Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[7.17] Remove Agent Debug Info (#187126) #187805

Merged
merged 1 commit into from
Jul 9, 2024

Remove Agent Debug Info (#187126)

a29ce7a
Select commit
Loading
Failed to load commit list.
Merged

[7.17] Remove Agent Debug Info (#187126) #187805

Remove Agent Debug Info (#187126)
a29ce7a
Select commit
Loading
Failed to load commit list.
checks-reporter / X-Pack Chrome Functional tests / Group 11 succeeded Jul 8, 2024 in 47m 47s

node scripts/functional_tests --bail --kibana-install-dir /opt/local-ssd/buildkite/builds/bk-agent-prod-gcp-1720479272096468514/elastic/kibana-pull-request/kibana-build-xpack --include-tag ciGroup11

Details

[truncated]
s is found. body: {"a1b8fd00-3d83-11ef-b4af-8ddce1ef3638":{"current_status":{"status_date":"2024-07-08T23:41:47.479Z","status":"going to run","last_failure_at":null,"last_success_at":null,"last_failure_message":null,"last_success_message":null,"gap":null,"bulk_create_time_durations":[],"search_after_time_durations":[],"last_look_back_date":null},"failures":[]}}, status: 200
Try number 14 out of 3200 for function waitForRuleSuccessOrStatus
                   │ proc [kibana] {"ecs":{"version":"1.12.0"},"@timestamp":"2024-07-08T23:41:50.238+00:00","message":"Elasticsearch deprecation: 299 Elasticsearch-7.17.23-SNAPSHOT-42b93a534929add031e668becc4565463f2c4b32 \"this request accesses system indices: [.security-7, .tasks], but in a future major version, direct access to system indices will be prevented by default\"\nOrigin:kibana\nQuery:\n200 - 230.0B\nGET /*/_mapping?filter_path=*.mappings._meta.beat%2C*.mappings._meta.package.name%2C*.mappings._meta.managed_by%2C*.mappings.properties.ecs.properties.version.type%2C*.mappings.properties.data_stream.properties.type.value%2C*.mappings.properties.data_stream.properties.dataset.value","log":{"level":"DEBUG","logger":"elasticsearch.deprecation"},"process":{"pid":5051}}
                   └- ✓ pass  (7.9s)
                 └-> "after each" hook for "should show "notifications_enabled" to be "1" for rule that has at least "1" action(s) and the alert is "enabled"/"active""
                 └-> should show "legacy_notifications_disabled" to be "1" for rule that has at least "1" legacy action(s) and the alert is "disabled"/"in-active"
                   └-> "before each" hook: global before each for "should show "legacy_notifications_disabled" to be "1" for rule that has at least "1" legacy action(s) and the alert is "disabled"/"in-active""
                   └-> "before each" hook for "should show "legacy_notifications_disabled" to be "1" for rule that has at least "1" legacy action(s) and the alert is "disabled"/"in-active""
                     │ proc [kibana] {"ecs":{"version":"1.12.0"},"@timestamp":"2024-07-08T23:41:53.748+00:00","message":"Elasticsearch deprecation: 299 Elasticsearch-7.17.23-SNAPSHOT-42b93a534929add031e668becc4565463f2c4b32 \"index name [.siem-signals-default-000001] starts with a dot '.', in the next major version, index names starting with a dot are reserved for hidden indices and system indices\"\nOrigin:kibana\nQuery:\n200 - 87.0B\nPUT /.siem-signals-default-000001\n{\"aliases\":{\".siem-signals-default\":{\"is_write_index\":true}}}","log":{"level":"DEBUG","logger":"elasticsearch.deprecation"},"process":{"pid":5051}}
                   │ proc [kibana] {"ecs":{"version":"1.12.0"},"@timestamp":"2024-07-08T23:41:59.716+00:00","message":"Elasticsearch deprecation: 299 Elasticsearch-7.17.23-SNAPSHOT-42b93a534929add031e668becc4565463f2c4b32 \"this request accesses system indices: [.security-7, .tasks], but in a future major version, direct access to system indices will be prevented by default\"\nOrigin:kibana\nQuery:\n200 - 230.0B\nGET /*/_mapping?filter_path=*.mappings._meta.beat%2C*.mappings._meta.package.name%2C*.mappings._meta.managed_by%2C*.mappings.properties.ecs.properties.version.type%2C*.mappings.properties.data_stream.properties.type.value%2C*.mappings.properties.data_stream.properties.dataset.value","log":{"level":"DEBUG","logger":"elasticsearch.deprecation"},"process":{"pid":5051}}
                   └- ✓ pass  (6.8s)
                 └-> "after each" hook for "should show "legacy_notifications_disabled" to be "1" for rule that has at least "1" legacy action(s) and the alert is "disabled"/"in-active""
                 └-> should show "legacy_notifications_enabled" to be "1" for rule that has at least "1" legacy action(s) and the alert is "enabled"/"active"
                   └-> "before each" hook: global before each for "should show "legacy_notifications_enabled" to be "1" for rule that has at least "1" legacy action(s) and the alert is "enabled"/"active""
                   └-> "before each" hook for "should show "legacy_notifications_enabled" to be "1" for rule that has at least "1" legacy action(s) and the alert is "enabled"/"active""
                     │ proc [kibana] {"ecs":{"version":"1.12.0"},"@timestamp":"2024-07-08T23:42:04.830+00:00","message":"Elasticsearch deprecation: 299 Elasticsearch-7.17.23-SNAPSHOT-42b93a534929add031e668becc4565463f2c4b32 \"index name [.siem-signals-default-000001] starts with a dot '.', in the next major version, index names starting with a dot are reserved for hidden indices and system indices\"\nOrigin:kibana\nQuery:\n200 - 87.0B\nPUT /.siem-signals-default-000001\n{\"aliases\":{\".siem-signals-default\":{\"is_write_index\":true}}}","log":{"level":"DEBUG","logger":"elasticsearch.deprecation"},"process":{"pid":5051}}
                   │ proc [kibana] {"ecs":{"version":"1.12.0"},"@timestamp":"2024-07-08T23:42:09.670+00:00","message":"Elasticsearch deprecation: 299 Elasticsearch-7.17.23-SNAPSHOT-42b93a534929add031e668becc4565463f2c4b32 \"this request accesses system indices: [.security-7, .tasks], but in a future major version, direct access to system indices will be prevented by default\"\nOrigin:kibana\nQuery:\n200 - 163.0B\nPOST /*/_search?allow_no_indices=true&size=10000&ignore_unavailable=true\n{\"query\":{\"bool\":{\"filter\":[{\"bool\":{\"must\":[{\"term\":{\"signal.rule.rule_id\":\"threshold-rule\"}},{\"range\":{\"signal.original_time\":{\"gte\":\"1900-01-01T00:00:00.000Z\"}}},{\"term\":{\"signal.rule.threshold.field\":\"keyword\"}}]}},{\"bool\":{\"filter\":[{\"bool\":{\"should\":[{\"range\":{\"@timestamp\":{\"lte\":\"2024-07-08T23:42:09.664Z\",\"gte\":\"1900-01-01T00:00:00.000Z\",\"format\":\"strict_date_optional_time\"}}}],\"minimum_should_match\":1}}]}},{\"match_all\":{}}]}},\"fields\":[{\"field\":\"*\",\"include_unmapped\":true},{\"field\":\"@timestamp\",\"format\":\"strict_date_optional_time\"}],\"sort\":[{\"@timestamp\":{\"order\":\"asc\",\"unmapped_type\":\"date\"}}]}","log":{"level":"DEBUG","logger":"elasticsearch.deprecation"},"process":{"pid":5051}}
                   │ proc [kibana] {"ecs":{"version":"1.12.0"},"@timestamp":"2024-07-08T23:42:11.314+00:00","message":"Elasticsearch deprecation: 299 Elasticsearch-7.17.23-SNAPSHOT-42b93a534929add031e668becc4565463f2c4b32 \"this request accesses system indices: [.security-7, .tasks], but in a future major version, direct access to system indices will be prevented by default\"\nOrigin:kibana\nQuery:\n200 - 230.0B\nGET /*/_mapping?filter_path=*.mappings._meta.beat%2C*.mappings._meta.package.name%2C*.mappings._meta.managed_by%2C*.mappings.properties.ecs.properties.version.type%2C*.mappings.properties.data_stream.properties.type.value%2C*.mappings.properties.data_stream.properties.dataset.value","log":{"level":"DEBUG","logger":"elasticsearch.deprecation"},"process":{"pid":5051}}
                   └- ✓ pass  (6.9s)
                 └-> "after each" hook for "should show "legacy_notifications_enabled" to be "1" for rule that has at least "1" legacy action(s) and the alert is "enabled"/"active""
                 └-> "after all" hook: afterTestSuite.trigger for "should show "legacy_notifications_enabled" to be "1" for rule that has at least "1" legacy action(s) and the alert is "enabled"/"active""
               └-: "ml" rule type
                 └-> "before all" hook: beforeTestSuite.trigger for "should show "notifications_enabled", "notifications_disabled" "legacy_notifications_enabled", "legacy_notifications_disabled", all to be "0" for "disabled"/"in-active" rule that does not have any actions"
