,
.c1 {
- -webkit-flex: 0;
- -ms-flex: 0;
- flex: 0;
+ -webkit-flex: 0 1 auto;
+ -ms-flex: 0 1 auto;
+ flex: 0 1 auto;
}
.c2 .euiFlyoutBody__overflow {
@@ -804,7 +804,7 @@ Array [
}
+
+
+
+
+
+
+`;
diff --git a/x-pack/plugins/security_solution/public/timelines/components/side_panel/host_details/expandable_host.test.tsx b/x-pack/plugins/security_solution/public/timelines/components/side_panel/host_details/expandable_host.test.tsx
new file mode 100644
index 0000000000000..2ce7090a5b83a
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/timelines/components/side_panel/host_details/expandable_host.test.tsx
@@ -0,0 +1,78 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { mount } from 'enzyme';
+import React from 'react';
+
+import '../../../../common/mock/match_media';
+import {
+ apolloClientObservable,
+ mockGlobalState,
+ TestProviders,
+ SUB_PLUGINS_REDUCER,
+ kibanaObservable,
+ createSecuritySolutionStorageMock,
+} from '../../../../common/mock';
+import { createStore, State } from '../../../../common/store';
+import { ExpandableHostDetails } from './expandable_host';
+
+jest.mock('react-apollo', () => {
+ const original = jest.requireActual('react-apollo');
+ return {
+ ...original,
+ // eslint-disable-next-line react/display-name
+ Query: () => <>,
+ };
+});
+
+describe('Expandable Host Component', () => {
+ const state: State = {
+ ...mockGlobalState,
+ sourcerer: {
+ ...mockGlobalState.sourcerer,
+ configIndexPatterns: ['IShouldBeUsed'],
+ },
+ };
+
+ const { storage } = createSecuritySolutionStorageMock();
+ const store = createStore(
+ state,
+ SUB_PLUGINS_REDUCER,
+ apolloClientObservable,
+ kibanaObservable,
+ storage
+ );
+
+ const mockProps = {
+ contextID: 'text-context',
+ hostName: 'testHostName',
+ };
+
+ describe('ExpandableHostDetails: rendering', () => {
+ test('it should render the HostOverview of the ExpandableHostDetails', () => {
+ const wrapper = mount(
+
+
+
+ );
+
+ expect(wrapper.find('ExpandableHostDetails')).toMatchSnapshot();
+ });
+
+ test('it should render the HostOverview of the ExpandableHostDetails with the correct indices', () => {
+ const wrapper = mount(
+
+
+
+ );
+
+ expect(wrapper.find('HostOverviewByNameComponentQuery').prop('indexNames')).toStrictEqual([
+ 'IShouldBeUsed',
+ ]);
+ });
+ });
+});
diff --git a/x-pack/plugins/security_solution/public/timelines/components/side_panel/host_details/expandable_host.tsx b/x-pack/plugins/security_solution/public/timelines/components/side_panel/host_details/expandable_host.tsx
index 8fce9a186bbd4..78367d17d7b62 100644
--- a/x-pack/plugins/security_solution/public/timelines/components/side_panel/host_details/expandable_host.tsx
+++ b/x-pack/plugins/security_solution/public/timelines/components/side_panel/host_details/expandable_host.tsx
@@ -5,10 +5,11 @@
* 2.0.
*/
-import React from 'react';
+import React, { useMemo } from 'react';
import styled from 'styled-components';
import { i18n } from '@kbn/i18n';
import { EuiTitle } from '@elastic/eui';
+import { sourcererSelectors } from '../../../../common/store/sourcerer';
import { HostDetailsLink } from '../../../../common/components/links';
import { useGlobalTime } from '../../../../common/containers/use_global_time';
import { useSourcererScope } from '../../../../common/containers/sourcerer';
@@ -19,6 +20,7 @@ import { AnomalyTableProvider } from '../../../../common/components/ml/anomaly/a
import { hostToCriteria } from '../../../../common/components/ml/criteria/host_to_criteria';
import { scoreIntervalToDateTime } from '../../../../common/components/ml/score/score_interval_to_datetime';
import { HostOverviewByNameQuery } from '../../../../hosts/containers/hosts/details';
+import { useDeepEqualSelector } from '../../../../common/hooks/use_selector';
interface ExpandableHostProps {
hostName: string;
@@ -54,10 +56,25 @@ export const ExpandableHostDetails = ({
hostName,
}: ExpandableHostProps & { contextID: string }) => {
const { to, from, isInitializing } = useGlobalTime();
- const { docValueFields, selectedPatterns } = useSourcererScope();
+ const { docValueFields } = useSourcererScope();
+ /*
+ Normally `selectedPatterns` from useSourcerScope would be where we obtain the indices,
+ but those indices are only loaded when viewing the pages where the sourcerer is initialized (i.e. Hosts and Overview)
+ When a user goes directly to the detections page, the patterns have not been loaded yet
+ as that information isn't used for the detections page. With this details component being accessible
+ from the detections page, the decision was made to get all existing index names to account for this.
