[ES|QL] separate command autocomplete routines #195418

drewdaemon · 2024-10-08T13:52:37Z

The problem

The autocomplete logic for commands is currently designed to be generic. This is not a good fit for the ES|QL language since every command can have its own syntax and patterns. The generic approach currently leads to the following problems

Lack of orthogonality—a change in the behavior in one area of the language often has side-effects in other parts of the language.
Code complexity/understandability—the autocomplete routines are large, complicated, and difficult to follow. It is especially difficult to understand exactly which pieces of logic apply to which commands.

The plan

Instead of having getExpressionSuggestionsByType try to cover all commands, it should delegate to command-specific routines attached to the command definitions:

const commandDefinition = commandDefinitions
    .find(({name}) => ASTCommand.name == name);

return commandDefinition.suggest(...);

This should increase the orthogonality of the code, making it safer/easier to change behavior for some commands without affecting others.

By the end of this refactor, I expect the signature property in command definitions to be removed and the definitions to be paired down to very simple interfaces. We are moving away from declarative toward imperative, so the need for many of the command definition flags will be removed.

One drawback to this could be a lot of code duplication since there will still be overlap between commands. We can mitigate this by using a composable library of shared functions where syntax is close enough between commands.

{
    name: 'keep',
    ...
    suggest: (...) => {
        ...
        return handleFragment(
            innerText,
            (fragment) => Boolean(_getColumnByName(fragment)),
            getIncompleteSuggestions,
            getCompletedSuggestions
        );
    },
},
{
    name: 'drop',
    ...
    suggest: (...) => {
        ...
        return handleFragment(
            innerText,
            (fragment) => Boolean(_getColumnByName(fragment)),
            getIncompleteSuggestions,
            getCompletedSuggestions
        );
    },
},

Here, the handleFragment helper is used to handle field suggestions in two very similar commands: KEEP and DROP.

Hit list

The text was updated successfully, but these errors were encountered:

elasticmachine · 2024-10-08T13:52:39Z

Pinging @elastic/kibana-esql (Team:ESQL)

drewdaemon · 2024-10-08T15:53:43Z

We should also monitor our bundle sizes during this refactor.

…97744) ## Summary This PR begins the refactor described in #195418. The autocomplete engine now delegates to command-specific routines attached to the command definitions for `KEEP`, `DROP`, and `SORT`. The naming of `getFieldsFor` has been broadened to `getColumnsFor` because the response from Elasticsearch can contain variables as well as fields, depending on the query that is used to fetch the columns. No user-facing behavior should have changed. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: Elastic Machine <[email protected]>

…astic#197744) ## Summary This PR begins the refactor described in elastic#195418. The autocomplete engine now delegates to command-specific routines attached to the command definitions for `KEEP`, `DROP`, and `SORT`. The naming of `getFieldsFor` has been broadened to `getColumnsFor` because the response from Elasticsearch can contain variables as well as fields, depending on the query that is used to fetch the columns. No user-facing behavior should have changed. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: Elastic Machine <[email protected]> (cherry picked from commit 11ae6a5)

…SORT` autocomplete routines (#197744) (#198159) # Backport This will backport the following commits from `main` to `8.x`: - [[ES|QL] separate `KEEP`, `DROP`, and `SORT` autocomplete routines (#197744)](#197744)  ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport)  Co-authored-by: Drew Tate <[email protected]> Co-authored-by: Stratoula Kalafateli <[email protected]>