                 └-> should show "notifications_enabled", "notifications_disabled" "legacy_notifications_enabled", "legacy_notifications_disabled", all to be "0" for "disabled"/"in-active" rule that does not have any actions
                   └-> "before each" hook: global before each for "should show "notifications_enabled", "notifications_disabled" "legacy_notifications_enabled", "legacy_notifications_disabled", all to be "0" for "disabled"/"in-active" rule that does not have any actions"
                   └-> "before each" hook for "should show "notifications_enabled", "notifications_disabled" "legacy_notifications_enabled", "legacy_notifications_disabled", all to be "0" for "disabled"/"in-active" rule that does not have any actions"
                     │ proc [kibana] {"ecs":{"version":"1.12.0"},"@timestamp":"2024-07-08T23:42:18.955+00:00","message":"Elasticsearch deprecation: 299 Elasticsearch-7.17.23-SNAPSHOT-42b93a534929add031e668becc4565463f2c4b32 \"index name [.siem-signals-default-000001] starts with a dot '.', in the next major version, index names starting with a dot are reserved for hidden indices and system indices\"\nOrigin:kibana\nQuery:\n200 - 87.0B\nPUT /.siem-signals-default-000001\n{\"aliases\":{\".siem-signals-default\":{\"is_write_index\":true}}}","log":{"level":"DEBUG","logger":"elasticsearch.deprecation"},"process":{"pid":5051}}
                   │ proc [kibana] {"ecs":{"version":"1.12.0"},"@timestamp":"2024-07-08T23:42:19.856+00:00","message":"Elasticsearch deprecation: 299 Elasticsearch-7.17.23-SNAPSHOT-42b93a534929add031e668becc4565463f2c4b32 \"this request accesses system indices: [.security-7, .tasks], but in a future major version, direct access to system indices will be prevented by default\"\nOrigin:kibana\nQuery:\n200 - 230.0B\nGET /*/_mapping?filter_path=*.mappings._meta.beat%2C*.mappings._meta.package.name%2C*.mappings._meta.managed_by%2C*.mappings.properties.ecs.properties.version.type%2C*.mappings.properties.data_stream.properties.type.value%2C*.mappings.properties.data_stream.properties.dataset.value","log":{"level":"DEBUG","logger":"elasticsearch.deprecation"},"process":{"pid":5051}}
                   └- ✓ pass  (1.8s)
                 └-> "after each" hook for "should show "notifications_enabled", "notifications_disabled" "legacy_notifications_enabled", "legacy_notifications_disabled", all to be "0" for "disabled"/"in-active" rule that does not have any actions"
                 └-> should show "notifications_enabled", "notifications_disabled" "legacy_notifications_enabled", "legacy_notifications_disabled", all to be "0" for "enabled"/"active" rule that does not have any actions
                   └-> "before each" hook: global before each for "should show "notifications_enabled", "notifications_disabled" "legacy_notifications_enabled", "legacy_notifications_disabled", all to be "0" for "enabled"/"active" rule that does not have any actions"
                   └-> "before each" hook for "should show "notifications_enabled", "notifications_disabled" "legacy_notifications_enabled", "legacy_notifications_disabled", all to be "0" for "enabled"/"active" rule that does not have any actions"
                     │ proc [kibana] {"ecs":{"version":"1.12.0"},"@timestamp":"2024-07-08T23:42:21.989+00:00","message":"Elasticsearch deprecation: 299 Elasticsearch-7.17.23-SNAPSHOT-42b93a534929add031e668becc4565463f2c4b32 \"index name [.siem-signals-default-000001] starts with a dot '.', in the next major version, index names starting with a dot are reserved for hidden indices and system indices\"\nOrigin:kibana\nQuery:\n200 - 87.0B\nPUT /.siem-signals-default-000001\n{\"aliases\":{\".siem-signals-default\":{\"is_write_index\":true}}}","log":{"level":"DEBUG","logger":"elasticsearch.deprecation"},"process":{"pid":5051}}
                   │ proc [kibana] {"ecs":{"version":"1.12.0"},"@timestamp":"2024-07-08T23:42:23.905+00:00","message":"Elasticsearch deprecation: 299 Elasticsearch-7.17.23-SNAPSHOT-42b93a534929add031e668becc4565463f2c4b32 \"this request accesses system indices: [.security-7, .tasks], but in a future major version, direct access to system indices will be prevented by default\"\nOrigin:kibana\nQuery:\n200 - 230.0B\nGET /*/_mapping?filter_path=*.mappings._meta.beat%2C*.mappings._meta.package.name%2C*.mappings._meta.managed_by%2C*.mappings.properties.ecs.properties.version.type%2C*.mappings.properties.data_stream.properties.type.value%2C*.mappings.properties.data_stream.properties.dataset.value","log":{"level":"DEBUG","logger":"elasticsearch.deprecation"},"process":{"pid":5051}}
                   └- ✓ pass  (2.8s)
                 └-> "after each" hook for "should show "notifications_enabled", "notifications_disabled" "legacy_notifications_enabled", "legacy_notifications_disabled", all to be "0" for "enabled"/"active" rule that does not have any actions"
                 └-> should show "notifications_disabled" to be "1" for rule that has at least "1" action(s) and the alert is "disabled"/"in-active"
                   └-> "before each" hook: global before each for "should show "notifications_disabled" to be "1" for rule that has at least "1" action(s) and the alert is "disabled"/"in-active""
                   └-> "before each" hook for "should show "notifications_disabled" to be "1" for rule that has at least "1" action(s) and the alert is "disabled"/"in-active""
                     │ proc [kibana] {"ecs":{"version":"1.12.0"},"@timestamp":"2024-07-08T23:42:27.029+00:00","message":"Elasticsearch deprecation: 299 Elasticsearch-7.17.23-SNAPSHOT-42b93a534929add031e668becc4565463f2c4b32 \"index name [.siem-signals-default-000001] starts with a dot '.', in the next major version, index names starting with a dot are reserved for hidden indices and system indices\"\nOrigin:kibana\nQuery:\n200 - 87.0B\nPUT /.siem-signals-default-000001\n{\"aliases\":{\".siem-signals-default\":{\"is_write_index\":true}}}","log":{"level":"DEBUG","logger":"elasticsearch.deprecation"},"process":{"pid":5051}}
                   │ proc [kibana] {"ecs":{"version":"1.12.0"},"@timestamp":"2024-07-08T23:42:28.910+00:00","message":"Elasticsearch deprecation: 299 Elasticsearch-7.17.23-SNAPSHOT-42b93a534929add031e668becc4565463f2c4b32 \"this request accesses system indices: [.security-7, .tasks], but in a future major version, direct access to system indices will be prevented by default\"\nOrigin:kibana\nQuery:\n200 - 230.0B\nGET /*/_mapping?filter_path=*.mappings._meta.beat%2C*.mappings._meta.package.name%2C*.mappings._meta.managed_by%2C*.mappings.properties.ecs.properties.version.type%2C*.mappings.properties.data_stream.properties.type.value%2C*.mappings.properties.data_stream.properties.dataset.value","log":{"level":"DEBUG","logger":"elasticsearch.deprecation"},"process":{"pid":5051}}
                   └- ✓ pass  (2.8s)
                 └-> "after each" hook for "should show "notifications_disabled" to be "1" for rule that has at least "1" action(s) and the alert is "disabled"/"in-active""
                 └-> should show "notifications_enabled" to be "1" for rule that has at least "1" action(s) and the alert is "enabled"/"active"
                   └-> "before each" hook: global before each for "should show "notifications_enabled" to be "1" for rule that has at least "1" action(s) and the alert is "enabled"/"active""
                   └-> "before each" hook for "should show "notifications_enabled" to be "1" for rule that has at least "1" action(s) and the alert is "enabled"/"active""
                     │ proc [kibana] {"ecs":{"version":"1.12.0"},"@timestamp":"2024-07-08T23:42:31.078+00:00","message":"Elasticsearch deprecation: 299 Elasticsearch-7.17.23-SNAPSHOT-42b93a534929add031e668becc4565463f2c4b32 \"index name [.siem-signals-default-000001] starts with a dot '.', in the next major version, index names starting with a dot are reserved for hidden indices and system indices\"\nOrigin:kibana\nQuery:\n200 - 87.0B\nPUT /.siem-signals-default-000001\n{\"aliases\":{\".siem-signals-default\":{\"is_write_index\":true}}}","log":{"level":"DEBUG","logger":"elasticsearch.deprecation"},"process":{"pid":5051}}