+ Otherwise, an empty array is defaulted for the `indexNames` in the query which leads to inconsistencies in the data returned
+ (i.e. extraneous endpoint data is retrieved from the backend leading to endpoint data not being returned)
+ */
+ const allExistingIndexNamesSelector = useMemo(
+ () => sourcererSelectors.getAllExistingIndexNamesSelector(),
+ []
+ );
+ const allPatterns = useDeepEqualSelector
(allExistingIndexNamesSelector);
+
return (
`${theme.eui.paddingSizes.xs} ${theme.eui.paddingSizes.m} 64px`};
+ margin-bottom: ${({ theme }) => `${theme.eui.paddingSizes.l}`};
+ padding: ${({ theme }) => `${theme.eui.paddingSizes.xs} ${theme.eui.paddingSizes.m} 0px`};
}
}
`;
const StyledEuiFlexGroup = styled(EuiFlexGroup)`
- flex: 0;
-`;
-
-const StyledEuiFlexItem = styled(EuiFlexItem)`
- &.euiFlexItem {
- flex: 1 0 0;
- overflow-y: scroll;
- overflow-x: hidden;
- }
+ flex: 1 0 auto;
`;
const StyledEuiFlexButtonWrapper = styled(EuiFlexItem)`
align-self: flex-start;
+ flex: 1 0 auto;
+`;
+
+const StyledPanelContent = styled.div`
+ display: block;
+ height: 100%;
+ overflow-y: scroll;
+ overflow-x: hidden;
`;
interface HostDetailsProps {
@@ -107,9 +108,9 @@ export const HostDetailsPanel: React.FC = React.memo(
-
+
-
+
);
}
diff --git a/x-pack/plugins/security_solution/public/timelines/components/side_panel/index.tsx b/x-pack/plugins/security_solution/public/timelines/components/side_panel/index.tsx
index 0482491562f57..177cd2e5ded41 100644
--- a/x-pack/plugins/security_solution/public/timelines/components/side_panel/index.tsx
+++ b/x-pack/plugins/security_solution/public/timelines/components/side_panel/index.tsx
@@ -7,7 +7,7 @@
import React, { useCallback, useMemo } from 'react';
import { useDispatch } from 'react-redux';
-import { EuiFlyout } from '@elastic/eui';
+import { EuiFlyout, EuiFlyoutProps } from '@elastic/eui';
import styled from 'styled-components';
import { timelineActions, timelineSelectors } from '../../store/timeline';
import { timelineDefaults } from '../../store/timeline/defaults';
@@ -69,9 +69,10 @@ export const DetailsPanel = React.memo(
if (!currentTabDetail?.panelView) return null;
let visiblePanel = null; // store in variable to make return statement more readable
+ let panelSize: EuiFlyoutProps['size'] = 's';
const contextID = `${timelineId}-${activeTab}`;
-
if (currentTabDetail?.panelView === 'eventDetail' && currentTabDetail?.params?.eventId) {
+ panelSize = 'm';
visiblePanel = (
+
{visiblePanel}
) : (
diff --git a/x-pack/plugins/security_solution/public/timelines/components/side_panel/network_details/index.tsx b/x-pack/plugins/security_solution/public/timelines/components/side_panel/network_details/index.tsx
index e05c9435fc456..ea857da926f84 100644
--- a/x-pack/plugins/security_solution/public/timelines/components/side_panel/network_details/index.tsx
+++ b/x-pack/plugins/security_solution/public/timelines/components/side_panel/network_details/index.tsx
@@ -42,19 +42,19 @@ const StyledEuiFlyoutBody = styled(EuiFlyoutBody)`
`;
const StyledEuiFlexGroup = styled(EuiFlexGroup)`
- flex: 0;
-`;
-
-const StyledEuiFlexItem = styled(EuiFlexItem)`
- &.euiFlexItem {
- flex: 1 0 0;
- overflow-y: scroll;
- overflow-x: hidden;
- }
+ flex: 1 0 auto;
`;
const StyledEuiFlexButtonWrapper = styled(EuiFlexItem)`
align-self: flex-start;
+ flex: 1 0 auto;
+`;
+
+const StyledPanelContent = styled.div`
+ display: block;
+ height: 100%;
+ overflow-y: scroll;
+ overflow-x: hidden;
`;
interface NetworkDetailsProps {
@@ -104,9 +104,9 @@ export const NetworkDetailsPanel = React.memo(
-
+
-
+
);
}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.ts
index 4bded347c32ea..f81f4c5a2c537 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.ts
@@ -215,6 +215,7 @@ export const signalRulesAlertType = ({
hasTimestampFields(
wroteStatus,
hasTimestampOverride ? (timestampOverride as string) : '@timestamp',
+ name,
timestampFieldCaps,
inputIndices,
ruleStatusService,
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.test.ts
index 0a581816ee82f..375f8c4ccc824 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.test.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.test.ts
@@ -814,6 +814,7 @@ describe('utils', () => {
const res = await hasTimestampFields(
false,
timestampField,
+ 'myfakerulename',