commit 0b87e90c1889c8318c3a08b401e063318d5f0585 Author: Tim Sullivan <[email protected]> Date: Wed Oct 30 08:10:52 2024 -0700 [Reporting] Unskip and optimize tests that generate test reports (#198207) This PR re-enables test reports that have been consistently failing in the serverless test environment. Investigation shows the reason for flakiness _may_ be due to the fact that the reports are exporting a large amount of data, which causes timeouts, including authentication tokens to time out. To speed up the tests, date range filters and field selections have been added to the report job parameters, which leads to a lower amount of data being exported. The tests that are updated in this PR now generate an export with 2 documents, where previously they were exporting up to 4675 documents. commit c4301d080b9fd595b6cf2313d2053256b0fae89d Author: Rodney Norris <[email protected]> Date: Wed Oct 30 09:39:42 2024 -0500 [Search] Refactor: abstracting classic nav items (#196579) Moved the base set of sidenav items from being statically defined in useEnterpriseSearchNav to using a function that can be shared with the plugin. Additionally wrapped this generation in a `useMemo` to improve performance. This will support the ability to share the classic navigation items for Search to other plugins so that they can render their own UIs without sharing components with enterprise_search just to have access to the side nav defined by enterprise_search. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed --------- Co-authored-by: Elastic Machine <[email protected]> commit b9a5d6a46d4224b70ec1709d4fa97cd1c6295408 Author: Agustina Nahir Ruidiaz <[email protected]> Date: Wed Oct 30 15:38:54 2024 +0100 [Security Solution] Fix code scanning alert (#198142) Fixes [https://github.com/elastic/kibana/security/code-scanning/365](https://github.com/elastic/kibana/security/code-scanning/365) To fix the problem, we need to ensure that both double quotes and backslashes are properly escaped in the `escapeValue` function. This can be achieved by using a regular expression that replaces both characters globally. Specifically, we should replace backslashes with double backslashes (`\\`) and double quotes with escaped double quotes (`\"`). - Update the `escapeValue` function to use a regular expression that handles both double quotes and backslashes. - Ensure that the regular expression has the global flag (`g`) to replace all occurrences of the characters. Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> commit fdd5e0be75483868a096484ee261e5717124af6c Author: Nicolas Chaulet <[email protected]> Date: Wed Oct 30 10:16:54 2024 -0400 [Fleet] Fix update query when change agent policy spaces (#198175) commit 74cf0e4e2bd386ae38a6b8c537545acbd1707022 Author: Sander Philipse <[email protected]> Date: Wed Oct 30 15:04:23 2024 +0100 [AI Assistant] Add scopes telemetry to AI Assistant events (#197983) This adds telemetry to the Observability and Search assistant to judge whether it's search or observability. commit 3a8bd70e835e0467bc5446376345ef7fe1ac4069 Author: Krzysztof Kowalczyk <[email protected]> Date: Wed Oct 30 15:02:28 2024 +0100 Handle DOM storage being disabled (#197798) This PR aims to improve the message shown to users when Kibana can't be started due to disabled DOM storage (#121189). The visuals here follow the same pattern as other fatal errors (see ![image](https://github.com/user-attachments/assets/19832830-49e3-4789-9b83-0c1f14d7980d) The `isDomStorageDisabled` check has to be done before `CoreService` gets instantiated because of issues described below. Closes: #121189 What actually happens when you disable all cookies in a browser? Aside from cookies, the browser disables the whole DOM storage - `localStorage` and `sessionStorage`. Trying to access those will result in an error. `getSessionId`https://github.com/elastic/kibana/blob/3bc5e2db73799dc9c7831b6f9da4a52063cf112f/packages/core/analytics/core-analytics-browser-internal/src/get_session_id.ts#L17 and `isSidenavCollapsed$`https://github.com/elastic/kibana/blob/3bc5e2db73799dc9c7831b6f9da4a52063cf112f/packages/core/chrome/core-chrome-browser-internal/src/chrome_service.tsx#L91 Both of those try to access either `localStorage` or `sessionStorage` and both of those are triggered when you create an instance of `CoreSystem` which gets instantiated in `kbn_bootstrap` https://github.com/elastic/kibana/blob/6ef03697460aba0d3774c0c03fb7fb58c76c00bd/packages/core/root/core-root-browser-internal/src/kbn_bootstrap.ts#L42 Trying to access DOM storage in `CoreSystem` will cause it to throw an error and this means that `FatalErrorService`https://github.com/elastic/kibana/blob/6ef03697460aba0d3774c0c03fb7fb58c76c00bd/packages/core/fatal-errors/core-fatal-errors-browser-internal/src/fatal_errors_service.tsx#L32 will never instantiate and the `failure`https://github.com/elastic/kibana/blob/6ef03697460aba0d3774c0c03fb7fb58c76c00bd/packages/core/rendering/core-rendering-server-internal/src/bootstrap/render_template.ts#L68 function which styles the errors and makes them visible will never trigger and all the user will see is permament `Loading Kibana` spinner. Wrapping `getSessionId` and `isSidenavCollapsed$` in `try-catch` block allows `FatalErrorService` to work properly, which will catch an unhandled exception (`Detected an unhandled Promise rejection.`) with an error about `sessionStorage` being disabled, which gets thrown by `LicensingPlugin` (and possibly in other places). This is not an actual solution though - this behavior would happen again if another line of code trying to access DOM storage gets added to `CoreSystem`. I think it would be best to handle this directly in `kbn_bootstrap.ts` by some check like the one below: ```javascript const isDOMStorageDisabled = () => { try { const key = 'kbn_bootrasrap_domStorageEnabled'; sessionStorage.setItem(key, 'true'); sessionStorage.removeItem(key); return false; } catch (e) { return true; } }; const domStorageDisabled = isDOMStorageDisabled() /* ...some additonal logic */ ``` This would then require some error displaying logic that doesn't use `FatalErrorService`. Looking for some feedback on how to properly solve this. commit 79e64b85dc59708b0d90728eb13b69512e74506f Author: Dzmitry Lemechko <[email protected]> Date: Wed Oct 30 14:47:03 2024 +0100 [ftr] use getopts to fetch server args (#198227) This PR simplifies the code to read server arguments by using `getopts` module as @jbudz suggested. commit e65ca78d444b3ba324b43ea7ab07d08fc1014c13 Author: Gonçalo Rica Pais da Silva <[email protected]> Date: Wed Oct 30 14:43:47 2024 +0100 [Inventory][ECO] Entities Group By View (#195475) This PR introduces the API and Page for doing grouped views for the Inventory Page. Alongside the plain list view, the page now by default shows a grouped view of entities. In this PR, the only current supported grouping is by Entity Type. https://github.com/user-attachments/assets/a07db592-d6c6-4ec1-a00b-bb469908aa6a Tests TBA - Navigate to the new Inventory Page - By default, the page should load into a grouped view (Type) - The page should show all entities currently grouped by their type. - If a group has enough entities, pagination navigation should only apply to the list within the group. - The plain list view should function same as before. - Using the search/filter bar should function the same with grouped and list view. Closes #194740 --------- Co-authored-by: Bryce Buchanan <[email protected]> Co-authored-by: kibanamachine <[email protected]> Co-authored-by: Elastic Machine <[email protected]> commit b7beae8e19b63d0381410be5f6917ac593cd430f Author: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com> Date: Wed Oct 30 08:27:14 2024 -0500 Update dependency @types/lodash to ^4.17.13 (main) (#198275) Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com> commit 6645e747070e1b7bf687227776acda2ae136fc75 Author: Julia <[email protected]> Date: Wed Oct 30 13:54:58 2024 +0100 [ResponseOps][MaintenanceWindow] Introduce pagination for MW find API (#197172) Fixes: https://github.com/elastic/kibana/issues/193076 This PR introduce pagination for our MW find API. How to test: Use postman/insomnia/curl. Do not forget to add this header: `x-elastic-internal-origin: Kibana`, because this endpoint in internal. Basically you need to do something like this: ``` GET http://localhost:5601/top/internal/alerting/rules/maintenance_window/_find?page=3&per_page=3 ``` Try different page and per_page combination. Try without them. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed --------- Co-authored-by: kibanamachine <[email protected]> commit fd615c72e6480baf6473cfc9120a99d4f27f6d9e Author: Paul Tavares <[email protected]> Date: Wed Oct 30 08:38:38 2024 -0400 [Security Solution][Endpoint] Add step to the security solution plugin `start` phase (non-blocking) to check endpoint policy indices (#198089) - adds a step to the plugin `start` phase to retrieve all Endpoint policies from Fleet and check to ensure they have backing DOT indices. - This is a follow up to PR #196953 - this check will be removed once it is deployed to Serverless, since it only needs to run once in that flavor of kibana commit 811a23830bb60b7b56e08060bc9742fd232a5a8e Author: Julia Rechkunova <[email protected]> Date: Wed Oct 30 13:35:15 2024 +0100 [OneDiscover] Contextual App Menu Extension Point (#195448) - Closes https://github.com/elastic/kibana/issues/194269 This PR introduces a new extension point `getAppMenu` which allows to: - add custom App Menu items (as a button or a submenu with more actions) - extend Alerts menu item with more custom actions Additionally, this PR rearranges the existing Discover menu items. The primary actions are rendered as an icon only now. ![Oct-16-2024 17-43-29](https://github.com/user-attachments/assets/dbb67513-05bb-43a4-bd7b-cf958c58a167) The example usage of the new extension point can be found in https://github.com/elastic/kibana/blob/e7964f08e3c13bba36d13823575e54b40fabd9bc/src/plugins/discover/public/context_awareness/profile_providers/example/example_data_source_profile/profile.tsx#L81-L168 1. Add `discover.experimental.enabledProfiles: ['example-root-profile', 'example-data-source-profile', 'example-document-profile']` to `kibana.dev.yml` 2. Run the following in DevTools ``` POST _aliases { "actions": [ { "add": { "index": "kibana_sample_data_logs", "alias": "my-example-logs" } } ] } ``` 3. Create and use Data View with `my-custom-logs` index pattern - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)) - [x] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers) --------- Co-authored-by: kibanamachine <[email protected]> Co-authored-by: Davis McPhee <[email protected]> Co-authored-by: Davis McPhee <[email protected]> commit 496a65230262cb99d72673ade454ece5b380ddf5 Author: Shahzad <[email protected]> Date: Wed Oct 30 13:32:17 2024 +0100 [Synthetics] For lens embeddable apply styling workaround for panel border !! (#198270) Fixes https://github.com/elastic/kibana/issues/198273 For lens embeddable apply styling workaround for panel border !! <img width="1726" alt="image" src="https://github.com/user-attachments/assets/df2bcc4c-d069-44a7-99c3-59696566a6b3"> commit 40edfe1496348997d4f4a48654882fd0dc1d1a85 Author: Pablo Machado <[email protected]> Date: Wed Oct 30 13:28:10 2024 +0100 [SecuritySolution] Fix Pagination should reset when a new filter is applied to the entity table (#198129) Fix "Pagination should reset when a new filter is applied to the entity table" * Extra changes: I demoted some error logs to warning as part of https://github.com/elastic/security-team/issues/10951 https://github.com/user-attachments/assets/16357db1-5e77-4c7f-ae94-9371d71c4970 * Start kibana with data * Navigate to the security solution / entity analytics dashboard * Start the entity store * Navigate between pages and change the filter, sorting, and query. commit e3c080750ca703f8240f6d47be0285c46f6e1632 Author: Jeramy Soucy <[email protected]> Date: Wed Oct 30 13:04:35 2024 +0100 Fixes session timeout toast countdown (#198266) A regression was introduced when upgrading to react-intl v6, and the `FormattedRelative` component was replaced by the `FormattedRelativeTime` component. The new component requires an addition property be specified in order to have the same behavior as the previous - formatting seconds > 60 as minutes, and counting down when below 1 minute. This PR adds the `updateIntervalInSeconds` property to the `FormattedRelativeTime` component of the session expiration toast. This PR also adds a unit test case to check the time format when > 60s remain. 1. Add the following Kibana configuration setting ``` xpack.security.session.idleTimeout: "2m" # can be anything over 1m, shorter is better for testing ``` 2. Start ES & Kibana, log in 3. Verify the session expiration toast appears and first displays minutes. Leave the toast open. 4. Verify that after 1 minute, the toast begins counting down seconds 5. Repeat the test from main and verify that the toast only shows the initial number of seconds A bug was fixed that caused the session expiration toast to incorrectly render the remaining time. commit 05efaaaab7fe1ea386833627df5a24956cc26530 Author: Dzmitry Lemechko <[email protected]> Date: Wed Oct 30 11:55:22 2024 +0100 [ftr] update svl shared config with cluster settings (#196336) Adding Elasticsearch cluster settings to replicate MKI cluster setup for FTR. commit e3f3e27fdf6dd7ce369ce52ef937ef839e08233f Author: James Gowdy <[email protected]> Date: Wed Oct 30 10:55:10 2024 +0000 [ML] Removing anomaly detection scss files (#197447) Removes last remaining scss files in favour of inline css with emotion. **Before** ![image](https://github.com/user-attachments/assets/16910734-8e28-459c-b798-d55d7ab10323) **After** ![image](https://github.com/user-attachments/assets/5f8a07b7-8796-4302-af24-6facebeb3b48) **Before** ![image](https://github.com/user-attachments/assets/06657e7f-b913-4393-aeaa-50fc0c53831c) **After** ![image](https://github.com/user-attachments/assets/fd9eab67-ab91-45c6-9ad9-5addce40a76e) commit 0ee968480cac02640939a552276aaf4213fbd43d Author: Mykola Harmash <[email protected]> Date: Wed Oct 30 11:54:15 2024 +0100 [Observability Onboarding] Change CTA for System integration in Auto Detect (#197836) Closes https://github.com/elastic/observability-dev/issues/4053 🔒 * Adds an option to specify metadata for integrations installed from registry as a third parameter in the TSV provided to the `/integrations/install` endpoint. For now only `system` integration has metadata with a hostname, but it's made generic to support other integrations when needed. * Changes CTA for the System integration to point to the Host details * Adds sorting in the detected integrations in the UI to alway show System integration at the top commit 731c5a4b091bfe27968b75e42e62b249acbb045c Author: Arturo Lidueña <[email protected]> Date: Wed Oct 30 11:45:28 2024 +0100 [Observability AI Assistant] Input box can be resized off-screen (elastic #181408) (#197063) fixes [181408](https://github.com/elastic/kibana/issues/181408) This PR addresses the issue where the Observability AI Assistant input box can be resized outside the boundaries of the browser window. Allows the input box to resize dynamically while ensuring it remains usable, even when the cursor moves outside the screen during resizing. commit 4d4de51af979acb79e807408393ce89bdc24d0bc Author: Pablo Machado <[email protected]> Date: Wed Oct 30 11:26:12 2024 +0100 [SecuritySolution] Update Entity Store transform to read frequency and delay from config (#197992) Update Entity Store transform to read frequency and delay from config. New Config: ``` xpack.securitySolution.entityAnalytics.entityStore.frequency: '60s' xpack.securitySolution.entityAnalytics.entityStore.syncDelay: '60s' ``` * Update Kibana config * Start the entity store *** If you update the config after the entity store is installed it has no effect commit 75195b4155718ba186ff5354e2a06369cc224279 Author: Julia Rechkunova <[email protected]> Date: Wed Oct 30 10:45:06 2024 +0100 [Discover] Update docs to remove discover:showLegacyFieldTopValues (#197981) This PR updates docs as a followup for https://github.com/elastic/kibana/pull/155503 - [x] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials Co-authored-by: Davis McPhee <[email protected]> commit 03c8c4a9cc8144584f2410c753dea2d01b724a82 Author: Joe Reuter <[email protected]> Date: Wed Oct 30 10:18:59 2024 +0100 [Observability Onboarding] Adjust wording for instrumentation and doc links (#198164) Closes https://github.com/elastic/kibana/issues/197620 ![Image](https://github.com/user-attachments/assets/e94dd9ff-bd5b-49a6-9b39-fdf54a4e3e58) * Newly introduced cert-manager doc link goes to https://ela.st/8-16-otel-cert-manager * Instrumentation docs link goes to https://ela.st/8-16-otel-apm-instrumentation * Code sample for instrumentation replaced --------- Co-authored-by: Mykola Harmash <[email protected]> commit 7cad9c31f63274e85d74256472b5d77707279b37 Author: Julia <[email protected]> Date: Wed Oct 30 09:50:12 2024 +0100 [ResponseOps][Cases] Introduce number custom field type (#195245) Issue: https://github.com/elastic/kibana/issues/187208 In this PR I've added new number custom field. It includes both: FE and BE. Only safe integers (the safe integers consist of all integers from -(2^53 - 1) to 2^53 - 1) are allowed as values. Testing: For testing Postman/Insomnia can be used. Go to Case - Settings. New configure will be created. After that you can use this endpoint: `PATCH http://localhost:5601/hcr/api/cases/configure/7377ed43-af0c-46f1-bbe5-fd0b147d591d` <details><summary>Body looks something like this:</summary> { "closure_type": "close-by-user", "customFields": [ { "type": "number", "key": "54d2abf2-be0e-4fec-ac33-cbce94cf1a10", "label": "num", "required": false, "defaultValue": 123 }, { "type": "number", "key": "6f165838-a8d2-49f7-bbf6-ab3ad96d0d46", "label": "num2", "required": false, "defaultValue": -10 } ], "templates": [], "connector": { "id": "none", "type": ".none", "fields": null, "name": "none" }, "version": "WzIyLDFd" } </details> ![Screenshot 2024-10-07 at 16 23 15](https://github.com/user-attachments/assets/2d769049-e339-47bb-a17d-189569b8785d) Try different numbers: positive and negative. Try to add not number types as a default value with `"type": "number"` - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: kibanamachine <[email protected]> commit 5576316abadc4115020f2e22bd823b413c8e98a2 Author: mohamedhamed-ahmed <[email protected]> Date: Wed Oct 30 08:43:35 2024 +0000 [Stream] Fix callout privileges (#198030) closes https://github.com/elastic/kibana/issues/197044 closes https://github.com/elastic/kibana/issues/197988 The PR targets fixing 3 bugs: 1. The callout shouldn't be shown if `Logs Explorer` isn't available, otherwise the link displayed in the callout will cause a problem. [Fix here](https://github.com/elastic/kibana/pull/198030/files#diff-8c5f793d1bf0d933c73047f31ded8a5a65f91e4f8d5230fc4e40dfb9b245fec1R66) 2. The callout shouldn't be shown if `Logs Explorer` is available but the user doesn't have privilege to access it, otherwise we end up in `Application Not Found` page. [Fix here](https://github.com/elastic/kibana/pull/198030/files#diff-8c5f793d1bf0d933c73047f31ded8a5a65f91e4f8d5230fc4e40dfb9b245fec1R66) 3. The side nav entry for `Logs Explorer` should be hidden if `Logs Explorer` is disabled. [Fix here](https://github.com/elastic/kibana/pull/198030/files#diff-ad4e42fbe4d2a7a99ec5d52fbf127ded12f0efe02a10e3afa0409b40be1f4bcfR397) commit ac5c74a443646ec90d6b4fd86a1fce6ae28c97b3 Author: Philippe Oberti <[email protected]> Date: Wed Oct 30 03:33:04 2024 -0500 [Security Solution][Notes] - fix the notes link that is shown twice in the search bar (#198200) This PR fixes a minor inconvenience where the Kibana search bar was showing 2 entries for the new Notes management page. | Before fix | After fix | | ------------- | ------------- | | ![Screenshot 2024-10-29 at 11 53 44 AM](https://github.com/user-attachments/assets/77bd4b5a-d8d4-4f4f-8378-6aff1ec1b00b) | ![Screenshot 2024-10-29 at 11 53 19 AM](https://github.com/user-attachments/assets/d138e307-b4ea-473b-9102-eb7e7b540bff) | Notes: this fix does not fix an issue happening in the space-specific search, where Notes, Timelines and maybe other entries are appearing twice. That issue seems to be related to the way we are removing then adding back links to work with the new navigation. I looked into it but could not find a way to fix yet, so this will be part of a follow up PR https://github.com/elastic/kibana/issues/197694 commit ec72eb22239838e58e277d28a8b0faf4d3acff59 Author: Dzmitry Lemechko <[email protected]> Date: Wed Oct 30 09:32:40 2024 +0100 [kbn-test] fix junit report test for local run (#198120) When I run test locally with `node scripts/jest --config packages/kbn-test/jest.config.js`, it fails with ``` FAIL packages/kbn-test/src/mocha/junit_report_generation.test.js ● dev/mocha/junit report generation › reports on failed setup hooks expect(received).toEqual(expected) // deep equality - Expected - 1 + Received + 1 @@ -1,7 +1,7 @@ Object { - "command-line": "node scripts/jest --config=packages/kbn-test/jest.config.js --runInBand --coverage=false --passWithNoTests", + "command-line": "node node_modules/jest-worker/build/workers/processChild.js", "failures": "2", "metadata-json": "{}", "name": "test", "skipped": "1", "tests": "4", ``` This PR uses `process.env.CI` as a condition to apply different value for `command-line` property so test will pass locally too. commit 84e04356e744950bf79c2e59a98740c416508484 Author: Kibana Machine <[email protected]> Date: Wed Oct 30 17:32:08 2024 +1100 [api-docs] 2024-10-30 Daily api_docs build (#198250) Generated by https://buildkite.com/elastic/kibana-api-docs-daily/builds/876 commit 367add60f24baabbb40cb62c20eae06731920922 Author: Tiago Costa <[email protected]> Date: Wed Oct 30 04:56:40 2024 +0000 skip flaky suite (#192144) commit 11f2f14b054869ae9e01db3539bc971f28a7f3c5 Author: Tiago Costa <[email protected]> Date: Wed Oct 30 04:54:41 2024 +0000 skip flaky suite (#171177) commit 60c84ef1b55ec6e353d459e09a2de6ba1e2fc53b Author: Tiago Costa <[email protected]> Date: Wed Oct 30 04:51:53 2024 +0000 skip flaky suite (#174682) commit 7a5c06fd36787947cd17ee4ba7f0980635bf63fd Author: Kibana Machine <[email protected]> Date: Wed Oct 30 15:50:22 2024 +1100 skip failing test suite (#198066) commit b5d4601e01e3109763c8f8c05fe8ce78045c589e Author: Ryan Keairns <[email protected]> Date: Tue Oct 29 19:13:41 2024 -0700 Change spaces button loading design (#197922) Closes #197916 One less loading spinner. Instead, uses a skeleton loader for a load-in-place effect that is visually less busy and jumpy. *Before* <img width="420" src="https://github.com/user-attachments/assets/33ae37bf-c196-4bbf-a26e-ad469d7f3134" /> *After* https://github.com/user-attachments/assets/33cc2d39-2895-4c53-8903-9c3b18d586f9 commit f102ace317700a1841ec77c84c77f76041157746 Author: Mohamed Abdelgaber <[email protected]> Date: Wed Oct 30 02:53:09 2024 +0300 [8.15] [Kibana data view] Fix issue empty user-hash in data view request headers (#197863) to fix not compliant HTTP request Fix not compliant HTTP request for example, request "GET /s/<space>/internal/data_views/fields?pattern=abc" Sometimes request headers have a user-hash field with an empty value and this makes the request not HTTP compliant in some scenarios the request will be dropped by WAF or by another security edge for example. ![image](https://github.com/user-attachments/assets/de606665-12e6-475c-a2e4-c2e594957f11) --------- Co-authored-by: kibanamachine <[email protected]> Co-authored-by: Elastic Machine <[email protected]> Co-authored-by: mabdelgaber.SEC <[email protected]> commit a098aaaac798d5158deccb21b00e60e41ea71d54 Author: Steph Milovic <[email protected]> Date: Tue Oct 29 17:17:24 2024 -0600 [Security solution] Knowledge base tour video update (#198158) commit 248119ec8c506311f8d24a35ccae318e066b3026 Author: José Luis González <[email protected]> Date: Tue Oct 29 23:18:49 2024 +0100 [Search][Connectors] Create connector via try in console (#197757) This PR enables the possibility of creating a connector opening the embedded console in the start step. ![CleanShot 2024-10-28 at 10 00 04](https://github.com/user-attachments/assets/bf2c0a89-1c18-4fcd-8c2b-4fbbe3ef80a9) --------- Co-authored-by: Liam Thompson <[email protected]> Co-authored-by: Elastic Machine <[email protected]> commit aec93bf043619cde2d6b3fecace70cd4c3c56e94 Author: José Luis González <[email protected]> Date: Tue Oct 29 23:17:04 2024 +0100 [Search][Connectors] Confirmation modal before leaving the connector creation flow (#197646) This PR shows a confirmation modal when users leave the connectors creation flow before providing all necessary info, asking for intentional confirmation after leaving the experience. Setting `isFormDirty = true` only after generating the connectors config and letting users leave the experience setting `isFormDirty = false` when we arrive to the Finish up step ![CleanShot 2024-10-24 at 18 56 11](https://github.com/user-attachments/assets/90f355e2-d227-4d2a-a45e-bcfbb743d588) --------- Co-authored-by: kibanamachine <[email protected]> Co-authored-by: Elastic Machine <[email protected]> Co-authored-by: Jedr Blaszyk <[email protected]> commit b91fa562bb7663a119fdd9c22054560960f625a0 Author: Hannah Mudge <[email protected]> Date: Tue Oct 29 16:07:45 2024 -0600 [Dashboard] [Collapsable Panels] Reduce re-renders (#197343) Closes https://github.com/elastic/kibana/issues/191131 This PR greatly reduces the number of React re-renders that happen as panels get dragged around and/or resized. Now, the actions that trigger a panel to get rendered are as follows: 1. Obviously, when the grid first loads, every panel has to be rendered. 2. When a panel gets dragged from one row to the next, both the original row and the new row will re-render all of their panels because the panel IDs in both rows changed - however, because of the `key` prop on the `GridPanel` component, only the **dragged** panel will actually be fully re-mounted. 3. When a panel gets collapsed and expanded, all panels in that row will get re-mounted and rendered. 4. When a panel ID gets changed (this currently isn't possible, but in theory, this would also trigger the panel to get re-rendered due to the `key` prop on the `GridPanel` component) In order to accomplish this, we are now handling **all style changes** via a subscription rather than setting the CSS directly; so, as the `gridLayout$` behaviour subjects publishes changes, we update the row + panel styles via the panel reference. This allows us to change how the grid looks without triggering React to rerender the entire panel. **How to Test:** Add a `console.log` to the `renderPanelContents` in `examples/grid_example/public/app.tsx` - this will tell you when a panel is getting re-rendered. - [x] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers) - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels) - [ ] This will appear in the **Release Notes** and follow the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --------- Co-authored-by: kibanamachine <[email protected]> commit 641d9159451447484f3940f0b1c17438472fea5c Author: Kerry Gallagher <[email protected]> Date: Tue Oct 29 22:04:01 2024 +0000 [Observability] Update breadcrumbs for observability project based navigation (#196785) ~⚠️ I'm still putting out some fires with tests, but this is ready to start being reviewed.~ A continuation of https://github.com/elastic/kibana/pull/196169 for Observability (please read that PR description first). Related: https://github.com/elastic/kibana/issues/192050 There are essentially three types of breadcrumbs - serverless (which is project style), stateful project style (set through spaces settings), and classic style (the old breadcrumbs we've seen for years). Whilst serverless and stateful project style both use the project based style the navigation trees are slightly different, so the breadcrumbs results are not identical [when they derive the "nav crumbs"](https://github.com/elastic/kibana/blob/9577aa980dd1565fba05e34292fb5c0bba692889/packages/core/chrome/core-chrome-browser-internal/src/project_navigation/breadcrumbs.tsx#L55). Here "project style" will refer to serverless and stateful project style. In these changes I've, for the most part, tried to refactor things so Observability solutions route their breadcrumbs through the observability-shared `useBreadcrumbs` hook, this way the logic around project style, adding an Observability crumb in classic etc is consolidated in one place. [For several solutions `absolute` breadcrumbs are being used](https://github.com/elastic/kibana/blob/9577aa980dd1565fba05e34292fb5c0bba692889/packages/core/chrome/core-chrome-browser-internal/src/project_navigation/breadcrumbs.tsx#L46), and this means we'll roughly have the same breadcrumbs across the 3 experiences (bar Observability being prepended). Teams may want to refine this going forward to pass curated breadcrumbs that take into account the navigation derived "nav crumbs" (again, bearing in mind the trees from serverless and project based chrome do differ), and not use absolute mode. APM is an example of this at the moment. Right now this is an 8.16 bug though, so this aims to make things acceptable, but not necessarily perfect. - Project style chrome crumbs have been modelled off the serverless ones. The navigation trees here are the same so this should be fine. - The `infra` `useBreadcrumbs` hook has been removed, it was only being used by logs. Logs now goes via the Observability shared hook using `classicOnly`. - Metrics (`useMetricsBreadcrumbs` hook) has been slightly amended to route more of it's logic through the shared hook. - Wasn't setting any nested breadcrumbs at the moment so the logic has been simplified to just set some classic crumbs, and defer the rest to the nav crumbs via the shared hook. - Removed custom logic around prepending Observability, adding link handlers etc in favour of the shared hook. - Simple breadcrumb needs so these are mostly setting `classicOnly` and deferring to the nav crumbs in project style. Several solutions have had their usage of the shared hook updated to pass in the `serverless` plugin. This was missing before, so calls to `serverless.setBreadcrumbs` weren't explicitly happening. - Add the following to your `kibana.dev.yml`: ```yml xpack.cloud.id: "ftr_fake_cloud_id:aGVsbG8uY29tOjQ0MyRFUzEyM2FiYyRrYm4xMjNhYmM=" xpack.cloud.base_url: "https://cloud.elastic.co" ``` - For testing stateful project style chrome you'll need to go to Stack Management > Spaces and change the solution view: ![Screenshot 2024-10-21 at 12 44 21](https://github.com/user-attachments/assets/e3d9fe64-f79f-4e31-a5b6-45a06ca4915d) - Set the above to Classic to test classic breadcrumbs. - As a reviewer please check your solution against the 3 modes. Before these changes we'd see something like the