                   │ proc [kibana] {"ecs":{"version":"1.12.0"},"@timestamp":"2024-07-08T23:42:34.019+00:00","message":"Elasticsearch deprecation: 299 Elasticsearch-7.17.23-SNAPSHOT-42b93a534929add031e668becc4565463f2c4b32 \"this request accesses system indices: [.security-7, .tasks], but in a future major version, direct access to system indices will be prevented by default\"\nOrigin:kibana\nQuery:\n200 - 230.0B\nGET /*/_mapping?filter_path=*.mappings._meta.beat%2C*.mappings._meta.package.name%2C*.mappings._meta.managed_by%2C*.mappings.properties.ecs.properties.version.type%2C*.mappings.properties.data_stream.properties.type.value%2C*.mappings.properties.data_stream.properties.dataset.value","log":{"level":"DEBUG","logger":"elasticsearch.deprecation"},"process":{"pid":5051}}
                   └- ✓ pass  (3.8s)
                 └-> "after each" hook for "should show "notifications_enabled" to be "1" for rule that has at least "1" action(s) and the alert is "enabled"/"active""
                 └-> should show "legacy_notifications_disabled" to be "1" for rule that has at least "1" legacy action(s) and the alert is "disabled"/"in-active"
                   └-> "before each" hook: global before each for "should show "legacy_notifications_disabled" to be "1" for rule that has at least "1" legacy action(s) and the alert is "disabled"/"in-active""
                   └-> "before each" hook for "should show "legacy_notifications_disabled" to be "1" for rule that has at least "1" legacy action(s) and the alert is "disabled"/"in-active""
                     │ proc [kibana] {"ecs":{"version":"1.12.0"},"@timestamp":"2024-07-08T23:42:37.152+00:00","message":"Elasticsearch deprecation: 299 Elasticsearch-7.17.23-SNAPSHOT-42b93a534929add031e668becc4565463f2c4b32 \"index name [.siem-signals-default-000001] starts with a dot '.', in the next major version, index names starting with a dot are reserved for hidden indices and system indices\"\nOrigin:kibana\nQuery:\n200 - 87.0B\nPUT /.siem-signals-default-000001\n{\"aliases\":{\".siem-signals-default\":{\"is_write_index\":true}}}","log":{"level":"DEBUG","logger":"elasticsearch.deprecation"},"process":{"pid":5051}}
                   │ proc [kibana] {"ecs":{"version":"1.12.0"},"@timestamp":"2024-07-08T23:42:42.023+00:00","message":"Elasticsearch deprecation: 299 Elasticsearch-7.17.23-SNAPSHOT-42b93a534929add031e668becc4565463f2c4b32 \"this request accesses system indices: [.security-7, .tasks], but in a future major version, direct access to system indices will be prevented by default\"\nOrigin:kibana\nQuery:\n200 - 230.0B\nGET /*/_mapping?filter_path=*.mappings._meta.beat%2C*.mappings._meta.package.name%2C*.mappings._meta.managed_by%2C*.mappings.properties.ecs.properties.version.type%2C*.mappings.properties.data_stream.properties.type.value%2C*.mappings.properties.data_stream.properties.dataset.value","log":{"level":"DEBUG","logger":"elasticsearch.deprecation"},"process":{"pid":5051}}
                   └- ✓ pass  (5.8s)
                 └-> "after each" hook for "should show "legacy_notifications_disabled" to be "1" for rule that has at least "1" legacy action(s) and the alert is "disabled"/"in-active""
                 └-> should show "legacy_notifications_enabled" to be "1" for rule that has at least "1" legacy action(s) and the alert is "enabled"/"active"
                   └-> "before each" hook: global before each for "should show "legacy_notifications_enabled" to be "1" for rule that has at least "1" legacy action(s) and the alert is "enabled"/"active""
                   └-> "before each" hook for "should show "legacy_notifications_enabled" to be "1" for rule that has at least "1" legacy action(s) and the alert is "enabled"/"active""
                     │ proc [kibana] {"ecs":{"version":"1.12.0"},"@timestamp":"2024-07-08T23:42:47.211+00:00","message":"Elasticsearch deprecation: 299 Elasticsearch-7.17.23-SNAPSHOT-42b93a534929add031e668becc4565463f2c4b32 \"index name [.siem-signals-default-000001] starts with a dot '.', in the next major version, index names starting with a dot are reserved for hidden indices and system indices\"\nOrigin:kibana\nQuery:\n200 - 87.0B\nPUT /.siem-signals-default-000001\n{\"aliases\":{\".siem-signals-default\":{\"is_write_index\":true}}}","log":{"level":"DEBUG","logger":"elasticsearch.deprecation"},"process":{"pid":5051}}
                   │ proc [kibana] {"ecs":{"version":"1.12.0"},"@timestamp":"2024-07-08T23:42:53.196+00:00","message":"Elasticsearch deprecation: 299 Elasticsearch-7.17.23-SNAPSHOT-42b93a534929add031e668becc4565463f2c4b32 \"this request accesses system indices: [.security-7, .tasks], but in a future major version, direct access to system indices will be prevented by default\"\nOrigin:kibana\nQuery:\n200 - 230.0B\nGET /*/_mapping?filter_path=*.mappings._meta.beat%2C*.mappings._meta.package.name%2C*.mappings._meta.managed_by%2C*.mappings.properties.ecs.properties.version.type%2C*.mappings.properties.data_stream.properties.type.value%2C*.mappings.properties.data_stream.properties.dataset.value","log":{"level":"DEBUG","logger":"elasticsearch.deprecation"},"process":{"pid":5051}}
                   └- ✓ pass  (6.9s)
                 └-> "after each" hook for "should show "legacy_notifications_enabled" to be "1" for rule that has at least "1" legacy action(s) and the alert is "enabled"/"active""
                 └-> "after all" hook: afterTestSuite.trigger for "should show "legacy_notifications_enabled" to be "1" for rule that has at least "1" legacy action(s) and the alert is "enabled"/"active""
               └-: "indicator_match/threat_match" rule type
                 └-> "before all" hook: beforeTestSuite.trigger for "should show "notifications_enabled", "notifications_disabled" "legacy_notifications_enabled", "legacy_notifications_disabled", all to be "0" for "disabled"/"in-active" rule that does not have any actions"
                 └-> should show "notifications_enabled", "notifications_disabled" "legacy_notifications_enabled", "legacy_notifications_disabled", all to be "0" for "disabled"/"in-active" rule that does not have any actions
                   └-> "before each" hook: global before each for "should show "notifications_enabled", "notifications_disabled" "legacy_notifications_enabled", "legacy_notifications_disabled", all to be "0" for "disabled"/"in-active" rule that does not have any actions"
                   └-> "before each" hook for "should show "notifications_enabled", "notifications_disabled" "legacy_notifications_enabled", "legacy_notifications_disabled", all to be "0" for "disabled"/"in-active" rule that does not have any actions"
                     │ proc [kibana] {"ecs":{"version":"1.12.0"},"@timestamp":"2024-07-08T23:43:01.333+00:00","message":"Elasticsearch deprecation: 299 Elasticsearch-7.17.23-SNAPSHOT-42b93a534929add031e668becc4565463f2c4b32 \"index name [.siem-signals-default-000001] starts with a dot '.', in the next major version, index names starting with a dot are reserved for hidden indices and system indices\"\nOrigin:kibana\nQuery:\n200 - 87.0B\nPUT /.siem-signals-default-000001\n{\"aliases\":{\".siem-signals-default\":{\"is_write_index\":true}}}","log":{"level":"DEBUG","logger":"elasticsearch.deprecation"},"process":{"pid":5051}}
                   │ proc [kibana] {"ecs":{"version":"1.12.0"},"@timestamp":"2024-07-08T23:43:02.243+00:00","message":"Elasticsearch deprecation: 299 Elasticsearch-7.17.23-SNAPSHOT-42b93a534929add031e668becc4565463f2c4b32 \"this request accesses system indices: [.security-7, .tasks], but in a future major version, direct access to system indices will be prevented by default\"\nOrigin:kibana\nQuery:\n200 - 230.0B\nGET /*/_mapping?filter_path=*.mappings._meta.beat%2C*.mappings._meta.package.name%2C*.mappings._meta.managed_by%2C*.mappings.properties.ecs.properties.version.type%2C*.mappings.properties.data_stream.properties.type.value%2C*.mappings.properties.data_stream.properties.dataset.value","log":{"level":"DEBUG","logger":"elasticsearch.deprecation"},"process":{"pid":5051}}
                   └- ✓ pass  (1.8s)