// eslint-disable-next-line @typescript-eslint/no-explicit-any
timestampFieldCapsResponse as ApiResponse>,
['myfa*'],
@@ -854,6 +855,7 @@ describe('utils', () => {
const res = await hasTimestampFields(
false,
timestampField,
+ 'myfakerulename',
// eslint-disable-next-line @typescript-eslint/no-explicit-any
timestampFieldCapsResponse as ApiResponse>,
['myfa*'],
@@ -866,6 +868,60 @@ describe('utils', () => {
);
expect(res).toBeTruthy();
});
+
+ test('returns true when missing logs-endpoint.alerts-* index and rule name is Endpoint Security', async () => {
+ const timestampField = '@timestamp';
+ // eslint-disable-next-line @typescript-eslint/no-explicit-any
+ const timestampFieldCapsResponse: Partial, Context>> = {
+ body: {
+ indices: [],
+ fields: {},
+ },
+ };
+ mockLogger.error.mockClear();
+ const res = await hasTimestampFields(
+ false,
+ timestampField,
+ 'Endpoint Security',
+ // eslint-disable-next-line @typescript-eslint/no-explicit-any
+ timestampFieldCapsResponse as ApiResponse>,
+ ['logs-endpoint.alerts-*'],
+ ruleStatusServiceMock,
+ mockLogger,
+ buildRuleMessage
+ );
+ expect(mockLogger.error).toHaveBeenCalledWith(
+ 'This rule is attempting to query data from Elasticsearch indices listed in the "Index pattern" section of the rule definition, however no index matching: ["logs-endpoint.alerts-*"] was found. This warning will continue to appear until a matching index is created or this rule is de-activated. If you have recently enrolled agents enabled with Endpoint Security through Fleet, this warning should stop once an alert is sent from an agent. name: "fake name" id: "fake id" rule id: "fake rule id" signals index: "fakeindex"'
+ );
+ expect(res).toBeTruthy();
+ });
+
+ test('returns true when missing logs-endpoint.alerts-* index and rule name is NOT Endpoint Security', async () => {
+ const timestampField = '@timestamp';
+ // eslint-disable-next-line @typescript-eslint/no-explicit-any
+ const timestampFieldCapsResponse: Partial, Context>> = {
+ body: {
+ indices: [],
+ fields: {},
+ },
+ };
+ mockLogger.error.mockClear();
+ const res = await hasTimestampFields(
+ false,
+ timestampField,
+ 'NOT Endpoint Security',
+ // eslint-disable-next-line @typescript-eslint/no-explicit-any
+ timestampFieldCapsResponse as ApiResponse>,
+ ['logs-endpoint.alerts-*'],
+ ruleStatusServiceMock,
+ mockLogger,
+ buildRuleMessage
+ );
+ expect(mockLogger.error).toHaveBeenCalledWith(
+ 'This rule is attempting to query data from Elasticsearch indices listed in the "Index pattern" section of the rule definition, however no index matching: ["logs-endpoint.alerts-*"] was found. This warning will continue to appear until a matching index is created or this rule is de-activated. name: "fake name" id: "fake id" rule id: "fake rule id" signals index: "fakeindex"'
+ );
+ expect(res).toBeTruthy();
+ });
});
describe('wrapBuildingBlocks', () => {
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.ts
index 2b306cd2a8d9d..aef9a5d470dcc 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.ts
@@ -105,6 +105,7 @@ export const hasReadIndexPrivileges = async (
export const hasTimestampFields = async (
wroteStatus: boolean,
timestampField: string,
+ ruleName: string,
// any is derived from here
// node_modules/@elastic/elasticsearch/api/kibana.d.ts
// eslint-disable-next-line @typescript-eslint/no-explicit-any
@@ -115,11 +116,15 @@ export const hasTimestampFields = async (
buildRuleMessage: BuildRuleMessage
): Promise => {
if (!wroteStatus && isEmpty(timestampFieldCapsResponse.body.indices)) {
- const errorString = `The following index patterns did not match any indices: ${JSON.stringify(
+ const errorString = `This rule is attempting to query data from Elasticsearch indices listed in the "Index pattern" section of the rule definition, however no index matching: ${JSON.stringify(
inputIndices
- )}`;
- logger.error(buildRuleMessage(errorString));
- await ruleStatusService.warning(errorString);
+ )} was found. This warning will continue to appear until a matching index is created or this rule is de-activated. ${
+ ruleName === 'Endpoint Security'
+ ? 'If you have recently enrolled agents enabled with Endpoint Security through Fleet, this warning should stop once an alert is sent from an agent.'