following in APM: ![Screenshot 2024-10-11 at 10 56 54](https://github.com/user-attachments/assets/4938b31e-9d4a-429e-abf0-add04d69b62a) Now we'll see something like this in project style: ![Screenshot 2024-10-21 at 12 48 54](https://github.com/user-attachments/assets/0645a3ae-909e-4a70-a077-d9f83bd1d639) commit eb22f011b44168644145e840d80905278fdd4c5a Author: Jon <[email protected]> Date: Tue Oct 29 17:00:41 2024 -0500 [ci] Use es snapshot cache on miscellaneous steps 2 (#198078) Adds the remaining steps missing snapshot loading from cache that I missed on the first loop. commit 17e72dd7ae43028ea481bbff417b85e8efebad39 Author: Jon <[email protected]> Date: Tue Oct 29 16:57:02 2024 -0500 [ci] Fix cloud deployments (#198086) Our build scripts are relying on a step that was removed in https://github.com/elastic/elasticsearch/pull/115357. The image that was produced by this script is eventually consumed by cloud deployments from pull requests. This updates our scripts to use the cloud-ess variant instead. There should not be any functional difference. We'll need the image to go through our promotion pipeline to be tested via label. https://buildkite.com/elastic/kibana-elasticsearch-snapshot-build/builds/4673 commit 4fb4282509e0a5f7605433a5ef8f9e9085647282 Author: Philippe Oberti <[email protected]> Date: Tue Oct 29 16:00:20 2024 -0500 [Security Solution][Notes] - switch the securitySolutionNotesEnables feature flag to securitySolutionNotesDisabled (#196778) This PR switches the `securitySolutionNotesEnabled` to `securitySolutionNotesDisabled` (with a `false` value by default) to enable the new Notes functionality in `8.16`. Customers can set the new `securitySolutionNotesDisabled` feature flag to true in their environment if they want to go back to the old notes system. The PR also fixes a tiny bug with the badge showing the number of notes in the Timeline Notes tab. The new system was not taking into account a timeline description, so if the timeline had a description the number of notes was always 1 lower than the actual number of notes displayed below. This issue was highlighted by a Cypress test! The goal is to remove the old system entirely within a few releases (maybe `8.18` or `9.0`). - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios https://github.com/elastic/kibana/issues/189879 commit 81856bc8431daf83c972a65c6b8b0e312f8477a6 Author: Shahzad <[email protected]> Date: Tue Oct 29 21:00:40 2024 +0100 [Fleet] Prevent duplication of managed policy !! (#197575) Fixes https://github.com/elastic/kibana/issues/194149 Prevent duplication of managed policy !! <img width="1594" alt="image" src="https://github.com/user-attachments/assets/f386a287-4f9e-4307-ba84-98f3ea807ef9"> commit dd90b67a87976c4fcb6b778860200e9c21560013 Author: Ying Mao <[email protected]> Date: Tue Oct 29 15:20:12 2024 -0400 [Response Ops][Actions] Remove deprecated HTTP APIs (#197510) Resolves https://github.com/elastic/kibana/issues/90382 Removes legacy action APIs for 9.0 and updates all tests that still used the legacy APIs to use the current APIs. Also did some renaming of action -> connector in the files I had to touch. Co-authored-by: Elastic Machine <[email protected]> commit c7b8ca00de0cec5cd99db6e4a218ad40dde27369 Author: Mohamed Nabeel <[email protected]> Date: Tue Oct 29 22:10:37 2024 +0530 Fix Typo: Change 'dashaboard' to 'dashboard' on APM-service Dashboards page #195773 (#196969) **Title:** Fix Typo: Change 'dashaboard' to 'dashboard' on APM-service Dashboards page **Description:** This PR fixes a typo on the "Dashboards" page for APM-service. The typo "dashaboard" has been corrected to "dashboard" to ensure proper functionality and readability. closes #195773 **Changes Made:** - Corrected the typo in the text "To get started, add your dashaboard" to "To get started, add your dashboard." **Testing:** - Verified the change on the Dashboards page for APM-service. - Ensured no other instances of the typo exist in the codebase. **Release note:** Fixes a typo on the "Dashboards" page for APM-service, changing 'dashaboard' to 'dashboard'. **Additional Notes:** No additional notes. Summarize your PR. If it involves visual changes include a screenshot or gif. Delete any items that are not applicable to this PR. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [x] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) - [x] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US)) - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [x] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)) - [x] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers) Delete this section if it is not applicable to this PR. Before closing this PR, invite QA, stakeholders, and other developers to identify risks that should be tested prior to the change/feature release. When forming the risk matrix, consider some of the following examples and how they may potentially impact the change: | Risk | Probability | Severity | Mitigation/Notes | |---------------------------|-------------|----------|-------------------------| | Multiple Spaces—unexpected behavior in non-default Kibana Space. | Low | High | Integration tests will verify that all features are still supported in non-default Kibana Space and when user switches between spaces. | | Multiple nodes—Elasticsearch polling might have race conditions when multiple Kibana nodes are polling for the same tasks. | High | Low | Tasks are idempotent, so executing them multiple times will not result in logical error, but will degrade performance. To test for this case we add plenty of unit tests around this logic and document manual testing procedure. | | Code should gracefully handle cases when feature X or plugin Y are disabled. | Medium | High | Unit tests will verify that any feature flag or plugin combination still results in our service operational. | | [See more potential risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) | - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels) - [ ] This will appear in the **Release Notes** and follow the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --------- Co-authored-by: Cauê Marcondes <[email protected]> Co-authored-by: Nathan L Smith <[email protected]> Co-authored-by: jennypavlova <[email protected]> commit 85fd147d0162e19999a1f27aea59d7bfbb0b47b4 Author: Raya Fratkina <[email protected]> Date: Tue Oct 29 12:09:50 2024 -0400 Expand README (#197880) Adds a bit more general background, intro to concepts, and guidelines about what to use FF for and what not to Delete any items that are not applicable to this PR. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) - [ ] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US)) - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)) - [ ] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers) Delete this section if it is not applicable to this PR. Before closing this PR, invite QA, stakeholders, and other developers to identify risks that should be tested prior to the change/feature release. When forming the risk matrix, consider some of the following examples and how they may potentially impact the change: | Risk | Probability | Severity | Mitigation/Notes | |---------------------------|-------------|----------|-------------------------| | Multiple Spaces—unexpected behavior in non-default Kibana Space. | Low | High | Integration tests will verify that all features are still supported in non-default Kibana Space and when user switches between spaces. | | Multiple nodes—Elasticsearch polling might have race conditions when multiple Kibana nodes are polling for the same tasks. | High | Low | Tasks are idempotent, so executing them multiple times will not result in logical error, but will degrade performance. To test for this case we add plenty of unit tests around this logic and document manual testing procedure. | | Code should gracefully handle cases when feature X or plugin Y are disabled. | Medium | High | Unit tests will verify that any feature flag or plugin combination still results in our service operational. | | [See more potential risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) | - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels) - [ ] This will appear in the **Release Notes** and follow the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --------- Co-authored-by: Alejandro Fernández Haro <[email protected]> commit ae86b54a364d87b15a27f7252eea649c1fc6a722 Author: Alex Szabo <[email protected]> Date: Tue Oct 29 16:57:01 2024 +0100 [CI] Fix project build & deploy job (#196562) In #195581 we've added the option to deploy through the clickable triggers. But in it's current state, it's broken in several aspects. (1) It's not starting on click. Triggers was resulting in a 422 on Buildkite's side, and after digging more into it, this was the error: <img width="1019" alt="Screenshot 2024-10-16 at 16 53 13" src="https://github.com/user-attachments/assets/f602dde9-2cc4-474f-b432-a3d4f9d5ae91"> Apparently, building PRs needs to be enabled on jobs that want to be triggered through the PR bot. (2) It is set up to run regardless of the labels (3) There's no feedback on runs This PR: - enables buildability in the pipeline's config - exits early if deploy labels are missing - adds a comment on the PR if a deploy job is started or finished - removes the kibana build step, it's not needed, as we have a step to build the docker image TODO: - [x] Add feedback about a started job (either through a non-required check, or a github comment) - [x] Early exit if a label is missing There are several other builds started right now, because the logic that would trigger a build on changing a draft to ready. To be fixed in https://github.com/elastic/buildkite-pr-bot/issues/78 Tested after manually by enabling the option on the UI, and triggering through the checkbox: https://buildkite.com/elastic/kibana-deploy-project-from-pr/builds/23 commit 11ae6a5bd9a06a4402e8af5173b0b0efcf5f52fc Author: Drew Tate <[email protected]> Date: Tue Oct 29 09:50:30 2024 -0600 [ES|QL] separate `KEEP`, `DROP`, and `SORT` autocomplete routines (#197744) This PR begins the refactor described in https://github.com/elastic/kibana/issues/195418. The autocomplete engine now delegates to command-specific routines attached to the command definitions for `KEEP`, `DROP`, and `SORT`. The naming of `getFieldsFor` has been broadened to `getColumnsFor` because the response from Elasticsearch can contain variables as well as fields, depending on the query that is used to fetch the columns. No user-facing behavior should have changed. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: Elastic Machine <[email protected]> commit 669dc381bfc671637d4763930c8b4ede7ad7fbf3 Author: Melissa Alvarez <[email protected]> Date: Tue Oct 29 09:41:57 2024 -0600 [ML] Data Frame Analytics: removing scss overrides for exploration pages (#197724) Related meta issue: https://github.com/elastic/kibana/issues/140695 Regression model evaluation before: <img width="1455" alt="image" src="https://github.com/user-attachments/assets/cfdb794d-4576-4c10-96c1-0b3856857cdd"> After: <img width="1455" alt="image" src="https://github.com/user-attachments/assets/4c2bbdf3-85ef-489e-bc3a-1281d3531328"> Classification evaluation before: <img width="1474" alt="image" src="https://github.com/user-attachments/assets/e565cac3-8c1d-4e4f-8cac-7ea8abf4358d"> After switching fully to flex layout as we no longer support IE11 and all the workarounds were no longer needed (Note it's all left aligned now): <img width="1467" alt="image" src="https://github.com/user-attachments/assets/280ea446-17fc-4622-a925-57ef6c01cd89"> Delete any items that are not applicable to this PR. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) - [ ] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US)) - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)) - [ ] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers) --------- Co-authored-by: Elastic Machine <[email protected]> commit 88ebb55fc775d6bb04dc3b21f04a6be1ba1a09dc Author: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com> Date: Tue Oct 29 06:36:48 2024 -0500 Update dependency @launchdarkly/node-server-sdk to ^9.6.1 (main) (#196897) commit 5983137ace057758fc3433b4297514f63f6db255 Author: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com> Date: Tue Oct 29 06:25:14 2024 -0500 Update docker.elastic.co/wolfi/chainguard-base:latest Docker digest to 1815394 (main) (#198099) This PR contains the following updates: | Package | Update | Change | |---|---|---| | docker.elastic.co/wolfi/chainguard-base | digest | `de4d5b0` -> `1815394` | --- 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://togithub.com/renovatebot/renovate).  Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com> commit 67d96e3585b690662750173898ce579c52a89522 Author: Tiago Vila Verde <[email protected]> Date: Tue Oct 29 12:13:14 2024 +0100 [Entity Analytics] [Entity Store] Telemetry (#196880) This PR adds telemetry for the Entity Store. Client side tracks UI enablement actions, whilst Kibana side tracks execution time of the store initialisation process and execution time of the enrich policy task. Finally we also track number of entities in the store commit b4ed7a1945f5ea5b76be36833cdf11e28641cf8f Author: Maxim Kholod <[email protected]> Date: Tue Oct 29 11:53:23 2024 +0100 [Cloud Security] add vulnerabilties data set to filter for links from CNVM dashboard (#197648) - fixes https://github.com/elastic/security-team/issues/10915 commit db18039dc40bc0e994be666a83a28a0452a0c6e2 Author: Gergő Ábrahám <[email protected]> Date: Tue Oct 29 11:52:36 2024 +0100 [EDR Workflows] Improve on unavailable shard exception flakiness in cypress (#197864) The cypress task `cy.task('indexEndpointHosts')` sometimes throws `no_shard_available_action_exception`, when transforms are stopped. This looks like a temporary issue, and in other tests it is simply retried. This PR adds the retry logic for this type of error, and unskips some tests. closes #194135 closes #191914 Delete any items that are not applicable to this PR. - [x] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed commit e5eb58a533ec34e1484340f4e11a0a61083b1572 Author: Tomasz Ciecierski <[email protected]> Date: Tue Oct 29 11:35:07 2024 +0100 [EDR Workflows] Skip Osquery test in MKI (#198117) commit d23dce0080f8c7815188aa244f98c526d84ee45e Author: Joe Reuter <[email protected]> Date: Tue Oct 29 11:28:22 2024 +0100 [Observability Onboarding] Set tech preview badges correctly (#197831) As discussed, adjust the first onboarding page: * Remove tech preview labels from EA flows * Change wording <img width="857" alt="Screenshot 2024-10-25 at 15 23 47" src="https://github.com/user-attachments/assets/ceffbe90-019d-4fa8-ab6f-16cbf0aaf3d4"> <img width="814" alt="Screenshot 2024-10-25 at 15 23 59" src="https://github.com/user-attachments/assets/4f5cf657-6fd2-479f-aa92-9460bc2ecfef"> commit 3c7268d6ca18efa4bde7c398fe659202fc8b457d Author: Ido Cohen <[email protected]> Date: Tue Oct 29 11:41:37 2024 +0200 [Cloud Security] Fix flaky metering tests commit 735b2de08a5ab8d4b65e101cca6a044372726627 Author: jennypavlova <[email protected]> Date: Tue Oct 29 09:43:20 2024 +0100 [ObsUx][Infra] Unskip and try to fix hosts view test (#197861) Closes #191806 The parts of the unskipped test were fixed here - the only case I couldn't find the reason for failing after unskipping it is `should have an option to open the chart in lens` - for some reason, the whole menu is gone when checking the CI and I couldn't reproduce that so this will be the only skipped part so we can at least have all the other `Hosts view` tests commit 3131dd9bfa1ee28fa12f90bb6ae8060da9e44665 Author: jennypavlova <[email protected]> Date: Tue Oct 29 09:42:43 2024 +0100 [Infra] Fix anomalies flyout navigation failing test (#197999) Closes #192882 The issue was that the url was checked too early which resulted in checking the locator url instead of the page url after navigating so I added a check for loading before the URL check and this solved the issue. https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7284 commit 9622f62153f597ea91b34f7e2c877fe70b30f231 Author: Maxim Palenov <[email protected]> Date: Tue Oct 29 10:36:33 2024 +0300 [Security Solution][Hotfix] Avoid blocking prebuilt rule upgrade upon conflicts with disabled feature flag (#198106) It turned out some of the update rule buttons are disabled. This is a side effect of the functionality not fully hidden under a feature flag. This PR hides prebuilt rule customisation functionality disabling update rule buttons under `prebuiltRulesCustomizationEnabled` feature flag. ![image](https://github.com/user-attachments/assets/b7ca5ff8-be37-47a7-ad7e-b85386909f38) <img width="1719" alt="image" src="https://github.com/user-attachments/assets/349223dc-dda5-46fb-832f-d7097a81580e"> <img width="1721" alt="image" src="https://github.com/user-attachments/assets/a28512f6-e605-460e-884d-571ab408a7d9"> commit 82da5111fef0907226a23371eb229166493c2c9e Author: Kibana Machine <[email protected]> Date: Tue Oct 29 17:25:50 2024 +1100 [api-docs] 2024-10-29 Daily api_docs build (#198103) Generated by https://buildkite.com/elastic/kibana-api-docs-daily/builds/875 commit 686b0214cefd96137c5a87ef4bad61ddbbcea5c0 Author: Brad White <[email protected]> Date: Mon Oct 28 18:44:36 2024 -0600 Fix Dev Container KBN_DIR (#195810) In #193488, `KBN_DIR` was changed to be a dynamic variable. It wasn't being properly propagated through the build process in the Dockerfile and the full path to `env.sh` wasn't being set. This passes the directory as a build `ARG` as well to fix the path. commit 8700807899000a86a30f0bdbee59d64f07e31d15 Author: Brad White <[email protected]> Date: Mon Oct 28 18:40:12 2024 -0600 [CI] Disable UpdateCLI workflow on forks (#196624) The UpdateCLI workflow is running against forks when it shouldn't be: https://github.com/Ikuni17/kibana/actions/runs/11359905941 commit 0de1f95d0e60d20196ef414557a8432ed719406f Author: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com> Date: Mon Oct 28 18:47:42 2024 -0500 Update dependency msw to ^2.4.12 (main) (#198060) This PR contains the following updates: | Package | Type | Update | Change | Pending | |---|---|---|---|---| | [msw](https://mswjs.io) ([source](https://togithub.com/mswjs/msw)) | devDependencies | patch | [`^2.4.11` -> `^2.4.12`](https://renovatebot.com/diffs/npm/msw/2.4.11/2.4.12) | `2.5.2` (+3) | --- <details> <summary>mswjs/msw (msw)</summary> [Compare Source](https://togithub.com/mswjs/msw/compare/v2.4.11...v2.4.12) - **node:** preserve headers instanceof when recording raw headers ([#2321](https://togithub.com/mswjs/msw/issues/2321)) ([`a58a300`](https://togithub.com/mswjs/msw/commit/a58a300687a48e13c0268403a71183cf7825f748)) [@paoloricciuti](https://togithub.com/paoloricciuti) </details> --- 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://togithub.com/renovatebot/renovate).  Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com> commit be6708bffcb0a264bee29c029c7945ff22fa6761 Author: Jared Burgett <[email protected]> Date: Mon Oct 28 16:00:06 2024 -0500 Added redirect option after Entity CSV upload (#197937) Added a redirect button to view Entities after a successful Asset Criticality CSV file upload process Additionally, made some small changes to the copy for the Entity Store management workflows <img width="1490" alt="Screenshot 2024-10-27 at 9 49 17 PM" src="https://github.com/user-attachments/assets/77b587b7-8300-40ae-adc2-5119aa5f39ab"> Co-authored-by: Elastic Machine <[email protected]> commit e65a08cc9154f6cf21609ab3f22ea10eef4f7aed Author: Tiago Costa <[email protected]> Date: Mon Oct 28 20:52:57 2024 +0000 skip flaky suite (#174661) commit 7821dd74140d9873c47d5b8650a47d6c50ecc194 Author: Tiago Costa <[email protected]> Date: Mon Oct 28 20:49:24 2024 +0000 skip flaky suite (#196766) commit e3aa369c3e761f96a000cd081e11c72c05678186 Author: Tiago Costa <[email protected]> Date: Mon Oct 28 20:46:03 2024 +0000 skip flaky suite (#189739) commit 924b72ee7b2635943962da74bca1ec1cc651a4fa Author: Tiago Costa <[email protected]> Date: Mon Oct 28 20:43:07 2024 +0000 skip flaky suite (#197765) commit 3759a60fa0e987fb35f2bca11769a81be3540b4f Author: Tiago Costa <[email protected]> Date: Mon Oct 28 20:41:10 2024 +0000 skip flaky suite (#192126) commit a652f4f08bae966fedcba990300a3c8c98c7fa4d Author: Tiago Costa <[email protected]> Date: Mon Oct 28 20:39:55 2024 +0000 skip flaky suite (#189038) commit 98d807cdab80d0c680e458f929375cdedd1d0b64 Author: Tiago Costa <[email protected]> Date: Mon Oct 28 20:38:08 2024 +0000 skip flaky suite (#197335) commit 82ec7ff742295f7f4691f23d989159f6aa9129ed Author: T…

