by the user. + / This is needed because the Unified Search observables are unnaware of the other componets in the search bar. + / Invalid query isn't persisted because it breaks the Control component + */ + const { query, ...validParams } = params ?? {}; + setSearch(validParams ?? {}); + setError(err); + } + }, + [queryStringService, setSearch, validateQuery] + ); const getParsedDateRange = useCallback(() => { const defaults = getDefaultTimestamps(); @@ -84,21 +118,38 @@ export const useUnifiedSearch = () => { }, [getParsedDateRange]); const buildQuery = useCallback(() => { - return buildEsQuery(dataView, searchCriteria.query, [ - ...searchCriteria.filters, - ...searchCriteria.panelFilters, - ]); - }, [dataView, searchCriteria.query, searchCriteria.filters, searchCriteria.panelFilters]); + return buildEsQuery( + dataView, + searchCriteria.query, + [...searchCriteria.filters, ...searchCriteria.panelFilters], + kibanaQuerySettings + ); + }, [ + dataView, + searchCriteria.query, + searchCriteria.filters, + searchCriteria.panelFilters, + kibanaQuerySettings, + ]); useEffectOnce(() => { - // Sync filtersService from state + // Sync filtersService from the URL state if (!deepEqual(filterManagerService.getFilters(), searchCriteria.filters)) { filterManagerService.setFilters(searchCriteria.filters); } - // Sync queryService from state + // Sync queryService from the URL state if (!deepEqual(queryStringService.getQuery(), searchCriteria.query)) { queryStringService.setQuery(searchCriteria.query); } + + try { + // Validates the "query" object from the URL state + if (searchCriteria.query) { + validateQuery(searchCriteria.query); + } + } catch (err) { + setError(err); + } }); useEffect(() => { @@ -117,12 +168,12 @@ export const useUnifiedSearch = () => { query: query$, }) .pipe(skip(1)) - .subscribe(setSearch); + .subscribe(onSubmit); return () => { subscription.unsubscribe(); }; - }, [filterManagerService, setSearch, queryStringService, timeFilterService.timefilter]); + }, [filterManagerService, onSubmit, queryStringService, timeFilterService.timefilter]); // Track telemetry event on query/filter/date changes useEffect(() => { @@ -133,6 +184,7 @@ export const useUnifiedSearch = () => { }, [getDateRangeAsTimestamp, searchCriteria, telemetry]); return { + error, buildQuery, onSubmit, getParsedDateRange, diff --git a/x-pack/plugins/infra/public/pages/metrics/inventory_view/components/node_details/tabs/processes/summary_table.tsx b/x-pack/plugins/infra/public/pages/metrics/inventory_view/components/node_details/tabs/processes/summary_table.tsx index ccfd138684895..61e5cde421181 100644 --- a/x-pack/plugins/infra/public/pages/metrics/inventory_view/components/node_details/tabs/processes/summary_table.tsx +++ b/x-pack/plugins/infra/public/pages/metrics/inventory_view/components/node_details/tabs/processes/summary_table.tsx @@ -30,15 +30,32 @@ type SummaryRecord = { total: number; } & Record; +const NOT_AVAILABLE_LABEL = i18n.translate('xpack.infra.notAvailableLabel', { + defaultMessage: 'N/A', +}); + +const processSummaryNotAvailable = { + total: NOT_AVAILABLE_LABEL, + running: NOT_AVAILABLE_LABEL, + sleeping: NOT_AVAILABLE_LABEL, + dead: NOT_AVAILABLE_LABEL, + stopped: NOT_AVAILABLE_LABEL, + idle: NOT_AVAILABLE_LABEL, + zombie: NOT_AVAILABLE_LABEL, + unknown: NOT_AVAILABLE_LABEL, +}; + export const SummaryTable = ({ processSummary, isLoading }: Props) => { + const summary = !processSummary?.total ? processSummaryNotAvailable : processSummary; + const processCount = useMemo( () => ({ - total: isLoading ? -1 : processSummary.total, + total: isLoading ? -1 : summary.total, ...mapValues(STATE_NAMES, () => (isLoading ? -1 : 0)), - ...(isLoading ? {} : processSummary), + ...(isLoading ? {} : summary), } as SummaryRecord), - [processSummary, isLoading] + [summary, isLoading] ); return ( <> diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/alerts_grouping.test.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/alerts_grouping.test.tsx index 04a20e3675642..8ba527935936e 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/alerts_grouping.test.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/alerts_grouping.test.tsx @@ -27,20 +27,30 @@ import { createStore } from '../../../common/store'; import { useKibana as mockUseKibana } from '../../../common/lib/kibana/__mocks__'; import { createTelemetryServiceMock } from '../../../common/lib/telemetry/telemetry_service.mock'; import { useQueryAlerts } from '../../containers/detection_engine/alerts/use_query'; -import { groupingSearchResponse } from './grouping_settings/mock'; +import { getQuery, groupingSearchResponse } from './grouping_settings/mock'; jest.mock('../../containers/detection_engine/alerts/use_query'); jest.mock('../../../common/containers/sourcerer'); jest.mock('../../../common/utils/normalize_time_range'); -jest.mock('../../../common/containers/use_global_time', () => ({ - useGlobalTime: jest.fn().mockReturnValue({ - from: '2020-07-07T08:20:18.966Z', - isInitializing: false, - to: '2020-07-08T08:20:18.966Z', - setQuery: jest.fn(), - }), +jest.mock('uuid', () => ({ + v4: jest.fn().mockReturnValue('test-uuid'), })); +const mockDate = { + from: '2020-07-07T08:20:18.966Z', + to: '2020-07-08T08:20:18.966Z', +}; + +const mockUseGlobalTime = jest + .fn() + .mockReturnValue({ ...mockDate, setQuery: jest.fn(), deleteQuery: jest.fn() }); + +jest.mock('../../../common/containers/use_global_time', () => { + return { + useGlobalTime: (...props: unknown[]) => mockUseGlobalTime(...props), + }; +}); + const mockOptions = [ { label: 'ruleName', key: 'kibana.alert.rule.name' }, { label: 'userName', key: 'user.name' }, @@ -105,8 +115,8 @@ const sourcererDataView = { const renderChildComponent = (groupingFilters: Filter[]) =>