+ : ''
+ }`;
+ logger.error(buildRuleMessage(errorString.trimEnd()));
+ await ruleStatusService.warning(errorString.trimEnd());
return true;
} else if (
!wroteStatus &&
diff --git a/x-pack/plugins/telemetry_collection_xpack/server/telemetry_collection/get_stats_with_xpack.test.ts b/x-pack/plugins/telemetry_collection_xpack/server/telemetry_collection/get_stats_with_xpack.test.ts
index 047337bb48673..fed18bcb461e3 100644
--- a/x-pack/plugins/telemetry_collection_xpack/server/telemetry_collection/get_stats_with_xpack.test.ts
+++ b/x-pack/plugins/telemetry_collection_xpack/server/telemetry_collection/get_stats_with_xpack.test.ts
@@ -61,22 +61,22 @@ function mockEsClient() {
const esClient = elasticsearchServiceMock.createClusterClient().asInternalUser;
// mock for license should return a basic license
esClient.license.get.mockResolvedValue(
- // @ts-ignore we only care about the response body
+ // @ts-expect-error we only care about the response body
{ body: { license: { type: 'basic' } } }
);
// mock for xpack usage should return an empty object
esClient.xpack.usage.mockResolvedValue(
- // @ts-ignore we only care about the response body
+ // @ts-expect-error we only care about the response body
{ body: {} }
);
// mock for nodes usage should resolve for this test
esClient.nodes.usage.mockResolvedValue(
- // @ts-ignore we only care about the response body
+ // @ts-expect-error we only care about the response body
{ body: { cluster_name: 'test cluster', nodes: nodesUsage } }
);
// mock for info should resolve for this test
esClient.info.mockResolvedValue(
- // @ts-ignore we only care about the response body
+ // @ts-expect-error we only care about the response body
{
body: {
cluster_uuid: 'test',
diff --git a/x-pack/plugins/telemetry_collection_xpack/server/telemetry_collection/get_xpack.test.ts b/x-pack/plugins/telemetry_collection_xpack/server/telemetry_collection/get_xpack.test.ts
index c438abda8ca83..48b58c7679789 100644
--- a/x-pack/plugins/telemetry_collection_xpack/server/telemetry_collection/get_xpack.test.ts
+++ b/x-pack/plugins/telemetry_collection_xpack/server/telemetry_collection/get_xpack.test.ts
@@ -12,7 +12,7 @@ describe('get_xpack', () => {
describe('getXPackUsage', () => {
it('uses esClient to get /_xpack/usage API', async () => {
const esClient = elasticsearchServiceMock.createClusterClient().asInternalUser;
- // @ts-ignore we only care about the response body
+ // @ts-expect-error we only care about the response body
esClient.xpack.usage.mockResolvedValue({ body: {} });
const result = await getXPackUsage(esClient);
expect(result).toEqual({});
diff --git a/x-pack/plugins/transform/common/api_schemas/common.ts b/x-pack/plugins/transform/common/api_schemas/common.ts
index 1841724c16ef9..3651af69359a9 100644
--- a/x-pack/plugins/transform/common/api_schemas/common.ts
+++ b/x-pack/plugins/transform/common/api_schemas/common.ts
@@ -53,3 +53,27 @@ export interface ResponseStatus {
export interface CommonResponseStatusSchema {
[key: string]: ResponseStatus;
}
+
+export const runtimeMappingsSchema = schema.maybe(
+ schema.recordOf(
+ schema.string(),
+ schema.object({
+ type: schema.oneOf([
+ schema.literal('keyword'),
+ schema.literal('long'),
+ schema.literal('double'),
+ schema.literal('date'),
+ schema.literal('ip'),
+ schema.literal('boolean'),
+ ]),
+ script: schema.maybe(
+ schema.oneOf([
+ schema.string(),
+ schema.object({
+ source: schema.string(),
+ }),
+ ])
+ ),
+ })
+ )
+);
diff --git a/x-pack/plugins/transform/common/api_schemas/field_histograms.ts b/x-pack/plugins/transform/common/api_schemas/field_histograms.ts
index fc5a95590c7c6..9f6f4c15d803a 100644
--- a/x-pack/plugins/transform/common/api_schemas/field_histograms.ts
+++ b/x-pack/plugins/transform/common/api_schemas/field_histograms.ts
@@ -7,14 +7,20 @@
import { schema, TypeOf } from '@kbn/config-schema';
+import { ChartData } from '../shared_imports';
+
+import { runtimeMappingsSchema } from './common';
+
export const fieldHistogramsRequestSchema = schema.object({
/** Query to match documents in the index. */
query: schema.any(),
/** The fields to return histogram data. */
fields: schema.arrayOf(schema.any()),
+ /** Optional runtime mappings */
+ runtimeMappings: runtimeMappingsSchema,
/** Number of documents to be collected in the sample processed on each shard, or -1 for no sampling. */
samplerShardSize: schema.number(),
});
export type FieldHistogramsRequestSchema = TypeOf;
-export type FieldHistogramsResponseSchema = any[];