                 └-> "after each" hook for "should show "notifications_enabled", "notifications_disabled" "legacy_notifications_enabled", "legacy_notifications_disabled", all to be "0" for "disabled"/"in-active" rule that does not have any actions"
                 └-> should show "notifications_enabled", "notifications_disabled" "legacy_notifications_enabled", "legacy_notifications_disabled", all to be "0" for "enabled"/"active" rule that does not have any actions
                   └-> "before each" hook: global before each for "should show "notifications_enabled", "notifications_disabled" "legacy_notifications_enabled", "legacy_notifications_disabled", all to be "0" for "enabled"/"active" rule that does not have any actions"
                   └-> "before each" hook for "should show "notifications_enabled", "notifications_disabled" "legacy_notifications_enabled", "legacy_notifications_disabled", all to be "0" for "enabled"/"active" rule that does not have any actions"
                     │ proc [kibana] {"ecs":{"version":"1.12.0"},"@timestamp":"2024-07-08T23:43:04.346+00:00","message":"Elasticsearch deprecation: 299 Elasticsearch-7.17.23-SNAPSHOT-42b93a534929add031e668becc4565463f2c4b32 \"index name [.siem-signals-default-000001] starts with a dot '.', in the next major version, index names starting with a dot are reserved for hidden indices and system indices\"\nOrigin:kibana\nQuery:\n200 - 87.0B\nPUT /.siem-signals-default-000001\n{\"aliases\":{\".siem-signals-default\":{\"is_write_index\":true}}}","log":{"level":"DEBUG","logger":"elasticsearch.deprecation"},"process":{"pid":5051}}
Did not get an expected status of succeeded while waiting for a rule success or status for rule id d1f095f0-3d83-11ef-b4af-8ddce1ef3638 (waitForRuleSuccessOrStatus). Will continue retrying until status is found. body: {}, status: 200
Try number 0 out of 3200 for function waitForRuleSuccessOrStatus
Did not get an expected status of succeeded while waiting for a rule success or status for rule id d1f095f0-3d83-11ef-b4af-8ddce1ef3638 (waitForRuleSuccessOrStatus). Will continue retrying until status is found. body: {}, status: 200
Try number 1 out of 3200 for function waitForRuleSuccessOrStatus
Did not get an expected status of succeeded while waiting for a rule success or status for rule id d1f095f0-3d83-11ef-b4af-8ddce1ef3638 (waitForRuleSuccessOrStatus). Will continue retrying until status is found. body: {}, status: 200
Try number 2 out of 3200 for function waitForRuleSuccessOrStatus
Did not get an expected status of succeeded while waiting for a rule success or status for rule id d1f095f0-3d83-11ef-b4af-8ddce1ef3638 (waitForRuleSuccessOrStatus). Will continue retrying until status is found. body: {}, status: 200
Try number 3 out of 3200 for function waitForRuleSuccessOrStatus
Did not get an expected status of succeeded while waiting for a rule success or status for rule id d1f095f0-3d83-11ef-b4af-8ddce1ef3638 (waitForRuleSuccessOrStatus). Will continue retrying until status is found. body: {}, status: 200
Try number 4 out of 3200 for function waitForRuleSuccessOrStatus
Did not get an expected status of succeeded while waiting for a rule success or status for rule id d1f095f0-3d83-11ef-b4af-8ddce1ef3638 (waitForRuleSuccessOrStatus). Will continue retrying until status is found. body: {}, status: 200
Try number 5 out of 3200 for function waitForRuleSuccessOrStatus
Did not get an expected status of succeeded while waiting for a rule success or status for rule id d1f095f0-3d83-11ef-b4af-8ddce1ef3638 (waitForRuleSuccessOrStatus). Will continue retrying until status is found. body: {}, status: 200
Try number 6 out of 3200 for function waitForRuleSuccessOrStatus
Did not get an expected status of succeeded while waiting for a rule success or status for rule id d1f095f0-3d83-11ef-b4af-8ddce1ef3638 (waitForRuleSuccessOrStatus). Will continue retrying until status is found. body: {}, status: 200
Try number 7 out of 3200 for function waitForRuleSuccessOrStatus
Did not get an expected status of succeeded while waiting for a rule success or status for rule id d1f095f0-3d83-11ef-b4af-8ddce1ef3638 (waitForRuleSuccessOrStatus). Will continue retrying until status is found. body: {"d1f095f0-3d83-11ef-b4af-8ddce1ef3638":{"current_status":{"status_date":"2024-07-08T23:43:07.908Z","status":"going to run","last_failure_at":null,"last_success_at":null,"last_failure_message":null,"last_success_message":null,"gap":null,"bulk_create_time_durations":[],"search_after_time_durations":[],"last_look_back_date":null},"failures":[]}}, status: 200
Try number 8 out of 3200 for function waitForRuleSuccessOrStatus
Did not get an expected status of succeeded while waiting for a rule success or status for rule id d1f095f0-3d83-11ef-b4af-8ddce1ef3638 (waitForRuleSuccessOrStatus). Will continue retrying until status is found. body: {"d1f095f0-3d83-11ef-b4af-8ddce1ef3638":{"current_status":{"status_date":"2024-07-08T23:43:07.908Z","status":"going to run","last_failure_at":null,"last_success_at":null,"last_failure_message":null,"last_success_message":null,"gap":null,"bulk_create_time_durations":[],"search_after_time_durations":[],"last_look_back_date":null},"failures":[]}}, status: 200
Try number 9 out of 3200 for function waitForRuleSuccessOrStatus
Did not get an expected status of succeeded while waiting for a rule success or status for rule id d1f095f0-3d83-11ef-b4af-8ddce1ef3638 (waitForRuleSuccessOrStatus). Will continue retrying until status is found. body: {"d1f095f0-3d83-11ef-b4af-8ddce1ef3638":{"current_status":{"status_date":"2024-07-08T23:43:07.908Z","status":"going to run","last_failure_at":null,"last_success_at":null,"last_failure_message":null,"last_success_message":null,"gap":null,"bulk_create_time_durations":[],"search_after_time_durations":[],"last_look_back_date":null},"failures":[]}}, status: 200
Try number 10 out of 3200 for function waitForRuleSuccessOrStatus
Did not get an expected status of succeeded while waiting for a rule success or status for rule id d1f095f0-3d83-11ef-b4af-8ddce1ef3638 (waitForRuleSuccessOrStatus). Will continue retrying until status is found. body: {"d1f095f0-3d83-11ef-b4af-8ddce1ef3638":{"current_status":{"status_date":"2024-07-08T23:43:07.908Z","status":"going to run","last_failure_at":null,"last_success_at":null,"last_failure_message":null,"last_success_message":null,"gap":null,"bulk_create_time_durations":[],"search_after_time_durations":[],"last_look_back_date":null},"failures":[]}}, status: 200
Try number 11 out of 3200 for function waitForRuleSuccessOrStatus
Did not get an expected status of succeeded while waiting for a rule success or status for rule id d1f095f0-3d83-11ef-b4af-8ddce1ef3638 (waitForRuleSuccessOrStatus). Will continue retrying until status is found. body: {"d1f095f0-3d83-11ef-b4af-8ddce1ef3638":{"current_status":{"status_date":"2024-07-08T23:43:08.153Z","status":"going to run","last_failure_at":null,"last_success_at":null,"last_failure_message":null,"last_success_message":null,"gap":null,"bulk_create_time_durations":[],"search_after_time_durations":[],"last_look_back_date":null},"failures":[]}}, status: 200
Try number 12 out of 3200 for function waitForRuleSuccessOrStatus
Did not get an expected status of succeeded while waiting for a rule success or status for rule id d1f095f0-3d83-11ef-b4af-8ddce1ef3638 (waitForRuleSuccessOrStatus). Will continue retrying until status is found. body: {"d1f095f0-3d83-11ef-b4af-8ddce1ef3638":{"current_status":{"status_date":"2024-07-08T23:43:08.153Z","status":"going to run","last_failure_at":null,"last_success_at":null,"last_failure_message":null,"last_success_message":null,"gap":null,"bulk_create_time_durations":[],"search_after_time_durations":[],"last_look_back_date":null},"failures":[]}}, status: 200
Try number 13 out of 3200 for function waitForRuleSuccessOrStatus
Did not get an expected status of succeeded while waiting for a rule success or status for rule id d1f095f0-3d83-11ef-b4af-8ddce1ef3638 (waitForRuleSuccessOrStatus). Will continue retrying until status is found. body: {"d1f095f0-3d83-11ef-b4af-8ddce1ef3638":{"current_status":{"status_date":"2024-07-08T23:43:08.153Z","status":"going to run","last_failure_at":null,"last_success_at":null,"last_failure_message":null,"last_success_message":null,"gap":null,"bulk_create_time_durations":[],"search_after_time_durations":[],"last_look_back_date":null},"failures":[]}}, status: 200