; const testProps: AlertsTableComponentProps = { + ...mockDate, defaultFilters: [], - from: '2020-07-07T08:20:18.966Z', globalFilters: [], globalQuery: { query: 'query', @@ -119,7 +129,6 @@ const testProps: AlertsTableComponentProps = { runtimeMappings: {}, signalIndexName: 'test', tableId: TableId.test, - to: '2020-07-08T08:20:18.966Z', }; const mockUseQueryAlerts = useQueryAlerts as jest.Mock; @@ -220,61 +229,7 @@ describe('GroupedAlertsTable', () => { ); expect(mockUseQueryAlerts).toHaveBeenLastCalledWith({ indexName: 'test', - query: { - _source: false, - aggs: { - groupByFields: { - aggs: { - bucket_truncate: { - bucket_sort: { from: 0, size: 25, sort: [{ unitsCount: { order: 'desc' } }] }, - }, - countSeveritySubAggregation: { cardinality: { field: 'kibana.alert.severity' } }, - hostsCountAggregation: { cardinality: { field: 'host.name' } }, - description: { terms: { field: 'kibana.alert.rule.description', size: 1 } }, - ruleTags: { terms: { field: 'kibana.alert.rule.tags' } }, - severitiesSubAggregation: { terms: { field: 'kibana.alert.severity' } }, - unitsCount: { cardinality: { field: 'kibana.alert.uuid' } }, - usersCountAggregation: { cardinality: { field: 'user.name' } }, - }, - multi_terms: { - size: 10000, - terms: [ - { field: 'kibana.alert.rule.name', missing: '-' }, - { field: 'kibana.alert.rule.name', missing: '--' }, - ], - }, - }, - groupsCount: { cardinality: { field: 'kibana.alert.rule.name' } }, - unitsCount: { - value_count: { - field: 'kibana.alert.rule.name', - missing: '-', - }, - }, - unitsCountWithoutNull: { - value_count: { - field: 'kibana.alert.rule.name', - }, - }, - }, - query: { - bool: { - filter: [ - { bool: { filter: [], must: [], must_not: [], should: [] } }, - { - range: { - '@timestamp': { - gte: '2020-07-07T08:20:18.966Z', - lte: '2020-07-08T08:20:18.966Z', - }, - }, - }, - ], - }, - }, - runtime_mappings: {}, - size: 0, - }, + query: getQuery('kibana.alert.rule.name', 'SuperUniqueValue-test-uuid', mockDate), queryName: 'securitySolutionUI fetchAlerts grouping', skip: false, }); diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/alerts_sub_grouping.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/alerts_sub_grouping.tsx index 10da67e5a33b9..c740df7e273f2 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/alerts_sub_grouping.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/alerts_sub_grouping.tsx @@ -16,7 +16,7 @@ import type { DynamicGroupingProps } from '@kbn/securitysolution-grouping/src'; import type { MappingRuntimeFields } from '@elastic/elasticsearch/lib/api/types'; import type { TableIdLiteral } from '@kbn/securitysolution-data-table'; import { parseGroupingQuery } from '@kbn/securitysolution-grouping/src'; -import { combineQueries, getFieldEsTypes } from '../../../common/lib/kuery'; +import { combineQueries } from '../../../common/lib/kuery'; import { SourcererScopeName } from '../../../common/store/sourcerer/model'; import type { AlertsGroupingAggregation } from './grouping_settings/types'; import type { Status } from '../../../../common/detection_engine/schemas/common'; @@ -141,16 +141,14 @@ export const GroupedSubLevelComponent: React.FC = ({ } }, [defaultFilters, globalFilters, globalQuery, parentGroupingFilter]); - const selectedGroupEsTypes = useMemo( - () => getFieldEsTypes(selectedGroup, browserFields), - [selectedGroup, browserFields] - ); + // create a unique, but stable (across re-renders) value + const uniqueValue = useMemo(() => `SuperUniqueValue-${uuidv4()}`, []); const queryGroups = useMemo(() => { return getAlertsGroupingQuery({ additionalFilters, selectedGroup, - selectedGroupEsTypes, + uniqueValue, from, runtimeMappings, to, @@ -164,8 +162,8 @@ export const GroupedSubLevelComponent: React.FC = ({ pageSize, runtimeMappings, selectedGroup, - selectedGroupEsTypes, to, + uniqueValue, ]); const emptyGlobalQuery = useMemo(() => getGlobalQuery([]), [getGlobalQuery]); @@ -201,14 +199,16 @@ export const GroupedSubLevelComponent: React.FC = ({ parseGroupingQuery( // fallback to selectedGroup if queriedGroup.current is null, this happens in tests queriedGroup.current === null ? selectedGroup : queriedGroup.current, + uniqueValue, alertsGroupsData?.aggregations ), - [alertsGroupsData?.aggregations, selectedGroup] + [alertsGroupsData?.aggregations, selectedGroup, uniqueValue] ); useEffect(() => { if (!isNoneGroup([selectedGroup])) { - queriedGroup.current = queryGroups?.aggs?.groupsCount?.cardinality?.field ?? ''; + queriedGroup.current = + queryGroups?.runtime_mappings?.groupByField?.script?.params?.selectedGroup ?? ''; setAlertsQuery(queryGroups); } }, [queryGroups, selectedGroup, setAlertsQuery]); @@ -255,37 +255,33 @@ export const GroupedSubLevelComponent: React.FC = ({ () => getGrouping({ activePage: pageIndex, - data: { - ...alertsGroupsData?.aggregations, - ...aggs, - }, + data: aggs, groupingLevel, inspectButton: inspect, isLoading: loading || isLoadingGroups, itemsPerPage: pageSize, onChangeGroupsItemsPerPage: (size: number) => setPageSize(size), onChangeGroupsPage: (index) => setPageIndex(index), - renderChildComponent, onGroupClose, + renderChildComponent, selectedGroup, takeActionItems: getTakeActionItems, }), [ - getGrouping, - pageIndex, - alertsGroupsData, aggs, + getGrouping, + getTakeActionItems, groupingLevel, inspect, - loading, isLoadingGroups, + loading, + onGroupClose, + pageIndex, pageSize, renderChildComponent, - onGroupClose, selectedGroup, - getTakeActionItems, - setPageSize, setPageIndex, + setPageSize, ] ); }; diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/mock.ts b/x-pack/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/mock.ts index c9717c2a1ad2b..d9c0d7aa8f8eb 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/mock.ts +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/mock.ts @@ -7,6 +7,112 @@ import { mockAlertSearchResponse } from '../../../../common/components/alerts_treemap/lib/mocks/mock_alert_search_response'; +export const getQuery = ( + selectedGroup: string, + uniqueValue: string, + timeRange: { from: string; to: string } +) => ({ + _source: false, + aggs: { + unitsCount: { + value_count: { + field: 'groupByField', + }, + }, + groupsCount: { + cardinality: { + field: 'groupByField', + }, + }, + groupByFields: { + aggs: { + unitsCount: { + cardinality: { + field: 'kibana.alert.uuid', + }, + }, + description: { + terms: { + field: 'kibana.alert.rule.description', + size: 1, + }, + }, + bucket_truncate: { + bucket_sort: { + from: 0, + size: 25, + sort: [ + { + unitsCount: { + order: 'desc', + }, + }, + ], + }, + }, + countSeveritySubAggregation: { + cardinality: { + field: 'kibana.alert.severity', + }, + }, + hostsCountAggregation: { + cardinality: { + field: 'host.name', + }, + }, + ruleTags: { + terms: { + field: 'kibana.alert.rule.tags', + }, + }, + severitiesSubAggregation: { + terms: { + field: 'kibana.alert.severity', + }, + }, + usersCountAggregation: { + cardinality: { + field: 'user.name', + }, + }, + }, + terms: { + field: 'groupByField', + size: 10000, + }, + }, + }, + query: { + bool: { + filter: [ + { bool: { filter: [], must: [], must_not: [], should: [] } }, + { + range: { + '@timestamp': { + gte: timeRange.from, + lte: timeRange.to, + }, + }, + }, + ], + }, + }, + runtime_mappings: { + groupByField: { + type: 'keyword', + script: { + source: + "if (doc[params['selectedGroup']].size()==0) { emit(params['uniqueValue']) } else { emit(doc[params['selectedGroup']].join(params['uniqueValue']))}", + params: { + selectedGroup, + uniqueValue, + }, + }, + }, + }, + size: 0, +}); + export const groupingSearchResponse = { ...mockAlertSearchResponse, hits: { @@ -26,8 +132,8 @@ export const groupingSearchResponse = { sum_other_doc_count: 0, buckets: [ { - key: ['critical hosts [Duplicate]', 'critical hosts [Duplicate]'], - key_as_string: 'critical hosts [Duplicate]|critical hosts [Duplicate]', + key: ['critical hosts [Duplicate]'], + key_as_string: 'critical hosts [Duplicate]', doc_count: 300, hostsCountAggregation: { value: 30, @@ -77,9 +183,8 @@ export const groupingSearchResponse = { }, }, { - key: ['critical hosts [Duplicate] [Duplicate]', 'critical hosts [Duplicate] [Duplicate]'], - key_as_string: - 'critical hosts [Duplicate] [Duplicate]|critical hosts [Duplicate] [Duplicate]', + key: ['critical hosts [Duplicate] [Duplicate]'], + key_as_string: 'critical hosts [Duplicate] [Duplicate]', doc_count: 300, hostsCountAggregation: { value: 30, @@ -129,8 +234,8 @@ export const groupingSearchResponse = { }, }, { - key: ['high hosts [Duplicate]', 'high hosts [Duplicate]'], - key_as_string: 'high hosts [Duplicate]|high hosts [Duplicate]', + key: ['high hosts [Duplicate]'], + key_as_string: 'high hosts [Duplicate]', doc_count: 300, hostsCountAggregation: { value: 30, @@ -180,8 +285,8 @@ export const groupingSearchResponse = { }, }, { - key: ['high hosts [Duplicate] [Duplicate]', 'high hosts [Duplicate] [Duplicate]'], - key_as_string: 'high hosts [Duplicate] [Duplicate]|high hosts [Duplicate] [Duplicate]', + key: ['high hosts [Duplicate] [Duplicate]'], + key_as_string: 'high hosts [Duplicate] [Duplicate]', doc_count: 300, hostsCountAggregation: { value: 30, @@ -231,8 +336,8 @@ export const groupingSearchResponse = { }, }, { - key: ['low hosts [Duplicate]', 'low hosts [Duplicate]'], - key_as_string: 'low hosts [Duplicate]|low hosts [Duplicate]', + key: ['low hosts [Duplicate]'], + key_as_string: 'low hosts [Duplicate]', doc_count: 300, hostsCountAggregation: { value: 30, @@ -282,8 +387,8 @@ export const groupingSearchResponse = { }, }, { - key: ['low hosts [Duplicate] [Duplicate]', 'low hosts [Duplicate] [Duplicate]'], - key_as_string: 'low hosts [Duplicate] [Duplicate]|low hosts [Duplicate] [Duplicate]', + key: ['low hosts [Duplicate] [Duplicate]'], + key_as_string: 'low hosts [Duplicate] [Duplicate]', doc_count: 300, hostsCountAggregation: { value: 30, @@ -333,8 +438,8 @@ export const groupingSearchResponse = { }, }, { - key: ['medium hosts [Duplicate]', 'medium hosts [Duplicate]'], - key_as_string: 'medium hosts [Duplicate]|medium hosts [Duplicate]', + key: ['medium hosts [Duplicate]'], + key_as_string: 'medium hosts [Duplicate]', doc_count: 300, hostsCountAggregation: { value: 30, @@ -384,9 +489,8 @@ export const groupingSearchResponse = { }, }, { - key: ['medium hosts [Duplicate] [Duplicate]', 'medium hosts [Duplicate] [Duplicate]'], - key_as_string: - 'medium hosts [Duplicate] [Duplicate]|medium hosts [Duplicate] [Duplicate]', + key: ['medium hosts [Duplicate] [Duplicate]'], + key_as_string: 'medium hosts [Duplicate] [Duplicate]', doc_count: 300, hostsCountAggregation: { value: 30, @@ -436,8 +540,8 @@ export const groupingSearchResponse = { }, }, { - key: ['critical users [Duplicate]', 'critical users [Duplicate]'], - key_as_string: 'critical users [Duplicate]|critical users [Duplicate]', + key: ['critical users [Duplicate]'], + key_as_string: 'critical users [Duplicate]', doc_count: 273, hostsCountAggregation: { value: 10, @@ -487,12 +591,8 @@ export const groupingSearchResponse = { }, }, { - key: [ - 'critical users [Duplicate] [Duplicate]', - 'critical users [Duplicate] [Duplicate]', - ], - key_as_string: - 'critical users [Duplicate] [Duplicate]|critical users [Duplicate] [Duplicate]', + key: ['critical users [Duplicate] [Duplicate]'], + key_as_string: 'critical users [Duplicate] [Duplicate]', doc_count: 273, hostsCountAggregation: { value: 10, @@ -542,8 +642,8 @@ export const groupingSearchResponse = { }, }, { - key: ['high users [Duplicate]', 'high users [Duplicate]'], - key_as_string: 'high users [Duplicate]|high users [Duplicate]', + key: ['high users [Duplicate]'], + key_as_string: 'high users [Duplicate]', doc_count: 273, hostsCountAggregation: { value: 10, @@ -593,8 +693,8 @@ export const groupingSearchResponse = { }, }, { - key: ['high users [Duplicate] [Duplicate]', 'high users [Duplicate] [Duplicate]'], - key_as_string: 'high users [Duplicate] [Duplicate]|high users [Duplicate] [Duplicate]', + key: ['high users [Duplicate] [Duplicate]'], + key_as_string: 'high users [Duplicate] [Duplicate]', doc_count: 273, hostsCountAggregation: { value: 10, @@ -644,8 +744,8 @@ export const groupingSearchResponse = { }, }, { - key: ['low users [Duplicate]', 'low users [Duplicate]'], - key_as_string: 'low users [Duplicate]|low users [Duplicate]', + key: ['low users [Duplicate]'], + key_as_string: 'low users [Duplicate]', doc_count: 273, hostsCountAggregation: { value: 10, @@ -695,8 +795,8 @@ export const groupingSearchResponse = { }, }, { - key: ['low users [Duplicate] [Duplicate]', 'low users [Duplicate] [Duplicate]'], - key_as_string: 'low users [Duplicate] [Duplicate]|low users [Duplicate] [Duplicate]', + key: ['low users [Duplicate] [Duplicate]'], + key_as_string: 'low users [Duplicate] [Duplicate]', doc_count: 273, hostsCountAggregation: { value: 10, @@ -746,8 +846,8 @@ export const groupingSearchResponse = { }, }, { - key: ['medium users [Duplicate]', 'medium users [Duplicate]'], - key_as_string: 'medium users [Duplicate]|medium users [Duplicate]', + key: ['medium users [Duplicate]'], + key_as_string: 'medium users [Duplicate]', doc_count: 273, hostsCountAggregation: { value: 10, @@ -797,9 +897,8 @@ export const groupingSearchResponse = { }, }, { - key: ['medium users [Duplicate] [Duplicate]', 'medium users [Duplicate] [Duplicate]'], - key_as_string: - 'medium users [Duplicate] [Duplicate]|medium users [Duplicate] [Duplicate]', + key: ['medium users [Duplicate] [Duplicate]'], + key_as_string: 'medium users [Duplicate] [Duplicate]', doc_count: 273, hostsCountAggregation: { value: 10, @@ -849,8 +948,8 @@ export const groupingSearchResponse = { }, }, { - key: ['critical hosts', 'critical hosts'], - key_as_string: 'critical hosts|critical hosts', + key: ['critical hosts'], + key_as_string: 'critical hosts', doc_count: 100, hostsCountAggregation: { value: 30, @@ -900,12 +999,8 @@ export const groupingSearchResponse = { }, }, { - key: [ - 'critical hosts [Duplicate] [Duplicate] [Duplicate]', - 'critical hosts [Duplicate] [Duplicate] [Duplicate]', - ], - key_as_string: - 'critical hosts [Duplicate] [Duplicate] [Duplicate]|critical hosts [Duplicate] [Duplicate] [Duplicate]', + key: ['critical hosts [Duplicate] [Duplicate] [Duplicate]'], + key_as_string: 'critical hosts [Duplicate] [Duplicate] [Duplicate]', doc_count: 100, hostsCountAggregation: { value: 30, @@ -955,8 +1050,8 @@ export const groupingSearchResponse = { }, }, { - key: ['high hosts', 'high hosts'], - key_as_string: 'high hosts|high hosts', + key: ['high hosts'], + key_as_string: 'high hosts', doc_count: 100, hostsCountAggregation: { value: 30, @@ -1006,12 +1101,8 @@ export const groupingSearchResponse = { }, }, { - key: [ - 'high hosts [Duplicate] [Duplicate] [Duplicate]', - 'high hosts [Duplicate] [Duplicate] [Duplicate]', - ], - key_as_string: - 'high hosts [Duplicate] [Duplicate] [Duplicate]|high hosts [Duplicate] [Duplicate] [Duplicate]', + key: ['high hosts [Duplicate] [Duplicate] [Duplicate]'], + key_as_string: 'high hosts [Duplicate] [Duplicate] [Duplicate]', doc_count: 100, hostsCountAggregation: { value: 30, @@ -1061,8 +1152,8 @@ export const groupingSearchResponse = { }, }, { - key: ['low hosts ', 'low hosts '], - key_as_string: 'low hosts |low hosts ', + key: ['low hosts '], + key_as_string: 'low hosts ', doc_count: 100, hostsCountAggregation: { value: 30, @@ -1112,12 +1203,8 @@ export const groupingSearchResponse = { }, }, { - key: [ - 'low hosts [Duplicate] [Duplicate] [Duplicate]', - 'low hosts [Duplicate] [Duplicate] [Duplicate]', - ], - key_as_string: - 'low hosts [Duplicate] [Duplicate] [Duplicate]|low hosts [Duplicate] [Duplicate] [Duplicate]', + key: ['low hosts [Duplicate] [Duplicate] [Duplicate]'], + key_as_string: 'low hosts [Duplicate] [Duplicate] [Duplicate]', doc_count: 100, hostsCountAggregation: { value: 30, @@ -1167,8 +1254,8 @@ export const groupingSearchResponse = { }, }, { - key: ['medium hosts', 'medium hosts'], - key_as_string: 'medium hosts|medium hosts', + key: ['medium hosts'], + key_as_string: 'medium hosts', doc_count: 100, hostsCountAggregation: { value: 30, @@ -1218,12 +1305,8 @@ export const groupingSearchResponse = { }, }, { - key: [ - 'medium hosts [Duplicate] [Duplicate] [Duplicate]', - 'medium hosts [Duplicate] [Duplicate] [Duplicate]', - ], - key_as_string: - 'medium hosts [Duplicate] [Duplicate] [Duplicate]|medium hosts [Duplicate] [Duplicate] [Duplicate]', + key: ['medium hosts [Duplicate] [Duplicate] [Duplicate]'], + key_as_string: 'medium hosts [Duplicate] [Duplicate] [Duplicate]', doc_count: 100, hostsCountAggregation: { value: 30, @@ -1273,12 +1356,8 @@ export const groupingSearchResponse = { }, }, { - key: [ - 'critical users [Duplicate] [Duplicate] [Duplicate]', - 'critical users [Duplicate] [Duplicate] [Duplicate]', - ], - key_as_string: - 'critical users [Duplicate] [Duplicate] [Duplicate]|critical users [Duplicate] [Duplicate] [Duplicate]', + key: ['critical users [Duplicate] [Duplicate] [Duplicate]'], + key_as_string: 'critical users [Duplicate] [Duplicate] [Duplicate]', doc_count: 91, hostsCountAggregation: { value: 10, diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/query_builder.test.ts b/x-pack/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/query_builder.test.ts index 30cf3c5b0be24..0ca672ba20d16 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/query_builder.test.ts +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/query_builder.test.ts @@ -6,295 +6,55 @@ */ import { getAlertsGroupingQuery } from '.'; +import { getQuery } from './mock'; + +let sampleData = { + from: '2022-12-29T22:57:34.029Z', + to: '2023-01-28T22:57:29.029Z', + pageIndex: 0, + pageSize: 25, + runtimeMappings: {}, + uniqueValue: 'aSuperUniqueValue', + selectedGroup: 'kibana.alert.rule.name', + additionalFilters: [{ bool: { filter: [], must: [], must_not: [], should: [] } }], +}; describe('getAlertsGroupingQuery', () => { it('returns query with aggregations for kibana.alert.rule.name', () => { - const groupingQuery = getAlertsGroupingQuery({ - from: '2022-12-29T22:57:34.029Z', - to: '2023-01-28T22:57:29.029Z', - pageIndex: 0, - pageSize: 25, - runtimeMappings: {}, - selectedGroupEsTypes: ['keyword'], - selectedGroup: 'kibana.alert.rule.name', - additionalFilters: [ - { - bool: { - must: [], - filter: [ - { - match_phrase: { - 'kibana.alert.workflow_status': 'acknowledged', - }, - }, - ], - should: [], - must_not: [ - { - exists: { - field: 'kibana.alert.building_block_type', - }, - }, - ], - }, - }, - ], - }); - - expect(groupingQuery).toStrictEqual({ - _source: false, - aggs: { - unitsCount: { - value_count: { - field: 'kibana.alert.rule.name', - missing: '-', - }, - }, - unitsCountWithoutNull: { - value_count: { - field: 'kibana.alert.rule.name', - }, - }, - groupsCount: { - cardinality: { - field: 'kibana.alert.rule.name', - }, - }, - groupByFields: { - aggs: { - unitsCount: { - cardinality: { - field: 'kibana.alert.uuid', - }, - }, - description: { - terms: { - field: 'kibana.alert.rule.description', - size: 1, - }, - }, - bucket_truncate: { - bucket_sort: { - from: 0, - size: 25, - sort: [ - { - unitsCount: { - order: 'desc', - }, - }, - ], - }, - }, - countSeveritySubAggregation: { - cardinality: { - field: 'kibana.alert.severity', - }, - }, - hostsCountAggregation: { - cardinality: { - field: 'host.name', - }, - }, - ruleTags: { - terms: { - field: 'kibana.alert.rule.tags', - }, - }, - severitiesSubAggregation: { - terms: { - field: 'kibana.alert.severity', - }, - }, - usersCountAggregation: { - cardinality: { - field: 'user.name', - }, - }, - }, - multi_terms: { - size: 10000, - terms: [ - { - field: 'kibana.alert.rule.name', - missing: '-', - }, - { - field: 'kibana.alert.rule.name', - missing: '--', - }, - ], - }, - }, - }, - query: { - bool: { - filter: [ - { - bool: { - filter: [ - { - match_phrase: { - 'kibana.alert.workflow_status': 'acknowledged', - }, - }, - ], - must: [], - must_not: [ - { - exists: { - field: 'kibana.alert.building_block_type', - }, - }, - ], - should: [], - }, - }, - { - range: { - '@timestamp': { - gte: '2022-12-29T22:57:34.029Z', - lte: '2023-01-28T22:57:29.029Z', - }, - }, - }, - ], - }, - }, - runtime_mappings: {}, - size: 0, - }); + const groupingQuery = getAlertsGroupingQuery(sampleData); + expect(groupingQuery).toStrictEqual( + getQuery(sampleData.selectedGroup, sampleData.uniqueValue, { + from: sampleData.from, + to: sampleData.to, + }) + ); }); - it('returns default query with aggregations if the field specific metrics was not defined', () => { - const groupingQuery = getAlertsGroupingQuery({ - from: '2022-12-29T22:57:34.029Z', - to: '2023-01-28T22:57:29.029Z', - pageIndex: 0, - pageSize: 25, - runtimeMappings: {}, - selectedGroupEsTypes: ['keyword'], + sampleData = { + ...sampleData, selectedGroup: 'process.name', - additionalFilters: [ - { - bool: { - must: [], - filter: [ - { - match_phrase: { - 'kibana.alert.workflow_status': 'acknowledged', - }, - }, - ], - should: [], - must_not: [ - { - exists: { - field: 'kibana.alert.building_block_type', - }, - }, - ], - }, - }, - ], + }; + const groupingQuery = getAlertsGroupingQuery(sampleData); + const expectedResult = getQuery(sampleData.selectedGroup, sampleData.uniqueValue, { + from: sampleData.from, + to: sampleData.to, }); + const { unitsCount, bucket_truncate: bucketTruncate } = expectedResult.aggs.groupByFields.aggs; + expect(groupingQuery).toStrictEqual({ - _source: false, + ...expectedResult, aggs: { - unitsCount: { - value_count: { - field: 'process.name', - missing: '-', - }, - }, - unitsCountWithoutNull: { - value_count: { - field: 'process.name', - }, - }, - groupsCount: { - cardinality: { - field: 'process.name', - }, - }, + ...expectedResult.aggs, groupByFields: { + ...expectedResult.aggs.groupByFields, aggs: { - unitsCount: { - cardinality: { - field: 'kibana.alert.uuid', - }, - }, - bucket_truncate: { - bucket_sort: { - from: 0, - size: 25, - sort: [ - { - unitsCount: { - order: 'desc', - }, - }, - ], - }, - }, - rulesCountAggregation: { - cardinality: { - field: 'kibana.alert.rule.rule_id', - }, - }, - }, - multi_terms: { - size: 10000, - terms: [ - { - field: 'process.name', - missing: '-', - }, - { - field: 'process.name', - missing: '--', - }, - ], + bucket_truncate: bucketTruncate, + unitsCount, + rulesCountAggregation: { cardinality: { field: 'kibana.alert.rule.rule_id' } }, }, }, }, - query: { - bool: { - filter: [ - { - bool: { - filter: [ - { - match_phrase: { - 'kibana.alert.workflow_status': 'acknowledged', - }, - }, - ], - must: [], - must_not: [ - { - exists: { - field: 'kibana.alert.building_block_type', - }, - }, - ], - should: [], - }, - }, - { - range: { - '@timestamp': { - gte: '2022-12-29T22:57:34.029Z', - lte: '2023-01-28T22:57:29.029Z', - }, - }, - }, - ], - }, - }, - runtime_mappings: {}, - size: 0, }); }); }); diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/query_builder.ts b/x-pack/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/query_builder.ts index 771f4d43a0342..4da4f4fecfbcf 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/query_builder.ts +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/query_builder.ts @@ -19,7 +19,7 @@ interface AlertsGroupingQueryParams { pageSize: number; runtimeMappings: MappingRuntimeFields; selectedGroup: string; - selectedGroupEsTypes: string[]; + uniqueValue: string; to: string; } @@ -30,7 +30,7 @@ export const getAlertsGroupingQuery = ({ pageSize, runtimeMappings, selectedGroup, - selectedGroupEsTypes, + uniqueValue, to, }: AlertsGroupingQueryParams) => getGroupingQuery({ @@ -42,7 +42,7 @@ export const getAlertsGroupingQuery = ({ : [], pageNumber: pageIndex * pageSize, runtimeMappings, - selectedGroupEsTypes, + uniqueValue, size: pageSize, sort: [{ unitsCount: { order: 'desc' } }], to, diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/__snapshots__/get_signals_template.test.ts.snap b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/__snapshots__/get_signals_template.test.ts.snap index b1737b1efe6a9..e846a180742db 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/__snapshots__/get_signals_template.test.ts.snap +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/__snapshots__/get_signals_template.test.ts.snap @@ -3,9 +3,10 @@ exports[`get_signals_template backwards compatibility mappings for version 45 should match snapshot 1`] = ` Object { "_meta": Object { - "aliases_version": 3, + "aliases_version": 4, "version": 45, }, + "dynamic": false, "properties": Object { "kibana.alert.ancestors.depth": Object { "path": "signal.ancestors.depth", @@ -311,6 +312,10 @@ Object { "path": "signal.status", "type": "alias", }, + "kibana.space_ids": Object { + "type": "constant_keyword", + "value": "default", + }, "signal": Object { "properties": Object { "_meta": Object { @@ -533,9 +538,10 @@ Object { exports[`get_signals_template backwards compatibility mappings for version 57 should match snapshot 1`] = ` Object { "_meta": Object { - "aliases_version": 3, + "aliases_version": 4, "version": 57, }, + "dynamic": false, "properties": Object { "kibana.alert.ancestors.depth": Object { "path": "signal.ancestors.depth", @@ -841,6 +847,10 @@ Object { "path": "signal.status", "type": "alias", }, + "kibana.space_ids": Object { + "type": "constant_keyword", + "value": "default", + }, "signal": Object { "properties": Object { "_meta": Object { @@ -1065,8 +1075,8 @@ Object { }, "mappings": Object { "_meta": Object { - "aliases_version": 3, - "version": 67, + "aliases_version": 4, + "version": 77, }, "dynamic": false, "properties": Object { @@ -3047,6 +3057,10 @@ Object { "path": "signal.status", "type": "alias", }, + "kibana.space_ids": Object { + "type": "constant_keyword", + "value": "default", + }, "labels": Object { "type": "object", }, @@ -6740,6 +6754,6 @@ Object { }, }, }, - "version": 67, + "version": 77, } `; diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/create_index_route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/create_index_route.ts index 20e5afba17f4e..d7d2543c6b053 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/create_index_route.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/create_index_route.ts @@ -96,7 +96,7 @@ export const createDetectionIndex = async ( if (await templateNeedsUpdate({ alias: index, esClient })) { await esClient.indices.putIndexTemplate({ name: index, - body: getSignalsTemplate(index, aadIndexAliasName) as Record, + body: getSignalsTemplate(index, aadIndexAliasName, spaceId) as Record, }); } // Check if the old legacy siem signals template exists and remove it @@ -109,7 +109,7 @@ export const createDetectionIndex = async ( } if (indexExists) { - await addFieldAliasesToIndices({ esClient, index }); + await addFieldAliasesToIndices({ esClient, index, spaceId }); // The internal user is used here because Elasticsearch requires the PUT alias requestor to have 'manage' permissions // for BOTH the index AND alias name. However, through 7.14 admins only needed permissions for .siem-signals (the index) // and not .alerts-security.alerts (the alias). From the security solution perspective, all .siem-signals--* @@ -136,9 +136,11 @@ export const createDetectionIndex = async ( const addFieldAliasesToIndices = async ({ esClient, index, + spaceId, }: { esClient: ElasticsearchClient; index: string; + spaceId: string; }) => { const indexMappings = await esClient.indices.get({ index }); const indicesByVersion: Record = {}; @@ -164,7 +166,7 @@ const addFieldAliasesToIndices = async ({ } } for (const version of versions) { - const body = createBackwardsCompatibilityMapping(version); + const body = createBackwardsCompatibilityMapping(version, spaceId); const indexNameChunks = chunk(indicesByVersion[version], 20); for (const indexNameChunk of indexNameChunks) { await esClient.indices.putMapping({ diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/get_signals_template.