+export type FieldHistogramsResponseSchema = ChartData[];
diff --git a/x-pack/plugins/transform/common/api_schemas/transforms.ts b/x-pack/plugins/transform/common/api_schemas/transforms.ts
index d86df3af3e1d0..4d25bd74f4e74 100644
--- a/x-pack/plugins/transform/common/api_schemas/transforms.ts
+++ b/x-pack/plugins/transform/common/api_schemas/transforms.ts
@@ -14,7 +14,7 @@ import type { PivotAggDict } from '../types/pivot_aggs';
import type { PivotGroupByDict } from '../types/pivot_group_by';
import type { TransformId, TransformPivotConfig } from '../types/transform';
-import { transformStateSchema } from './common';
+import { transformStateSchema, runtimeMappingsSchema } from './common';
// GET transforms
export const getTransformsRequestSchema = schema.arrayOf(
@@ -64,30 +64,6 @@ export const settingsSchema = schema.object({
docs_per_second: schema.maybe(schema.nullable(schema.number())),
});
-export const runtimeMappingsSchema = schema.maybe(
- schema.recordOf(
- schema.string(),
- schema.object({
- type: schema.oneOf([
- schema.literal('keyword'),
- schema.literal('long'),
- schema.literal('double'),
- schema.literal('date'),
- schema.literal('ip'),
- schema.literal('boolean'),
- ]),
- script: schema.maybe(
- schema.oneOf([
- schema.string(),
- schema.object({
- source: schema.string(),
- }),
- ])
- ),
- })
- )
-);
-
export const sourceSchema = schema.object({
runtime_mappings: runtimeMappingsSchema,
index: schema.oneOf([schema.string(), schema.arrayOf(schema.string())]),
diff --git a/x-pack/plugins/transform/common/shared_imports.ts b/x-pack/plugins/transform/common/shared_imports.ts
index 4506083a1876f..3062c7ab8d23c 100644
--- a/x-pack/plugins/transform/common/shared_imports.ts
+++ b/x-pack/plugins/transform/common/shared_imports.ts
@@ -6,5 +6,9 @@
*/
export type { HitsTotalRelation, SearchResponse7 } from '../../ml/common';
-export { HITS_TOTAL_RELATION } from '../../ml/common';
-export { composeValidators, patternValidator } from '../../ml/common';
+export {
+ composeValidators,
+ patternValidator,
+ ChartData,
+ HITS_TOTAL_RELATION,
+} from '../../ml/common';
diff --git a/x-pack/plugins/transform/public/app/hooks/use_api.ts b/x-pack/plugins/transform/public/app/hooks/use_api.ts
index 388bc8b432fc4..7afbc5e403b78 100644
--- a/x-pack/plugins/transform/public/app/hooks/use_api.ts
+++ b/x-pack/plugins/transform/public/app/hooks/use_api.ts
@@ -16,7 +16,10 @@ import type {
DeleteTransformsRequestSchema,
DeleteTransformsResponseSchema,
} from '../../../common/api_schemas/delete_transforms';
-import type { FieldHistogramsResponseSchema } from '../../../common/api_schemas/field_histograms';
+import type {
+ FieldHistogramsRequestSchema,
+ FieldHistogramsResponseSchema,
+} from '../../../common/api_schemas/field_histograms';
import type {
StartTransformsRequestSchema,
StartTransformsResponseSchema,
@@ -194,6 +197,7 @@ export const useApi = () => {
indexPatternTitle: string,
fields: FieldHistogramRequestConfig[],
query: string | SavedSearchQuery,
+ runtimeMappings?: FieldHistogramsRequestSchema['runtimeMappings'],
samplerShardSize = DEFAULT_SAMPLER_SHARD_SIZE
): Promise {
try {
@@ -202,6 +206,7 @@ export const useApi = () => {
query,
fields,
samplerShardSize,
+ ...(runtimeMappings !== undefined ? { runtimeMappings } : {}),
}),
});
} catch (e) {
diff --git a/x-pack/plugins/transform/public/app/hooks/use_index_data.ts b/x-pack/plugins/transform/public/app/hooks/use_index_data.ts
index dde4c7eb0f3a0..e12aa78e33622 100644
--- a/x-pack/plugins/transform/public/app/hooks/use_index_data.ts
+++ b/x-pack/plugins/transform/public/app/hooks/use_index_data.ts
@@ -150,7 +150,8 @@ export const useIndexData = (
fieldName: cT.id,
type: getFieldType(cT.schema),
})),
- isDefaultQuery(query) ? matchAllQuery : query
+ isDefaultQuery(query) ? matchAllQuery : query,
+ combinedRuntimeMappings
);
if (!isFieldHistogramsResponseSchema(columnChartsData)) {
diff --git a/x-pack/plugins/transform/public/app/sections/create_transform/components/advanced_runtime_mappings_editor/advanced_runtime_mappings_editor.tsx b/x-pack/plugins/transform/public/app/sections/create_transform/components/advanced_runtime_mappings_editor/advanced_runtime_mappings_editor.tsx
index 087bae97e287e..23c4cfcefe8ef 100644
--- a/x-pack/plugins/transform/public/app/sections/create_transform/components/advanced_runtime_mappings_editor/advanced_runtime_mappings_editor.tsx
+++ b/x-pack/plugins/transform/public/app/sections/create_transform/components/advanced_runtime_mappings_editor/advanced_runtime_mappings_editor.tsx