Try number 14 out of 3200 for function waitForRuleSuccessOrStatus
                   │ proc [kibana] {"ecs":{"version":"1.12.0"},"@timestamp":"2024-07-08T23:43:10.844+00:00","message":"Elasticsearch deprecation: 299 Elasticsearch-7.17.23-SNAPSHOT-42b93a534929add031e668becc4565463f2c4b32 \"this request accesses system indices: [.security-7, .tasks], but in a future major version, direct access to system indices will be prevented by default\"\nOrigin:kibana\nQuery:\n200 - 230.0B\nGET /*/_mapping?filter_path=*.mappings._meta.beat%2C*.mappings._meta.package.name%2C*.mappings._meta.managed_by%2C*.mappings.properties.ecs.properties.version.type%2C*.mappings.properties.data_stream.properties.type.value%2C*.mappings.properties.data_stream.properties.dataset.value","log":{"level":"DEBUG","logger":"elasticsearch.deprecation"},"process":{"pid":5051}}
                   └- ✓ pass  (6.8s)
                 └-> "after each" hook for "should show "notifications_enabled", "notifications_disabled" "legacy_notifications_enabled", "legacy_notifications_disabled", all to be "0" for "enabled"/"active" rule that does not have any actions"
                 └-> should show "notifications_disabled" to be "1" for rule that has at least "1" action(s) and the alert is "disabled"/"in-active"
                   └-> "before each" hook: global before each for "should show "notifications_disabled" to be "1" for rule that has at least "1" action(s) and the alert is "disabled"/"in-active""
                   └-> "before each" hook for "should show "notifications_disabled" to be "1" for rule that has at least "1" action(s) and the alert is "disabled"/"in-active""
                     │ proc [kibana] {"ecs":{"version":"1.12.0"},"@timestamp":"2024-07-08T23:43:14.413+00:00","message":"Elasticsearch deprecation: 299 Elasticsearch-7.17.23-SNAPSHOT-42b93a534929add031e668becc4565463f2c4b32 \"index name [.siem-signals-default-000001] starts with a dot '.', in the next major version, index names starting with a dot are reserved for hidden indices and system indices\"\nOrigin:kibana\nQuery:\n200 - 87.0B\nPUT /.siem-signals-default-000001\n{\"aliases\":{\".siem-signals-default\":{\"is_write_index\":true}}}","log":{"level":"DEBUG","logger":"elasticsearch.deprecation"},"process":{"pid":5051}}
                   │ proc [kibana] {"ecs":{"version":"1.12.0"},"@timestamp":"2024-07-08T23:43:16.281+00:00","message":"Elasticsearch deprecation: 299 Elasticsearch-7.17.23-SNAPSHOT-42b93a534929add031e668becc4565463f2c4b32 \"this request accesses system indices: [.security-7, .tasks], but in a future major version, direct access to system indices will be prevented by default\"\nOrigin:kibana\nQuery:\n200 - 230.0B\nGET /*/_mapping?filter_path=*.mappings._meta.beat%2C*.mappings._meta.package.name%2C*.mappings._meta.managed_by%2C*.mappings.properties.ecs.properties.version.type%2C*.mappings.properties.data_stream.properties.type.value%2C*.mappings.properties.data_stream.properties.dataset.value","log":{"level":"DEBUG","logger":"elasticsearch.deprecation"},"process":{"pid":5051}}
                   └- ✓ pass  (2.8s)
                 └-> "after each" hook for "should show "notifications_disabled" to be "1" for rule that has at least "1" action(s) and the alert is "disabled"/"in-active""
                 └-> should show "notifications_enabled" to be "1" for rule that has at least "1" action(s) and the alert is "enabled"/"active"
                   └-> "before each" hook: global before each for "should show "notifications_enabled" to be "1" for rule that has at least "1" action(s) and the alert is "enabled"/"active""
                   └-> "before each" hook for "should show "notifications_enabled" to be "1" for rule that has at least "1" action(s) and the alert is "enabled"/"active""
                     │ proc [kibana] {"ecs":{"version":"1.12.0"},"@timestamp":"2024-07-08T23:43:18.461+00:00","message":"Elasticsearch deprecation: 299 Elasticsearch-7.17.23-SNAPSHOT-42b93a534929add031e668becc4565463f2c4b32 \"index name [.siem-signals-default-000001] starts with a dot '.', in the next major version, index names starting with a dot are reserved for hidden indices and system indices\"\nOrigin:kibana\nQuery:\n200 - 87.0B\nPUT /.siem-signals-default-000001\n{\"aliases\":{\".siem-signals-default\":{\"is_write_index\":true}}}","log":{"level":"DEBUG","logger":"elasticsearch.deprecation"},"process":{"pid":5051}}
Did not get an expected status of succeeded while waiting for a rule success or status for rule id dad07780-3d83-11ef-b4af-8ddce1ef3638 (waitForRuleSuccessOrStatus). Will continue retrying until status is found. body: {}, status: 200
Try number 0 out of 3200 for function waitForRuleSuccessOrStatus
Did not get an expected status of succeeded while waiting for a rule success or status for rule id dad07780-3d83-11ef-b4af-8ddce1ef3638 (waitForRuleSuccessOrStatus). Will continue retrying until status is found. body: {}, status: 200
Try number 1 out of 3200 for function waitForRuleSuccessOrStatus
Did not get an expected status of succeeded while waiting for a rule success or status for rule id dad07780-3d83-11ef-b4af-8ddce1ef3638 (waitForRuleSuccessOrStatus). Will continue retrying until status is found. body: {}, status: 200
Try number 2 out of 3200 for function waitForRuleSuccessOrStatus
Did not get an expected status of succeeded while waiting for a rule success or status for rule id dad07780-3d83-11ef-b4af-8ddce1ef3638 (waitForRuleSuccessOrStatus). Will continue retrying until status is found. body: {}, status: 200
Try number 3 out of 3200 for function waitForRuleSuccessOrStatus
Did not get an expected status of succeeded while waiting for a rule success or status for rule id dad07780-3d83-11ef-b4af-8ddce1ef3638 (waitForRuleSuccessOrStatus). Will continue retrying until status is found. body: {}, status: 200
Try number 4 out of 3200 for function waitForRuleSuccessOrStatus
Did not get an expected status of succeeded while waiting for a rule success or status for rule id dad07780-3d83-11ef-b4af-8ddce1ef3638 (waitForRuleSuccessOrStatus). Will continue retrying until status is found. body: {}, status: 200
Try number 5 out of 3200 for function waitForRuleSuccessOrStatus
Did not get an expected status of succeeded while waiting for a rule success or status for rule id dad07780-3d83-11ef-b4af-8ddce1ef3638 (waitForRuleSuccessOrStatus). Will continue retrying until status is found. body: {}, status: 200
Try number 6 out of 3200 for function waitForRuleSuccessOrStatus
Did not get an expected status of succeeded while waiting for a rule success or status for rule id dad07780-3d83-11ef-b4af-8ddce1ef3638 (waitForRuleSuccessOrStatus). Will continue retrying until status is found. body: {}, status: 200
Try number 7 out of 3200 for function waitForRuleSuccessOrStatus
Did not get an expected status of succeeded while waiting for a rule success or status for rule id dad07780-3d83-11ef-b4af-8ddce1ef3638 (waitForRuleSuccessOrStatus). Will continue retrying until status is found. body: {"dad07780-3d83-11ef-b4af-8ddce1ef3638":{"current_status":{"status_date":"2024-07-08T23:43:22.917Z","status":"going to run","last_failure_at":null,"last_success_at":null,"last_failure_message":null,"last_success_message":null,"gap":null,"bulk_create_time_durations":[],"search_after_time_durations":[],"last_look_back_date":null},"failures":[]}}, status: 200
Try number 8 out of 3200 for function waitForRuleSuccessOrStatus
Did not get an expected status of succeeded while waiting for a rule success or status for rule id dad07780-3d83-11ef-b4af-8ddce1ef3638 (waitForRuleSuccessOrStatus). Will continue retrying until status is found. body: {"dad07780-3d83-11ef-b4af-8ddce1ef3638":{"current_status":{"status_date":"2024-07-08T23:43:22.917Z","status":"going to run","last_failure_at":null,"last_success_at":null,"last_failure_message":null,"last_success_message":null,"gap":null,"bulk_create_time_durations":[],"search_after_time_durations":[],"last_look_back_date":null},"failures":[]}}, status: 200
Try number 9 out of 3200 for function waitForRuleSuccessOrStatus