## Summary Part of #195418 This PR moves the `STATS` completion logic to its own home. There are also a few changes in behavior. I am open for feedback on any of these. - the cursor is automatically advanced after accepting a comma suggestion - variables from previous `EVAL` commands are no longer suggested (e.g. `...| EVAL foo = 1 | STATS /`). I'm not sure about this change, but it seemed potentially unintended to suggest variables but no other columns such as field names. - a new variable is suggested for new expressions in the `BY` clause. Formerly, new variables were only suggested in the `STATS` clause. - `+` and `-` are no longer suggested after a completed function call within an assignment in the `BY` clause (e.g. `... | STATS ... BY var1 = BUCKET(dateField, 1 day) /`. This behavior was encoded in our tests, but it feels unintended to me, especially since it only applied when the result of the function was assigned to a new variable in the `BY` clause. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: Stratoula Kalafateli <[email protected]>

## Summary Part of elastic#195418 This PR moves the `STATS` completion logic to its own home. There are also a few changes in behavior. I am open for feedback on any of these. - the cursor is automatically advanced after accepting a comma suggestion - variables from previous `EVAL` commands are no longer suggested (e.g. `...| EVAL foo = 1 | STATS /`). I'm not sure about this change, but it seemed potentially unintended to suggest variables but no other columns such as field names. - a new variable is suggested for new expressions in the `BY` clause. Formerly, new variables were only suggested in the `STATS` clause. - `+` and `-` are no longer suggested after a completed function call within an assignment in the `BY` clause (e.g. `... | STATS ... BY var1 = BUCKET(dateField, 1 day) /`. This behavior was encoded in our tests, but it feels unintended to me, especially since it only applied when the result of the function was assigned to a new variable in the `BY` clause. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: Stratoula Kalafateli <[email protected]> (cherry picked from commit 7f2b56f)