@@ -13,6 +13,7 @@ import { EuiCodeEditor } from '@elastic/eui';
import { i18n } from '@kbn/i18n';
import { StepDefineFormHook } from '../step_define';
+import { isRuntimeMappings } from '../step_define/common/types';
export const AdvancedRuntimeMappingsEditor: FC = memo(
({
@@ -43,8 +44,8 @@ export const AdvancedRuntimeMappingsEditor: FC]/g;
@@ -77,7 +77,7 @@ export function getPivotDropdownOptions(
// Support for runtime_mappings that are defined by queries
let runtimeFields: Field[] = [];
- if (isPopulatedObject(runtimeMappings)) {
+ if (isRuntimeMappings(runtimeMappings)) {
runtimeFields = Object.keys(runtimeMappings).map((fieldName) => {
const field = runtimeMappings[fieldName];
return { name: fieldName, type: getKibanaFieldTypeFromEsType(field.type) };
diff --git a/x-pack/plugins/transform/public/app/sections/create_transform/components/step_define/common/types.test.ts b/x-pack/plugins/transform/public/app/sections/create_transform/components/step_define/common/types.test.ts
new file mode 100644
index 0000000000000..ec90d31a0d169
--- /dev/null
+++ b/x-pack/plugins/transform/public/app/sections/create_transform/components/step_define/common/types.test.ts
@@ -0,0 +1,71 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { isRuntimeField, isRuntimeMappings } from './types';
+
+describe('Transform: step_define type guards', () => {
+ it('isRuntimeField()', () => {
+ expect(isRuntimeField(1)).toBe(false);
+ expect(isRuntimeField(null)).toBe(false);
+ expect(isRuntimeField([])).toBe(false);
+ expect(isRuntimeField({})).toBe(false);
+ expect(isRuntimeField({ someAttribute: 'someValue' })).toBe(false);
+ expect(isRuntimeField({ type: 'wrong-type' })).toBe(false);
+ expect(isRuntimeField({ type: 'keyword', someAttribute: 'some value' })).toBe(false);
+
+ expect(isRuntimeField({ type: 'keyword' })).toBe(true);
+ expect(isRuntimeField({ type: 'keyword', script: 'some script' })).toBe(true);
+ });
+
+ it('isRuntimeMappings()', () => {
+ expect(isRuntimeMappings(1)).toBe(false);
+ expect(isRuntimeMappings(null)).toBe(false);
+ expect(isRuntimeMappings([])).toBe(false);
+ expect(isRuntimeMappings({})).toBe(false);
+ expect(isRuntimeMappings({ someAttribute: 'someValue' })).toBe(false);
+ expect(isRuntimeMappings({ fieldName1: { type: 'keyword' }, fieldName2: 'someValue' })).toBe(
+ false
+ );
+ expect(
+ isRuntimeMappings({
+ fieldName1: { type: 'keyword' },
+ fieldName2: { type: 'keyword', someAttribute: 'some value' },
+ })
+ ).toBe(false);
+ expect(
+ isRuntimeMappings({
+ fieldName: { type: 'long', script: 1234 },
+ })
+ ).toBe(false);
+ expect(
+ isRuntimeMappings({
+ fieldName: { type: 'long', script: { someAttribute: 'some value' } },
+ })
+ ).toBe(false);
+ expect(
+ isRuntimeMappings({
+ fieldName: { type: 'long', script: { source: 1234 } },
+ })
+ ).toBe(false);
+
+ expect(isRuntimeMappings({ fieldName: { type: 'keyword' } })).toBe(true);
+ expect(
+ isRuntimeMappings({ fieldName1: { type: 'keyword' }, fieldName2: { type: 'keyword' } })
+ ).toBe(true);
+ expect(
+ isRuntimeMappings({
+ fieldName1: { type: 'keyword' },
+ fieldName2: { type: 'keyword', script: 'some script as script' },
+ })
+ ).toBe(true);
+ expect(
+ isRuntimeMappings({
+ fieldName: { type: 'long', script: { source: 'some script as source' } },
+ })
+ ).toBe(true);
+ });
+});
diff --git a/x-pack/plugins/transform/public/app/sections/create_transform/components/step_define/common/types.ts b/x-pack/plugins/transform/public/app/sections/create_transform/components/step_define/common/types.ts
index 6c9293a6d13cf..d0218996b2e4f 100644
--- a/x-pack/plugins/transform/public/app/sections/create_transform/components/step_define/common/types.ts
+++ b/x-pack/plugins/transform/public/app/sections/create_transform/components/step_define/common/types.ts
@@ -24,6 +24,8 @@ import {
} from '../../../../../../../common/types/transform';
import { LatestFunctionConfig } from '../../../../../../../common/api_schemas/transforms';
+import { isPopulatedObject } from '../../../../../common/utils/object_utils';
+
export interface ErrorMessage {
query: string;
message: string;
@@ -70,10 +72,30 @@ export interface StepDefineExposedState {
isRuntimeMappingsEditorEnabled: boolean;
}
+export function isRuntimeField(arg: any): arg is RuntimeField {
+ return (
+ isPopulatedObject(arg) &&
+ ((Object.keys(arg).length === 1 && arg.hasOwnProperty('type')) ||
+ (Object.keys(arg).length === 2 &&
+ arg.hasOwnProperty('type') &&
+ arg.hasOwnProperty('script') &&