Did not get an expected status of succeeded while waiting for a rule success or status for rule id dad07780-3d83-11ef-b4af-8ddce1ef3638 (waitForRuleSuccessOrStatus). Will continue retrying until status is found. body: {"dad07780-3d83-11ef-b4af-8ddce1ef3638":{"current_status":{"status_date":"2024-07-08T23:43:22.917Z","status":"going to run","last_failure_at":null,"last_success_at":null,"last_failure_message":null,"last_success_message":null,"gap":null,"bulk_create_time_durations":[],"search_after_time_durations":[],"last_look_back_date":null},"failures":[]}}, status: 200
Try number 10 out of 3200 for function waitForRuleSuccessOrStatus
Did not get an expected status of succeeded while waiting for a rule success or status for rule id dad07780-3d83-11ef-b4af-8ddce1ef3638 (waitForRuleSuccessOrStatus). Will continue retrying until status is found. body: {"dad07780-3d83-11ef-b4af-8ddce1ef3638":{"current_status":{"status_date":"2024-07-08T23:43:22.917Z","status":"going to run","last_failure_at":null,"last_success_at":null,"last_failure_message":null,"last_success_message":null,"gap":null,"bulk_create_time_durations":[],"search_after_time_durations":[],"last_look_back_date":null},"failures":[]}}, status: 200
Try number 11 out of 3200 for function waitForRuleSuccessOrStatus
Did not get an expected status of succeeded while waiting for a rule success or status for rule id dad07780-3d83-11ef-b4af-8ddce1ef3638 (waitForRuleSuccessOrStatus). Will continue retrying until status is found. body: {"dad07780-3d83-11ef-b4af-8ddce1ef3638":{"current_status":{"status_date":"2024-07-08T23:43:23.274Z","status":"going to run","last_failure_at":null,"last_success_at":null,"last_failure_message":null,"last_success_message":null,"gap":null,"bulk_create_time_durations":[],"search_after_time_durations":[],"last_look_back_date":null},"failures":[]}}, status: 200
Try number 12 out of 3200 for function waitForRuleSuccessOrStatus
Did not get an expected status of succeeded while waiting for a rule success or status for rule id dad07780-3d83-11ef-b4af-8ddce1ef3638 (waitForRuleSuccessOrStatus). Will continue retrying until status is found. body: {"dad07780-3d83-11ef-b4af-8ddce1ef3638":{"current_status":{"status_date":"2024-07-08T23:43:23.274Z","status":"going to run","last_failure_at":null,"last_success_at":null,"last_failure_message":null,"last_success_message":null,"gap":null,"bulk_create_time_durations":[],"search_after_time_durations":[],"last_look_back_date":null},"failures":[]}}, status: 200
Try number 13 out of 3200 for function waitForRuleSuccessOrStatus
Did not get an expected status of succeeded while waiting for a rule success or status for rule id dad07780-3d83-11ef-b4af-8ddce1ef3638 (waitForRuleSuccessOrStatus). Will continue retrying until status is found. body: {"dad07780-3d83-11ef-b4af-8ddce1ef3638":{"current_status":{"status_date":"2024-07-08T23:43:23.274Z","status":"going to run","last_failure_at":null,"last_success_at":null,"last_failure_message":null,"last_success_message":null,"gap":null,"bulk_create_time_durations":[],"search_after_time_durations":[],"last_look_back_date":null},"failures":[]}}, status: 200
Try number 14 out of 3200 for function waitForRuleSuccessOrStatus
                   │ proc [kibana] {"ecs":{"version":"1.12.0"},"@timestamp":"2024-07-08T23:43:25.917+00:00","message":"Elasticsearch deprecation: 299 Elasticsearch-7.17.23-SNAPSHOT-42b93a534929add031e668becc4565463f2c4b32 \"this request accesses system indices: [.security-7, .tasks], but in a future major version, direct access to system indices will be prevented by default\"\nOrigin:kibana\nQuery:\n200 - 230.0B\nGET /*/_mapping?filter_path=*.mappings._meta.beat%2C*.mappings._meta.package.name%2C*.mappings._meta.managed_by%2C*.mappings.properties.ecs.properties.version.type%2C*.mappings.properties.data_stream.properties.type.value%2C*.mappings.properties.data_stream.properties.dataset.value","log":{"level":"DEBUG","logger":"elasticsearch.deprecation"},"process":{"pid":5051}}
                   └- ✓ pass  (7.9s)
                 └-> "after each" hook for "should show "notifications_enabled" to be "1" for rule that has at least "1" action(s) and the alert is "enabled"/"active""
                 └-> should show "legacy_notifications_disabled" to be "1" for rule that has at least "1" legacy action(s) and the alert is "disabled"/"in-active"
                   └-> "before each" hook: global before each for "should show "legacy_notifications_disabled" to be "1" for rule that has at least "1" legacy action(s) and the alert is "disabled"/"in-active""
                   └-> "before each" hook for "should show "legacy_notifications_disabled" to be "1" for rule that has at least "1" legacy action(s) and the alert is "disabled"/"in-active""
                     │ proc [kibana] {"ecs":{"version":"1.12.0"},"@timestamp":"2024-07-08T23:43:29.553+00:00","message":"Elasticsearch deprecation: 299 Elasticsearch-7.17.23-SNAPSHOT-42b93a534929add031e668becc4565463f2c4b32 \"index name [.siem-signals-default-000001] starts with a dot '.', in the next major version, index names starting with a dot are reserved for hidden indices and system indices\"\nOrigin:kibana\nQuery:\n200 - 87.0B\nPUT /.siem-signals-default-000001\n{\"aliases\":{\".siem-signals-default\":{\"is_write_index\":true}}}","log":{"level":"DEBUG","logger":"elasticsearch.deprecation"},"process":{"pid":5051}}
                   │ proc [kibana] {"ecs":{"version":"1.12.0"},"@timestamp":"2024-07-08T23:43:34.459+00:00","message":"Elasticsearch deprecation: 299 Elasticsearch-7.17.23-SNAPSHOT-42b93a534929add031e668becc4565463f2c4b32 \"this request accesses system indices: [.security-7, .tasks], but in a future major version, direct access to system indices will be prevented by default\"\nOrigin:kibana\nQuery:\n200 - 230.0B\nGET /*/_mapping?filter_path=*.mappings._meta.beat%2C*.mappings._meta.package.name%2C*.mappings._meta.managed_by%2C*.mappings.properties.ecs.properties.version.type%2C*.mappings.properties.data_stream.properties.type.value%2C*.mappings.properties.data_stream.properties.dataset.value","log":{"level":"DEBUG","logger":"elasticsearch.deprecation"},"process":{"pid":5051}}
                   └- ✓ pass  (5.8s)
                 └-> "after each" hook for "should show "legacy_notifications_disabled" to be "1" for rule that has at least "1" legacy action(s) and the alert is "disabled"/"in-active""
                 └-> should show "legacy_notifications_enabled" to be "1" for rule that has at least "1" legacy action(s) and the alert is "enabled"/"active"
                   └-> "before each" hook: global before each for "should show "legacy_notifications_enabled" to be "1" for rule that has at least "1" legacy action(s) and the alert is "enabled"/"active""
                   └-> "before each" hook for "should show "legacy_notifications_enabled" to be "1" for rule that has at least "1" legacy action(s) and the alert is "enabled"/"active""
                     │ proc [kibana] {"ecs":{"version":"1.12.0"},"@timestamp":"2024-07-08T23:43:39.636+00:00","message":"Elasticsearch deprecation: 299 Elasticsearch-7.17.23-SNAPSHOT-42b93a534929add031e668becc4565463f2c4b32 \"index name [.siem-signals-default-000001] starts with a dot '.', in the next major version, index names starting with a dot are reserved for hidden indices and system indices\"\nOrigin:kibana\nQuery:\n200 - 87.0B\nPUT /.siem-signals-default-000001\n{\"aliases\":{\".siem-signals-default\":{\"is_write_index\":true}}}","log":{"level":"DEBUG","logger":"elasticsearch.deprecation"},"process":{"pid":5051}}
                   │ proc [kibana] {"ecs":{"version":"1.12.0"},"@timestamp":"2024-07-08T23:43:47.059+00:00","message":"Elasticsearch deprecation: 299 Elasticsearch-7.17.23-SNAPSHOT-42b93a534929add031e668becc4565463f2c4b32 \"this request accesses system indices: [.security-7, .tasks], but in a future major version, direct access to system indices will be prevented by default\"\nOrigin:kibana\nQuery:\n200 - 230.0B\nGET /*/_mapping?filter_path=*.mappings._meta.beat%2C*.mappings._meta.package.name%2C*.mappings._meta.managed_by%2C*.mappings.properties.ecs.properties.version.type%2C*.mappings.properties.data_stream.properties.type.value%2C*.mappings.properties.data_stream.properties.dataset.value","log":{"level":"DEBUG","logger":"elasticsearch.deprecation"},"process":{"pid":5051}}