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/get_signals_template.test.ts index b05ca2e340859..90538aa5caa85 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/get_signals_template.test.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/get_signals_template.test.ts @@ -7,9 +7,11 @@ import { createBackwardsCompatibilityMapping, getSignalsTemplate } from './get_signals_template'; +const SPACE_ID = 'default'; + describe('get_signals_template', () => { test('it should set the lifecycle "name" and "rollover_alias" to be the name of the index passed in', () => { - const template = getSignalsTemplate('test-index', '.alerts-security.alerts-space-id'); + const template = getSignalsTemplate('test-index', '.alerts-security.alerts-space-id', SPACE_ID); expect(template.template.settings).toEqual({ index: { lifecycle: { @@ -24,22 +26,22 @@ describe('get_signals_template', () => { }); test('it should set have the index patterns with an ending glob in it', () => { - const template = getSignalsTemplate('test-index', '.alerts-security.alerts-space-id'); + const template = getSignalsTemplate('test-index', '.alerts-security.alerts-space-id', SPACE_ID); expect(template.index_patterns).toEqual(['test-index-*']); }); test('it should have a mappings section which is an object type', () => { - const template = getSignalsTemplate('test-index', '.alerts-security.alerts-space-id'); + const template = getSignalsTemplate('test-index', '.alerts-security.alerts-space-id', SPACE_ID); expect(typeof template.template.mappings).toEqual('object'); }); test('it should have a signals section which is an object type', () => { - const template = getSignalsTemplate('test-index', '.alerts-security.alerts-space-id'); + const template = getSignalsTemplate('test-index', '.alerts-security.alerts-space-id', SPACE_ID); expect(typeof template.template.mappings.properties.signal).toEqual('object'); }); test('it should have a "total_fields" section that is at least 10k in size', () => { - const template = getSignalsTemplate('test-index', '.alerts-security.alerts-space-id'); + const template = getSignalsTemplate('test-index', '.alerts-security.alerts-space-id', SPACE_ID); expect(template.template.settings.mapping.total_fields.limit).toBeGreaterThanOrEqual(10000); }); @@ -62,7 +64,7 @@ describe('get_signals_template', () => { // Instead you have to use "keyword". This test was first introduced when ECS 1.10 came out and data_stream.* values which had // "constant_keyword" fields and we needed to change those to be "keyword" instead. test('it should NOT have any "constant_keyword" and instead those should be replaced with regular "keyword" in the mapping', () => { - const template = getSignalsTemplate('test-index', '.alerts-security.alerts-space-id'); + const template = getSignalsTemplate('test-index', '.alerts-security.alerts-space-id', SPACE_ID); // Small recursive function to find any values of "constant_keyword" and mark which fields it was found on and then error on those fields // The matchers from jest such as jest.toMatchObject do not support recursion, so I have to write it here: @@ -83,7 +85,7 @@ describe('get_signals_template', () => { } }, []); const constantKeywordsFound = recursiveConstantKeywordFound('', template); - expect(constantKeywordsFound).toEqual([]); + expect(constantKeywordsFound).toEqual(['template.mappings.properties.kibana.space_ids']); // expect(constantKeywordsFound).toEqual([ // 'template.mappings.properties.kibana.space_ids', // 'template.mappings.properties.kibana.alert.rule.consumer', @@ -93,17 +95,17 @@ describe('get_signals_template', () => { }); test('it should match snapshot', () => { - const template = getSignalsTemplate('test-index', '.alerts-security.alerts-space-id'); + const template = getSignalsTemplate('test-index', '.alerts-security.alerts-space-id', SPACE_ID); expect(template).toMatchSnapshot(); }); test('backwards compatibility mappings for version 45 should match snapshot', () => { - const mapping = createBackwardsCompatibilityMapping(45); + const mapping = createBackwardsCompatibilityMapping(45, SPACE_ID); expect(mapping).toMatchSnapshot(); }); test('backwards compatibility mappings for version 57 should match snapshot', () => { - const mapping = createBackwardsCompatibilityMapping(57); + const mapping = createBackwardsCompatibilityMapping(57, SPACE_ID); expect(mapping).toMatchSnapshot(); }); }); diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/get_signals_template.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/get_signals_template.ts index 87e8f06fd8cea..189cf3b147fc0 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/get_signals_template.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/get_signals_template.ts @@ -6,6 +6,7 @@ */ import { merge } from 'lodash'; +import { SPACE_IDS } from '@kbn/rule-data-utils'; import signalsMapping from './signals_mapping.json'; import ecsMapping from './ecs_mapping.json'; import otherMapping from './other_mappings.json'; @@ -27,7 +28,7 @@ import signalExtraFields from './signal_extra_fields.json'; incremented by 10 in order to add "room" for the aforementioned patch release */ -export const SIGNALS_TEMPLATE_VERSION = 67; +export const SIGNALS_TEMPLATE_VERSION = 77; /** @constant @type {number} @@ -41,7 +42,7 @@ export const SIGNALS_TEMPLATE_VERSION = 67; UI will call create_index_route and and go through the index update process. Increment this number if making changes to the field aliases we use to make signals forwards-compatible. */ -export const SIGNALS_FIELD_ALIASES_VERSION = 3; +export const SIGNALS_FIELD_ALIASES_VERSION = 4; /** @constant @@ -52,7 +53,7 @@ export const SIGNALS_FIELD_ALIASES_VERSION = 3; */ export const ALIAS_VERSION_FIELD = 'aliases_version'; -export const getSignalsTemplate = (index: string, aadIndexAliasName: string) => { +export const getSignalsTemplate = (index: string, aadIndexAliasName: string, spaceId: string) => { const fieldAliases = createSignalsFieldAliases(); const template = { index_patterns: [`${index}-*`], @@ -81,7 +82,13 @@ export const getSignalsTemplate = (index: string, aadIndexAliasName: string) => ecsMapping.mappings.properties, otherMapping.mappings.properties, fieldAliases, - signalsMapping.mappings.properties + signalsMapping.mappings.properties, + { + [SPACE_IDS]: { + type: 'constant_keyword', + value: spaceId, + }, + } ), _meta: { version: SIGNALS_TEMPLATE_VERSION, @@ -132,7 +139,7 @@ const properties = { }, }; -export const backwardsCompatibilityMappings = [ +export const backwardsCompatibilityMappings = (spaceId: string) => [ { minVersion: 0, // Version 45 shipped with 7.14. 