+ (typeof arg.script === 'string' ||
+ (isPopulatedObject(arg.script) &&
+ Object.keys(arg.script).length === 1 &&
+ arg.script.hasOwnProperty('source') &&
+ typeof arg.script.source === 'string')))) &&
+ RUNTIME_FIELD_TYPES.includes(arg.type)
+ );
+}
+
+export function isRuntimeMappings(arg: any): arg is RuntimeMappings {
+ return isPopulatedObject(arg) && Object.values(arg).every((d) => isRuntimeField(d));
+}
+
export function isPivotPartialRequest(arg: any): arg is { pivot: PivotConfigDefinition } {
- return typeof arg === 'object' && arg.hasOwnProperty('pivot');
+ return isPopulatedObject(arg) && arg.hasOwnProperty('pivot');
}
export function isLatestPartialRequest(arg: any): arg is { latest: LatestFunctionConfig } {
- return typeof arg === 'object' && arg.hasOwnProperty('latest');
+ return isPopulatedObject(arg) && arg.hasOwnProperty('latest');
}
diff --git a/x-pack/plugins/transform/server/routes/api/field_histograms.ts b/x-pack/plugins/transform/server/routes/api/field_histograms.ts
index d3269bf14322a..bfe2f47078569 100644
--- a/x-pack/plugins/transform/server/routes/api/field_histograms.ts
+++ b/x-pack/plugins/transform/server/routes/api/field_histograms.ts
@@ -32,7 +32,7 @@ export function registerFieldHistogramsRoutes({ router, license }: RouteDependen
license.guardApiRoute(
async (ctx, req, res) => {
const { indexPatternTitle } = req.params;
- const { query, fields, samplerShardSize } = req.body;
+ const { query, fields, runtimeMappings, samplerShardSize } = req.body;
try {
const resp = await getHistogramsForFields(
@@ -40,7 +40,8 @@ export function registerFieldHistogramsRoutes({ router, license }: RouteDependen
indexPatternTitle,
query,
fields,
- samplerShardSize
+ samplerShardSize,
+ runtimeMappings
);
return res.ok({ body: resp });
diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json
index d6eb4ceb258f9..0fc467645bec8 100644
--- a/x-pack/plugins/translations/translations/ja-JP.json
+++ b/x-pack/plugins/translations/translations/ja-JP.json
@@ -11418,7 +11418,6 @@
"xpack.lens.xySuggestions.unstackedChartTitle": "スタックが解除されました",
"xpack.lens.xySuggestions.yAxixConjunctionSign": " & ",
"xpack.lens.xyVisualization.areaLabel": "エリア",
- "xpack.lens.xyVisualization.barHorizontalFullLabel": "横棒",
"xpack.lens.xyVisualization.barHorizontalLabel": "横棒",
"xpack.lens.xyVisualization.barLabel": "棒",
"xpack.lens.xyVisualization.dataFailureSplitLong": "{layers, plural, other {レイヤー}} {layersList} には {axis} のフィールドが{layers, plural, other {必要です}}。",
@@ -11430,11 +11429,9 @@
"xpack.lens.xyVisualization.mixedLabel": "ミックスされた XY",
"xpack.lens.xyVisualization.noDataLabel": "結果が見つかりませんでした",
"xpack.lens.xyVisualization.stackedAreaLabel": "スタックされたエリア",
- "xpack.lens.xyVisualization.stackedBarHorizontalFullLabel": "積み上げ横棒",
"xpack.lens.xyVisualization.stackedBarHorizontalLabel": "横積み上げ棒",
"xpack.lens.xyVisualization.stackedBarLabel": "積み上げ棒",
"xpack.lens.xyVisualization.stackedPercentageAreaLabel": "割合エリア",
- "xpack.lens.xyVisualization.stackedPercentageBarHorizontalFullLabel": "割合横棒",
"xpack.lens.xyVisualization.stackedPercentageBarHorizontalLabel": "横割合棒",
"xpack.lens.xyVisualization.stackedPercentageBarLabel": "割合棒",
"xpack.lens.xyVisualization.xyLabel": "XY",
diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json
index d9b2350e9e9c0..f6f58e06264e6 100644
--- a/x-pack/plugins/translations/translations/zh-CN.json
+++ b/x-pack/plugins/translations/translations/zh-CN.json
@@ -11446,7 +11446,6 @@
"xpack.lens.xySuggestions.unstackedChartTitle": "非堆叠",
"xpack.lens.xySuggestions.yAxixConjunctionSign": " & ",
"xpack.lens.xyVisualization.areaLabel": "面积图",
- "xpack.lens.xyVisualization.barHorizontalFullLabel": "水平条形图",
"xpack.lens.xyVisualization.barHorizontalLabel": "水平条形图",
"xpack.lens.xyVisualization.barLabel": "条形图",
"xpack.lens.xyVisualization.dataFailureSplitLong": "{layers, plural, other {图层}} {layersList} {layers, plural, other {需要}}一个针对{axis}的字段。",
@@ -11458,11 +11457,9 @@
"xpack.lens.xyVisualization.mixedLabel": "混合 XY",
"xpack.lens.xyVisualization.noDataLabel": "找不到结果",
"xpack.lens.xyVisualization.stackedAreaLabel": "堆叠面积图",
- "xpack.lens.xyVisualization.stackedBarHorizontalFullLabel": "水平堆叠条形图",
"xpack.lens.xyVisualization.stackedBarHorizontalLabel": "水平堆叠条形图",
"xpack.lens.xyVisualization.stackedBarLabel": "堆叠条形图",
"xpack.lens.xyVisualization.stackedPercentageAreaLabel": "百分比面积图",
- "xpack.lens.xyVisualization.stackedPercentageBarHorizontalFullLabel": "水平百分比条形图",