                   └- ✓ pass  (7.9s)
                 └-> "after each" hook for "should show "legacy_notifications_enabled" to be "1" for rule that has at least "1" legacy action(s) and the alert is "enabled"/"active""
                 └-> "after all" hook: afterTestSuite.trigger for "should show "legacy_notifications_enabled" to be "1" for rule that has at least "1" legacy action(s) and the alert is "enabled"/"active""
               └-: "pre-packaged"/"immutable" rules
                 └-> "before all" hook: beforeTestSuite.trigger for "should show stats for totals for in-active pre-packaged rules"
                 └-> should show stats for totals for in-active pre-packaged rules
                   └-> "before each" hook: global before each for "should show stats for totals for in-active pre-packaged rules"
                   └-> "before each" hook for "should show stats for totals for in-active pre-packaged rules"
                     │ proc [kibana] {"ecs":{"version":"1.12.0"},"@timestamp":"2024-07-08T23:43:54.753+00:00","message":"Elasticsearch deprecation: 299 Elasticsearch-7.17.23-SNAPSHOT-42b93a534929add031e668becc4565463f2c4b32 \"index name [.siem-signals-default-000001] starts with a dot '.', in the next major version, index names starting with a dot are reserved for hidden indices and system indices\"\nOrigin:kibana\nQuery:\n200 - 87.0B\nPUT /.siem-signals-default-000001\n{\"aliases\":{\".siem-signals-default\":{\"is_write_index\":true}}}","log":{"level":"DEBUG","logger":"elasticsearch.deprecation"},"process":{"pid":5051}}
                   │ proc [kibana] {"ecs":{"version":"1.12.0"},"@timestamp":"2024-07-08T23:44:00.771+00:00","message":"Elasticsearch deprecation: 299 Elasticsearch-7.17.23-SNAPSHOT-42b93a534929add031e668becc4565463f2c4b32 \"this request accesses system indices: [.security-7, .tasks], but in a future major version, direct access to system indices will be prevented by default\"\nOrigin:kibana\nQuery:\n200 - 230.0B\nGET /*/_mapping?filter_path=*.mappings._meta.beat%2C*.mappings._meta.package.name%2C*.mappings._meta.managed_by%2C*.mappings.properties.ecs.properties.version.type%2C*.mappings.properties.data_stream.properties.type.value%2C*.mappings.properties.data_stream.properties.dataset.value","log":{"level":"DEBUG","logger":"elasticsearch.deprecation"},"process":{"pid":5051}}
                   └- ✓ pass  (7.0s)
                 └-> "after each" hook for "should show stats for totals for in-active pre-packaged rules"
                 └-> should show stats for the detection_rule_details for a specific pre-packaged rule
                   └-> "before each" hook: global before each for "should show stats for the detection_rule_details for a specific pre-packaged rule"
                   └-> "before each" hook for "should show stats for the detection_rule_details for a specific pre-packaged rule"
                     │ proc [kibana] {"ecs":{"version":"1.12.0"},"@timestamp":"2024-07-08T23:44:23.675+00:00","message":"Elasticsearch deprecation: 299 Elasticsearch-7.17.23-SNAPSHOT-42b93a534929add031e668becc4565463f2c4b32 \"index name [.siem-signals-default-000001] starts with a dot '.', in the next major version, index names starting with a dot are reserved for hidden indices and system indices\"\nOrigin:kibana\nQuery:\n200 - 87.0B\nPUT /.siem-signals-default-000001\n{\"aliases\":{\".siem-signals-default\":{\"is_write_index\":true}}}","log":{"level":"DEBUG","logger":"elasticsearch.deprecation"},"process":{"pid":5051}}
                   │ proc [kibana] {"ecs":{"version":"1.12.0"},"@timestamp":"2024-07-08T23:44:28.126+00:00","message":"Elasticsearch deprecation: 299 Elasticsearch-7.17.23-SNAPSHOT-42b93a534929add031e668becc4565463f2c4b32 \"this request accesses system indices: [.security-7, .tasks], but in a future major version, direct access to system indices will be prevented by default\"\nOrigin:kibana\nQuery:\n200 - 230.0B\nGET /*/_mapping?filter_path=*.mappings._meta.beat%2C*.mappings._meta.package.name%2C*.mappings._meta.managed_by%2C*.mappings.properties.ecs.properties.version.type%2C*.mappings.properties.data_stream.properties.type.value%2C*.mappings.properties.data_stream.properties.dataset.value","log":{"level":"DEBUG","logger":"elasticsearch.deprecation"},"process":{"pid":5051}}
                   └- ✓ pass  (5.4s)
                 └-> "after each" hook for "should show stats for the detection_rule_details for a specific pre-packaged rule"
                 └-> should show "notifications_disabled" to be "1", "has_notification" to be "true, "has_legacy_notification" to be "false" for rule that has at least "1" action(s) and the alert is "disabled"/"in-active"
                   └-> "before each" hook: global before each for "should show "notifications_disabled" to be "1", "has_notification" to be "true, "has_legacy_notification" to be "false" for rule that has at least "1" action(s) and the alert is "disabled"/"in-active""
                   └-> "before each" hook for "should show "notifications_disabled" to be "1", "has_notification" to be "true, "has_legacy_notification" to be "false" for rule that has at least "1" action(s) and the alert is "disabled"/"in-active""
                     │ proc [kibana] {"ecs":{"version":"1.12.0"},"@timestamp":"2024-07-08T23:44:52.906+00:00","message":"Elasticsearch deprecation: 299 Elasticsearch-7.17.23-SNAPSHOT-42b93a534929add031e668becc4565463f2c4b32 \"index name [.siem-signals-default-000001] starts with a dot '.', in the next major version, index names starting with a dot are reserved for hidden indices and system indices\"\nOrigin:kibana\nQuery:\n200 - 87.0B\nPUT /.siem-signals-default-000001\n{\"aliases\":{\".siem-signals-default\":{\"is_write_index\":true}}}","log":{"level":"DEBUG","logger":"elasticsearch.deprecation"},"process":{"pid":5051}}
                   │ proc [kibana] {"ecs":{"version":"1.12.0"},"@timestamp":"2024-07-08T23:45:02.610+00:00","message":"Elasticsearch deprecation: 299 Elasticsearch-7.17.23-SNAPSHOT-42b93a534929add031e668becc4565463f2c4b32 \"this request accesses system indices: [.security-7, .tasks], but in a future major version, direct access to system indices will be prevented by default\"\nOrigin:kibana\nQuery:\n200 - 230.0B\nGET /*/_mapping?filter_path=*.mappings._meta.beat%2C*.mappings._meta.package.name%2C*.mappings._meta.managed_by%2C*.mappings.properties.ecs.properties.version.type%2C*.mappings.properties.data_stream.properties.type.value%2C*.mappings.properties.data_stream.properties.dataset.value","log":{"level":"DEBUG","logger":"elasticsearch.deprecation"},"process":{"pid":5051}}
                   └- ✓ pass  (10.6s)
                 └-> "after each" hook for "should show "notifications_disabled" to be "1", "has_notification" to be "true, "has_legacy_notification" to be "false" for rule that has at least "1" action(s) and the alert is "disabled"/"in-active""
                 └-> should show "notifications_enabled" to be "1", "has_notification" to be "true, "has_legacy_notification" to be "false" for rule that has at least "1" action(s) and the alert is "enabled"/"active"
                   └-> "before each" hook: global before each for "should show "notifications_enabled" to be "1", "has_notification" to be "true, "has_legacy_notification" to be "false" for rule that has at least "1" action(s) and the alert is "enabled"/"active""
                   └-> "before each" hook for "should show "notifications_enabled" to be "1", "has_notification" to be "true, "has_legacy_notification" to be "false" for rule that has at least "1" action(s) and the alert is "enabled"/"active""
                     │ proc [kibana] {"ecs":{"version":"1.12.0"},"@timestamp":"2024-07-08T23:45:25.084+00:00","message":"Elasticsearch deprecation: 299 Elasticsearch-7.17.23-SNAPSHOT-42b93a534929add031e668becc4565463f2c4b32 \"index name [.siem-signals-default-000001] starts with a dot '.', in the next major version, index names starting with a dot are reserved for hidden indices and system indices\"\nOrigin:kibana\nQuery:\n200 - 87.0B\nPUT /.siem-signals-default-000001\n{\"aliases\":{\".siem-signals-default\":{\"is_write_index\":true}}}","log":{"level":"DEBUG","logger":"elasticsearch.deprecation"},"process":{"pid":5051}}