7.15+ have both the host.os.name.caseless field and the field aliases @@ -149,10 +156,23 @@ export const backwardsCompatibilityMappings = [ }, }, }, + { + minVersion: 0, + maxVersion: 67, + mapping: { + dynamic: false, + properties: { + [SPACE_IDS]: { + type: 'constant_keyword', + value: spaceId, + }, + }, + }, + }, ]; -export const createBackwardsCompatibilityMapping = (version: number) => { - const mappings = backwardsCompatibilityMappings +export const createBackwardsCompatibilityMapping = (version: number, spaceId: string) => { + const mappings = backwardsCompatibilityMappings(spaceId) .filter((mapping) => version <= mapping.maxVersion && version >= mapping.minVersion) .map((mapping) => mapping.mapping); diff --git a/x-pack/plugins/synthetics/public/apps/synthetics/components/monitor_add_edit/form/submit.tsx b/x-pack/plugins/synthetics/public/apps/synthetics/components/monitor_add_edit/form/submit.tsx index 27d5f699c3b51..66150f4d86ca8 100644 --- a/x-pack/plugins/synthetics/public/apps/synthetics/components/monitor_add_edit/form/submit.tsx +++ b/x-pack/plugins/synthetics/public/apps/synthetics/components/monitor_add_edit/form/submit.tsx @@ -29,6 +29,7 @@ export const ActionBar = ({ readOnly = false }: { readOnly: boolean }) => { handleSubmit, formState: { errors, defaultValues }, getValues, + getFieldState, } = useFormContext(); const [monitorPendingDeletion, setMonitorPendingDeletion] = useState( @@ -47,7 +48,12 @@ export const ActionBar = ({ readOnly = false }: { readOnly: boolean }) => { const canSavePrivateLocation = !hasAnyPrivateLocationSelected || canSaveIntegrations; const formSubmitter = (formData: Record) => { - if (!Object.keys(errors).length) { + // An additional invalid field check to account for customHook managed validation + const isAnyFieldInvalid = Object.keys(getValues()).some( + (fieldKey) => getFieldState(fieldKey).invalid + ); + + if (!Object.keys(errors).length && !isAnyFieldInvalid) { setMonitorData(format(formData, readOnly)); } }; diff --git a/x-pack/plugins/translations/translations/fr-FR.json b/x-pack/plugins/translations/translations/fr-FR.json index dfac6ca7fe897..6d7c28f8d1677 100644 --- a/x-pack/plugins/translations/translations/fr-FR.json +++ b/x-pack/plugins/translations/translations/fr-FR.json @@ -17118,6 +17118,10 @@ "xpack.infra.hostsPage.tellUsWhatYouThinkLink": "Dites-nous ce que vous pensez !", "xpack.infra.hostsViewPage.experimentalBadgeDescription": "Cette fonctionnalité est en version d'évaluation technique et pourra être modifiée ou retirée complètement dans une future version. Elastic s'efforcera au maximum de corriger tout problème, mais les fonctionnalités en version d'évaluation technique ne sont pas soumises aux accords de niveau de service d'assistance des fonctionnalités officielles en disponibilité générale.", "xpack.infra.hostsViewPage.experimentalBadgeLabel": "Version d'évaluation technique", + "xpack.infra.hostsViewPage.error.kqlErrorTitle": "Expression KQL non valide", + "xpack.infra.hostsViewPage.error.detailsButton": "Afficher les détails", + "xpack.infra.hostsViewPage.error.tryAgainButton": "Réessayer", + "xpack.infra.hostsViewPage.error.unknownErrorTitle": "Une erreur s'est produite", "xpack.infra.hostsViewPage.landing.calloutReachOutToYourKibanaAdministrator": "Votre rôle d'utilisateur ne dispose pas des privilèges suffisants pour activer cette fonctionnalité - veuillez \n contacter votre administrateur Kibana et lui demander de visiter cette page pour activer la fonctionnalité.", "xpack.infra.hostsViewPage.landing.enableHostsView": "Activer la vue des hôtes", "xpack.infra.hostsViewPage.landing.introMessage": "Présentation de notre nouvelle fonctionnalité \"Hôtes\", maintenant disponible dans la version d'évaluation technique !\n À l'aide de ce puissant outil, vous pouvez facilement afficher et analyser vos hôtes et identifier tout\n problème afin de le corriger rapidement. Obtenez une vue détaillée des indicateurs pour vos hôtes, regardez\n ceux qui déclenchent le plus d'alertes et filtrez les hôtes que vous souhaitez analyser\n à l'aide de tout filtre KQL et de répartitions simples telles que le fournisseur cloud et le système d'exploitation.", @@ -37701,4 +37705,4 @@ "xpack.painlessLab.title": "Painless Lab", "xpack.painlessLab.walkthroughButtonLabel": "Présentation" } -} +} \ No newline at end of file diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json index 5b79799d17cc1..97142b770d658 100644 --- a/x-pack/plugins/translations/translations/ja-JP.json +++ b/x-pack/plugins/translations/translations/ja-JP.json @@ -17117,6 +17117,10 @@ "xpack.infra.hostsPage.tellUsWhatYouThinkLink": "ご意見をお聞かせください。", "xpack.infra.hostsViewPage.experimentalBadgeDescription": "この機能はテクニカルプレビュー中であり、将来のリリースでは変更されたり完全に削除されたりする場合があります。Elasticは最善の努力を講じてすべての問題の修正に努めますが、テクニカルプレビュー中の機能には正式なGA機能のサポートSLAが適用されません。", "xpack.infra.hostsViewPage.experimentalBadgeLabel": "テクニカルプレビュー", + "xpack.infra.hostsViewPage.error.kqlErrorTitle": "無効なKQL式", + "xpack.infra.hostsViewPage.error.detailsButton": "詳細を表示", + "xpack.infra.hostsViewPage.error.tryAgainButton": "再試行", + "xpack.infra.hostsViewPage.error.unknownErrorTitle": "エラーが発生しました", "xpack.infra.hostsViewPage.landing.calloutReachOutToYourKibanaAdministrator": "ユーザーロールには、この機能を有効にするための十分な権限がありません。 \n この機能を有効にするために、Kibana管理者に連絡して、このページにアクセスするように依頼してください。", "xpack.infra.hostsViewPage.landing.enableHostsView": "ホストビューを有効化", "xpack.infra.hostsViewPage.landing.introMessage": "新機能「ホスト」のテクニカルプレビューを開始しました。\n この強力なツールを使えば、ホストを簡単に表示、分析し、あらゆる問題を特定して、\n 迅速に対処できます。ホストのメトリックの詳細ビューを表示します。\n 最も多くのアラートを発生させているホストを確認し、\n KQLフィルターと、クラウドプロバイダーやオペレーティングシステムなどの簡単な内訳を使用して、分析したいホストをフィルタリングします。", @@ -37669,4 +37673,4 @@ "xpack.painlessLab.title": "Painless Lab", "xpack.painlessLab.walkthroughButtonLabel": "実地検証" } -} +} \ No newline at end of file diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json index 74338e6bd636e..4614427986b3b 100644 --- a/x-pack/plugins/translations/translations/zh-CN.json +++ b/x-pack/plugins/translations/translations/zh-CN.json @@ -17119,6 +17119,10 @@ "xpack.infra.hostsPage.tellUsWhatYouThinkLink": "告诉我们您的看法!", "xpack.infra.hostsViewPage.experimentalBadgeDescription": "此功能处于技术预览状态,在未来版本中可能会更改或完全移除。