"xpack.lens.xyVisualization.stackedPercentageBarHorizontalLabel": "水平百分比条形图",
"xpack.lens.xyVisualization.stackedPercentageBarLabel": "百分比条形图",
"xpack.lens.xyVisualization.xyLabel": "XY",
diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_rules.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_rules.ts
index 8d494724d9f76..6bdf881ba8ca2 100644
--- a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_rules.ts
+++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_rules.ts
@@ -138,7 +138,7 @@ export default ({ getService }: FtrProviderContext) => {
expect(statusBody[body.id].current_status.status).to.eql('warning');
expect(statusBody[body.id].current_status.last_success_message).to.eql(
- 'The following index patterns did not match any indices: ["does-not-exist-*"]'
+ 'This rule is attempting to query data from Elasticsearch indices listed in the "Index pattern" section of the rule definition, however no index matching: ["does-not-exist-*"] was found. This warning will continue to appear until a matching index is created or this rule is de-activated.'
);
});
diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_threat_matching.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_threat_matching.ts
index 9da98e316315d..59526fd5abb8f 100644
--- a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_threat_matching.ts
+++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_threat_matching.ts
@@ -35,7 +35,8 @@ export default ({ getService }: FtrProviderContext) => {
/**
* Specific api integration tests for threat matching rule type
*/
- describe('create_threat_matching', () => {
+ // FLAKY: https://github.com/elastic/kibana/issues/93152
+ describe.skip('create_threat_matching', () => {
describe('validation errors', () => {
it('should give an error that the index must exist first if it does not exist before creating a rule', async () => {
const { body } = await supertest
diff --git a/x-pack/test/functional/page_objects/lens_page.ts b/x-pack/test/functional/page_objects/lens_page.ts
index d9ec9ca5d3f62..2ecf6f3163d7e 100644
--- a/x-pack/test/functional/page_objects/lens_page.ts
+++ b/x-pack/test/functional/page_objects/lens_page.ts
@@ -418,19 +418,20 @@ export function LensPageProvider({ getService, getPageObjects }: FtrProviderCont
* @param subVisualizationId - the ID of the sub-visualization to switch to, such as
* lnsDatatable or bar_stacked
*/
- async switchToVisualization(subVisualizationId: string) {
+ async switchToVisualization(subVisualizationId: string, searchTerm?: string) {
await this.openChartSwitchPopover();
+ await this.searchOnChartSwitch(subVisualizationId, searchTerm);
await testSubjects.click(`lnsChartSwitchPopover_${subVisualizationId}`);
await PageObjects.header.waitUntilLoadingHasFinished();
},
async openChartSwitchPopover() {
- if (await testSubjects.exists('visTypeTitle')) {
+ if (await testSubjects.exists('lnsChartSwitchList')) {
return;
}
await retry.try(async () => {
await testSubjects.click('lnsChartSwitchPopover');
- await testSubjects.existOrFail('visTypeTitle');
+ await testSubjects.existOrFail('lnsChartSwitchList');
});
},
@@ -451,17 +452,28 @@ export function LensPageProvider({ getService, getPageObjects }: FtrProviderCont
return errors?.length ?? 0;
},
+ async searchOnChartSwitch(subVisualizationId: string, searchTerm?: string) {
+ // Because the new chart switcher is now a virtualized list, the process needs some help
+ // So either pass a search string or pick the last 3 letters from the id (3 because pie
+ // is the smallest chart name) and use them to search
+ const queryTerm = searchTerm ?? subVisualizationId.substring(subVisualizationId.length - 3);
+ return await testSubjects.setValue('lnsChartSwitchSearch', queryTerm, {
+ clearWithKeyboard: true,
+ });
+ },
+
/**
* Checks a specific subvisualization in the chart switcher for a "data loss" indicator
*
* @param subVisualizationId - the ID of the sub-visualization to switch to, such as
* lnsDatatable or bar_stacked
*/
- async hasChartSwitchWarning(subVisualizationId: string) {
+ async hasChartSwitchWarning(subVisualizationId: string, searchTerm?: string) {
await this.openChartSwitchPopover();
+ await this.searchOnChartSwitch(subVisualizationId, searchTerm);
const element = await testSubjects.find(`lnsChartSwitchPopover_${subVisualizationId}`);
- return await find.descendantExistsByCssSelector(
- '.euiKeyPadMenuItem__betaBadgeWrapper',
+ return await testSubjects.descendantExists(
+ `lnsChartSwitchPopoverAlert_${subVisualizationId}`,
element
);
},