                   │ proc [kibana] {"ecs":{"version":"1.12.0"},"@timestamp":"2024-07-08T23:45:32.997+00:00","message":"Elasticsearch deprecation: 299 Elasticsearch-7.17.23-SNAPSHOT-42b93a534929add031e668becc4565463f2c4b32 \"this request accesses system indices: [.security-7, .tasks], but in a future major version, direct access to system indices will be prevented by default\"\nOrigin:kibana\nQuery:\n200 - 230.0B\nGET /*/_mapping?filter_path=*.mappings._meta.beat%2C*.mappings._meta.package.name%2C*.mappings._meta.managed_by%2C*.mappings.properties.ecs.properties.version.type%2C*.mappings.properties.data_stream.properties.type.value%2C*.mappings.properties.data_stream.properties.dataset.value","log":{"level":"DEBUG","logger":"elasticsearch.deprecation"},"process":{"pid":5051}}
                   └- ✓ pass  (8.8s)
                 └-> "after each" hook for "should show "notifications_enabled" to be "1", "has_notification" to be "true, "has_legacy_notification" to be "false" for rule that has at least "1" action(s) and the alert is "enabled"/"active""
                 └-> should show "legacy_notifications_disabled" to be "1", "has_notification" to be "false, "has_legacy_notification" to be "true" for rule that has at least "1" action(s) and the alert is "disabled"/"in-active"
                   └-> "before each" hook: global before each for "should show "legacy_notifications_disabled" to be "1", "has_notification" to be "false, "has_legacy_notification" to be "true" for rule that has at least "1" action(s) and the alert is "disabled"/"in-active""
                   └-> "before each" hook for "should show "legacy_notifications_disabled" to be "1", "has_notification" to be "false, "has_legacy_notification" to be "true" for rule that has at least "1" action(s) and the alert is "disabled"/"in-active""
                     │ proc [kibana] {"ecs":{"version":"1.12.0"},"@timestamp":"2024-07-08T23:45:57.680+00:00","message":"Elasticsearch deprecation: 299 Elasticsearch-7.17.23-SNAPSHOT-42b93a534929add031e668becc4565463f2c4b32 \"index name [.siem-signals-default-000001] starts with a dot '.', in the next major version, index names starting with a dot are reserved for hidden indices and system indices\"\nOrigin:kibana\nQuery:\n200 - 87.0B\nPUT /.siem-signals-default-000001\n{\"aliases\":{\".siem-signals-default\":{\"is_write_index\":true}}}","log":{"level":"DEBUG","logger":"elasticsearch.deprecation"},"process":{"pid":5051}}
                   │ proc [kibana] {"ecs":{"version":"1.12.0"},"@timestamp":"2024-07-08T23:46:10.505+00:00","message":"Elasticsearch deprecation: 299 Elasticsearch-7.17.23-SNAPSHOT-42b93a534929add031e668becc4565463f2c4b32 \"this request accesses system indices: [.security-7, .tasks], but in a future major version, direct access to system indices will be prevented by default\"\nOrigin:kibana\nQuery:\n200 - 230.0B\nGET /*/_mapping?filter_path=*.mappings._meta.beat%2C*.mappings._meta.package.name%2C*.mappings._meta.managed_by%2C*.mappings.properties.ecs.properties.version.type%2C*.mappings.properties.data_stream.properties.type.value%2C*.mappings.properties.data_stream.properties.dataset.value","log":{"level":"DEBUG","logger":"elasticsearch.deprecation"},"process":{"pid":5051}}
                   └- ✓ pass  (13.7s)
                 └-> "after each" hook for "should show "legacy_notifications_disabled" to be "1", "has_notification" to be "false, "has_legacy_notification" to be "true" for rule that has at least "1" action(s) and the alert is "disabled"/"in-active""
                 └-> should show "legacy_notifications_enabled" to be "1", "has_notification" to be "false, "has_legacy_notification" to be "true" for rule that has at least "1" action(s) and the alert is "enabled"/"active"
                   └-> "before each" hook: global before each for "should show "legacy_notifications_enabled" to be "1", "has_notification" to be "false, "has_legacy_notification" to be "true" for rule that has at least "1" action(s) and the alert is "enabled"/"active""
                   └-> "before each" hook for "should show "legacy_notifications_enabled" to be "1", "has_notification" to be "false, "has_legacy_notification" to be "true" for rule that has at least "1" action(s) and the alert is "enabled"/"active""
                     │ proc [kibana] {"ecs":{"version":"1.12.0"},"@timestamp":"2024-07-08T23:46:34.981+00:00","message":"Elasticsearch deprecation: 299 Elasticsearch-7.17.23-SNAPSHOT-42b93a534929add031e668becc4565463f2c4b32 \"index name [.siem-signals-default-000001] starts with a dot '.', in the next major version, index names starting with a dot are reserved for hidden indices and system indices\"\nOrigin:kibana\nQuery:\n200 - 87.0B\nPUT /.siem-signals-default-000001\n{\"aliases\":{\".siem-signals-default\":{\"is_write_index\":true}}}","log":{"level":"DEBUG","logger":"elasticsearch.deprecation"},"process":{"pid":5051}}
                   │ proc [kibana] {"ecs":{"version":"1.12.0"},"@timestamp":"2024-07-08T23:46:47.916+00:00","message":"Elasticsearch deprecation: 299 Elasticsearch-7.17.23-SNAPSHOT-42b93a534929add031e668becc4565463f2c4b32 \"this request accesses system indices: [.security-7, .tasks], but in a future major version, direct access to system indices will be prevented by default\"\nOrigin:kibana\nQuery:\n200 - 230.0B\nGET /*/_mapping?filter_path=*.mappings._meta.beat%2C*.mappings._meta.package.name%2C*.mappings._meta.managed_by%2C*.mappings.properties.ecs.properties.version.type%2C*.mappings.properties.data_stream.properties.type.value%2C*.mappings.properties.data_stream.properties.dataset.value","log":{"level":"DEBUG","logger":"elasticsearch.deprecation"},"process":{"pid":5051}}
                   └- ✓ pass  (13.9s)
                 └-> "after each" hook for "should show "legacy_notifications_enabled" to be "1", "has_notification" to be "false, "has_legacy_notification" to be "true" for rule that has at least "1" action(s) and the alert is "enabled"/"active""
                 └-> "after all" hook: afterTestSuite.trigger for "should show "legacy_notifications_enabled" to be "1", "has_notification" to be "false, "has_legacy_notification" to be "true" for rule that has at least "1" action(s) and the alert is "enabled"/"active""
               └-> "after all" hook for "should have initialized empty/zero values when no rules are running"
               └-> "after all" hook: afterTestSuite.trigger for "should have initialized empty/zero values when no rules are running"
             └-> "after all" hook: afterTestSuite.trigger in ""
           └-> "after all" hook: afterTestSuite.trigger in "Detection rule type telemetry"
         └-> "after all" hook: afterTestSuite.trigger in ""
       └-> "after all" hook: afterTestSuite.trigger in "detection engine api security and spaces enabled"
   │
   │421 passing (43.0m)
   │40 pending
   │
   │ proc [kibana]   log   [23:47:18.357] [info][plugins-system][standard] Stopping all plugins.
   │ proc [kibana]   log   [23:47:18.359] [info][kibana-monitoring][monitoring][monitoring][plugins] Monitoring stats collection is stopped
   │ proc [kibana]   log   [23:47:18.361] [info][eventLog][plugins] event logged: {"@timestamp":"2024-07-08T23:47:18.360Z","event":{"provider":"eventLog","action":"stopping"},"message":"eventLog stopping","ecs":{"version":"1.8.0"},"kibana":{"server_uuid":"5b2de169-2785-441b-ae8c-186a1936b17d","version":"7.17.23"}}
   │ info [kibana] exited with null after 2616.4 seconds
   │ info [es] stopping node ftr
   │ info [o.e.x.m.p.NativeController] [ftr] Native controller process has stopped - no new native processes can be started
   │ info [o.e.n.Node] [ftr] stopping ...
   │ info [o.e.x.w.WatcherService] [ftr] stopping watch service, reason [shutdown initiated]
   │ info [o.e.x.w.WatcherLifeCycleService] [ftr] watcher has stopped and shutdown
   │ info [o.e.n.Node] [ftr] stopped
   │ info [o.e.n.Node] [ftr] closing ...
   │ info [o.e.n.Node] [ftr] closed
   │ info [es] stopped
   │ info [es] no debug files found, assuming es did not write any
   │ info [es] cleanup complete
View more details on checks-reporter