Elastic 将尽最大努力来修复任何问题,但处于技术预览状态的功能不受正式 GA 功能支持 SLA 的约束。", "xpack.infra.hostsViewPage.experimentalBadgeLabel": "技术预览", + "xpack.infra.hostsViewPage.error.kqlErrorTitle": "KQL 表达式无效", + "xpack.infra.hostsViewPage.error.detailsButton": "查看详情", + "xpack.infra.hostsViewPage.error.tryAgainButton": "重试", + "xpack.infra.hostsViewPage.error.unknownErrorTitle": "发生错误", "xpack.infra.hostsViewPage.landing.calloutReachOutToYourKibanaAdministrator": "您的用户角色权限不足,无法启用此功能 - 请 \n 联系您的 Kibana 管理员,要求他们访问此页面以启用该功能。", "xpack.infra.hostsViewPage.landing.enableHostsView": "启用主机视图", "xpack.infra.hostsViewPage.landing.introMessage": "介绍目前在技术预览中可用的新“主机”功能!\n 使用这个强大的工具,您可以轻松查看并分析主机,并确定任何\n 问题以便快速予以解决。获取您主机的指标的详细视图,\n 查看哪些主机触发了最多告警,并使用任何 KQL 筛选\n 以及云提供商和操作系统等细目筛选您要分析的主机。", @@ -37697,4 +37701,4 @@ "xpack.painlessLab.title": "Painless 实验室", "xpack.painlessLab.walkthroughButtonLabel": "指导" } -} +} \ No newline at end of file diff --git a/x-pack/test/fleet_api_integration/apis/epm/index.js b/x-pack/test/fleet_api_integration/apis/epm/index.js index 784720ec879c1..d217fed4cc904 100644 --- a/x-pack/test/fleet_api_integration/apis/epm/index.js +++ b/x-pack/test/fleet_api_integration/apis/epm/index.js @@ -28,6 +28,7 @@ export default function loadTests({ loadTestFile, getService }) { loadTestFile(require.resolve('./install_remove_kbn_assets_in_space')); loadTestFile(require.resolve('./install_remove_multiple')); loadTestFile(require.resolve('./install_update')); + loadTestFile(require.resolve('./install_tsds_disable')); loadTestFile(require.resolve('./install_tag_assets')); loadTestFile(require.resolve('./bulk_upgrade')); loadTestFile(require.resolve('./update_assets')); diff --git a/x-pack/test/fleet_api_integration/apis/epm/install_tsds_disable.ts b/x-pack/test/fleet_api_integration/apis/epm/install_tsds_disable.ts new file mode 100644 index 0000000000000..321596dde9f9e --- /dev/null +++ b/x-pack/test/fleet_api_integration/apis/epm/install_tsds_disable.ts @@ -0,0 +1,63 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import expect from '@kbn/expect'; +import { FtrProviderContext } from '../../../api_integration/ftr_provider_context'; +import { skipIfNoDockerRegistry } from '../../helpers'; +import { setupFleetAndAgents } from '../agents/services'; + +export default function (providerContext: FtrProviderContext) { + const { getService } = providerContext; + const supertest = getService('supertest'); + const es = getService('es'); + + const deletePackage = async (name: string, version: string) => { + await supertest.delete(`/api/fleet/epm/packages/${name}/${version}`).set('kbn-xsrf', 'xxxx'); + }; + + describe('installing with tsds disabled', async () => { + skipIfNoDockerRegistry(providerContext); + setupFleetAndAgents(providerContext); + + after(async () => { + await deletePackage('nginx', '1.12.1-beta'); + }); + + it('should upgrade with tsds disabled if nginx exists with tsds', async function () { + const templateName = 'metrics-nginx.stubstatus'; + + await supertest + .post(`/api/fleet/epm/packages/nginx/1.12.0-beta`) + .set('kbn-xsrf', 'xxxx') + .send({ force: true }) + .expect(200); + + expect(await getIndexMode(templateName)).to.eql('time_series'); + + await supertest + .post(`/api/fleet/epm/packages/nginx/1.12.1-beta`) + .set('kbn-xsrf', 'xxxx') + .send({ force: true }) + .expect(200); + + expect(await getIndexMode(templateName)).to.be(undefined); + }); + + async function getIndexMode(templateName: string) { + const { body: indexTemplateResponse } = await es.transport.request( + { + method: 'GET', + path: `/_index_template/${templateName}`, + }, + { meta: true } + ); + + const indexTemplate = indexTemplateResponse.index_templates[0].index_template; + return indexTemplate.template.settings.index?.mode; + } + }); +} diff --git a/x-pack/test/fleet_api_integration/apis/fixtures/test_packages/nginx/nginx-1.12.0-beta.zip b/x-pack/test/fleet_api_integration/apis/fixtures/test_packages/nginx/nginx-1.12.0-beta.zip new file mode 100644 index 0000000000000..72562bcd25e58 Binary files /dev/null and b/x-pack/test/fleet_api_integration/apis/fixtures/test_packages/nginx/nginx-1.12.0-beta.zip differ diff --git a/x-pack/test/fleet_api_integration/apis/fixtures/test_packages/nginx/nginx-1.12.1-beta.zip b/x-pack/test/fleet_api_integration/apis/fixtures/test_packages/nginx/nginx-1.12.1-beta.zip new file mode 100644 index 0000000000000..94f45cf20d3e9 Binary files /dev/null and b/x-pack/test/fleet_api_integration/apis/fixtures/test_packages/nginx/nginx-1.12.1-beta.zip differ diff --git a/x-pack/test/functional/apps/infra/hosts_view.ts b/x-pack/test/functional/apps/infra/hosts_view.ts index a906f916e504d..ac75ede8f4906 100644 --- a/x-pack/test/functional/apps/infra/hosts_view.ts +++ b/x-pack/test/functional/apps/infra/hosts_view.ts @@ -364,6 +364,16 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => { }); }); + it('should render "N/A" when processes summary is not available in flyout', async () => { + await pageObjects.infraHostsView.clickTableOpenFlyoutButton(); + await pageObjects.infraHostsView.clickProcessesFlyoutTab(); + const processesTotalValue = + await pageObjects.infraHostsView.getProcessesTabContentTotalValue(); + const processValue = await processesTotalValue.getVisibleText(); + expect(processValue).to.eql('N/A'); + await pageObjects.infraHostsView.clickCloseFlyoutButton(); + }); + describe('KPI tiles', () => { it('should render 5 metrics trend tiles', async () => { const hosts = await pageObjects.infraHostsView.getAllKPITiles(); @@ -544,6 +554,11 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => { expect(cells.length).to.be(ALL_ALERTS * COLUMNS); }); }); + + it('should show an error message when an invalid KQL is submitted', async () => { + await pageObjects.infraHostsView.submitQuery('cloud.provider="gcp" A'); + await testSubjects.existOrFail('hostsViewErrorCallout'); + }); }); describe('Pagination and Sorting', () => { diff --git a/x-pack/test/functional/page_objects/infra_hosts_view.ts b/x-pack/test/functional/page_objects/infra_hosts_view.ts index 1d90013f77c2c..db43371090781 100644 --- a/x-pack/test/functional/page_objects/infra_hosts_view.ts +++ b/x-pack/test/functional/page_objects/infra_hosts_view.ts @@ -111,7 +111,7 @@ export function InfraHostsViewProvider({ getService }: FtrProviderContext) { return testSubjects.find('hostsView-metricChart'); }, - // MetricsTtab + // Metrics Tab async getMetricsTab() { return testSubjects.find('hostsView-tabs-metrics'); },