## Summary Part of elastic#195418 This PR moves the `STATS` completion logic to its own home. There are also a few changes in behavior. I am open for feedback on any of these. - the cursor is automatically advanced after accepting a comma suggestion - variables from previous `EVAL` commands are no longer suggested (e.g. `...| EVAL foo = 1 | STATS /`). I'm not sure about this change, but it seemed potentially unintended to suggest variables but no other columns such as field names. - a new variable is suggested for new expressions in the `BY` clause. Formerly, new variables were only suggested in the `STATS` clause. - `+` and `-` are no longer suggested after a completed function call within an assignment in the `BY` clause (e.g. `... | STATS ... BY var1 = BUCKET(dateField, 1 day) /`. This behavior was encoded in our tests, but it feels unintended to me, especially since it only applied when the result of the function was assigned to a new variable in the `BY` clause. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: Stratoula Kalafateli <[email protected]>

Create entity_client functions Create entity_client functions Fix entityLatest flatten object Fix redirection to service overview Fix redirection to service overview Add tests Add tests Refactoring and tests Clean up [CI] Auto-commit changed files from 'node scripts/yarn_deduplicate' fix after rebase Fix build [Dataset Quality]Fix elastic doc test (#197835) Found a bug while backporting another PR. The elastic docs in main always refer to master, but once a release is cut, it check for specific version in the URL. hence updated the test P.S: This does not need backport to 8.x as this has already been fixed in 8.x [FTR][Ownership] Assign visualize, etc (#197664) Assign test files to small number of reviewers Assigned visualize due to the name Assigned functional_execution_context due to https://github.com/elastic/kibana/blob/main/x-pack/test/functional_execution_context/plugins/alerts/kibana.jsonc#L4 Assigned kubernetes_security per https://github.com/elastic/kibana/blob/main/x-pack/plugins/kubernetes_security/kibana.jsonc#L4 Assigned licensing_plugin due to https://github.com/elastic/kibana/blob/main/x-pack/plugins/licensing/kibana.jsonc#L4 Assigned rule_registry due to https://github.com/elastic/kibana/blob/main/x-pack/plugins/rule_registry/kibana.jsonc#L4-L5 Assigned usage_collection due to https://github.com/elastic/kibana/blob/main/api_docs/usage_collection.mdx#L18 - It says `Contact @elastic/kibana-core for questions regarding this plugin.` Assigned observability_onboarding_api_integration due to https://github.com/elastic/kibana/blob/main/api_docs/observability_onboarding.mdx#L18 - It says `Contact @elastic/obs-ux-logs-team for questions regarding this plugin.` Contributes to: https://github.com/elastic/kibana/issues/194817 [React@18 failing tests] Dataset quality handles user privileges (#197830) [Security Solution] Add data source editable component (#196948) **Partially addresses:** https://github.com/elastic/kibana/issues/171520 This PR adds is built on top of https://github.com/elastic/kibana/pull/193828 and add a Data Source editable component for final edit side of Three Way Diff tab of the upgrade prebuilt rule workflow. https://github.com/elastic/kibana/issues/171520 required adding editable components for each field diffable rule field. It imposes some difficulties since it's quite problematic to reuse existing especially complex components like Data Source from Define Rule step component. This PR make little refactoring to the Define Rule step component to make it simpler and make it easier to reuse Data Source related code chunks scattered in Define Rule step component. You may notice some copy-paste chunks of Data Source editable component in the PR. At this stage it's the simplest way to proceed to avoid huge refactoring and potential new bugs. Taking into account deadlines for the task it looks like a good trade off. There is a plan to work on improvements for rules creation/editing forms later on. search: move getting started to footer (#197849) Moved the `Getting Started` link to the footer ![image](https://github.com/user-attachments/assets/4d388fba-c6a4-4a72-b9f1-5ea839e435fe) [OpenAPI][DOCS] Add descriptions, examples, responses for role APIs (#195527) Co-authored-by: Elena Shostak <[email protected]> [Security Solution] Unskips Timeline Cypress tests (#195721) Fixes below Flaky tests issues : - [x] https://github.com/elastic/kibana/issues/180688 - [x] https://github.com/elastic/kibana/issues/176945 - [x] https://github.com/elastic/kibana/issues/175180 - [x] https://github.com/elastic/kibana/issues/181466 - [x] https://github.com/elastic/kibana/issues/182021 - [x] https://github.com/elastic/kibana/issues/183085 - [x] https://github.com/elastic/kibana/issues/175180 --------- Co-authored-by: Michael Olorunnisola <[email protected]> [ci] Use es snapshot cache on miscellaneous steps, adjust schedule (#197294) The schedule adjustment is due to 7.17 verification taking longer than other branches. Currently, we only rebuild once when main is updated. This is a stopgap until a cache-only update can be introduced to avoid continuous image rebuilds. [SR] Add tooltips for disabled fields on managed SLM repository and policy (#196565) Closes https://github.com/elastic/kibana/issues/173124#issuecomment-2352968634 by adding tooltips details when hovering the disabled SLM repository or policy fields. **SLM managed repository** ![Screenshot 2024-10-16 at 1 38 19](https://github.com/user-attachments/assets/3bd11ea5-f846-433f-8615-b51de184336b) **SLM managed policy** ![Screenshot 2024-10-16 at 1 37 57](https://github.com/user-attachments/assets/d11757bd-bda5-4b4f-8c1e-e795e01b1fa2) - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [x] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US)) - [x] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)) - [x] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers) - [x] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels) - [x] This will appear in the **Release Notes** and follow the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --------- Co-authored-by: Elena Stoeva <[email protected]> [Security GenAI] When indices referenced in KB index entries are deleted from OUTSIDE the AI Assistant KB UI, there is not indication to the user (#197156) (#197722) Bug https://github.com/elastic/kibana/issues/197156 This is a UI part of the bug that warns a user about missing indices used in knowledge base entries. 1. Add an index entry that uses existing index 2. Remove that index 3. Go back to knowledge base entries page 4. You should see warning icon next to the name of the index entry which uses removed index. Also, when you edit that entry you will see `Index doesn't exist` error next to the `Index` field in the flyout <img width="1458" alt="Screenshot 2024-10-24 at 19 54 36" src="https://github.com/user-attachments/assets/7d4468f9-fada-4416-9480-99bfca3de220"> <img width="615" alt="Screenshot 2024-10-24 at 19 54 52" src="https://github.com/user-attachments/assets/fd9bbe80-0a3c-40b8-909a-93f8082e69eb"> Delete any items that are not applicable to this PR. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios [Security Solution][Endpoint] Ensure that DS indices for response actions are created prior to sending action to Endpoint (#196953) PR adds changes to Security Solution so that DOT indices (restricted in Serverless) are created in Kibana prior to Elastic Defend (Endpoint) attempting to stream documents to these indices. The indices that are now created in kibana are: - `.logs-endpoint.diagnostic.collection-<namespace_from_policy>` - `.logs-endpoint.action.responses-<namespace_from_policy>` - `.logs-endpoint.heartbeat-<namespace_from_policy>` _(⚠️ created only in serverless only)_ - Added support for the following two server-side extension points: - `packagePolicyPostUpdate` : callbacks invoked after an integration policy has been updated successfully - `agentPolicyPostUpdate` : callbacks invoked after an agent policy has been updated successfully - Logic was added to the following Fleet server-side extension points that checks if the necessary indices exist and if not, it creates them: - After creating an Elastic Defend integration policy - After updating an Elastic Defend integration policy - After updating a Fleet Agent Policy that includes Elastic Defend integration policy Mark connector param validation failures as user errors (#197812) Resolves https://github.com/elastic/response-ops-team/issues/255 In this PR, I'm changing the type of error thrown when connector parameter validation fails so it indicates it's a user type of error. This will allow us to exclude these errors from our serverless monitoring given the users define the parameters the connectors receive when they run. Mainly via alerting rule mustache templates, which are easy to render empty strings and such. [Security Solution][Notes] - fix createdBy filter for notes management page (#197706) [Search][Fix] Index Details: poll mappings (#197885) [Security GenAI] When a "global" Knowledge Base entry is updated to "private", a duplicate "private" entry gets created and the global entry remains unchanged (#197157) (#197516) Original ticket describing the BUG: https://github.com/elastic/kibana/issues/197157 These changes fix two issues: 1. Updating an entry from Global to Private duplicates it. After discussing with the team we decided that this is an expected behaviour and we would add a modal dialog which warns users about it. See more details here https://github.com/elastic/kibana/issues/197157#issuecomment-2432592394 2. Editing Private entry and switching the sharing option twice from Private => Global => Private causes the issue where we would treat selected entry as a new one and thus calling "create entry" instead of "update". * Edit private entry * Update entry's name * Switch sharing option to Global * Switch sharing option back to Private * Save the entry **Current behaviour**: a new private entry is created **Expected behaviour**: existing private entry is updated https://github.com/user-attachments/assets/e11e14bd-c557-401e-a23f-e01ac7aedf30 Delete any items that are not applicable to this PR. - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios Update docker.elastic.co/wolfi/chainguard-base:latest Docker digest to de4d5b0 (main) (#197917) [Response Ops][Maintenance Window] Fix Maintenance Window Wildcard Scoped Queries (#194777) Issue: https://github.com/elastic/sdh-kibana/issues/4923 Fixes maintenance window scoped query using wildcards by injecting the `analyze_wildcard` property to the DSL used to determine which alerts should be associated with the maintenance window. Also fixes the update route to correctly take into account the user's `allowLeadingWildcard` flag. It was implemented for the create route but not the update route. Fixes: https://github.com/elastic/kibana/issues/194763 1. Install sample data: ![image](https://github.com/user-attachments/assets/4be72fc8-e4ab-47a3-b5db-48f97b1827ae) 2. Create a maintenance window with the following scoped query: ![image](https://github.com/user-attachments/assets/e2d37fd0-b957-4e76-bea3-8d954651c557) 3. Create a ES query rule and trigger actions: ![image](https://github.com/user-attachments/assets/551f5145-9ab7-48c4-a48e-e674b4f0509a) 4. Assert the `maintenance_window_id` on the 4 alerts are set ![image](https://github.com/user-attachments/assets/7ace95d3-d992-4305-a564-cf3004c9ae9e) - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios) --------- Co-authored-by: Elastic Machine <[email protected]> [api-docs] 2024-10-27 Daily api_docs build (#197930) Generated by https://buildkite.com/elastic/kibana-api-docs-daily/builds/873 [Cloud Security] Clicking on Contextual Flyout popout Icon now opens page in new tab (#196763) Currently when user clicks on Popout icon on Misconfiguration or Vulnerabilities Contextual flyout, user gets redirected to Findings page but in the same tab. Popout Icon implies that it should navigate user to other page on separate Tabs as such the current behaviour is not right. This PR addresses that issue --------- Co-authored-by: kibanamachine <[email protected]> [ES|QL] Update function metadata (#197940) This PR updates the function definitions and inline docs based on the latest metadata from Elasticsearch. [Security Solution] Remove index pattern field from Sourcerer (#190113) This PR removes index pattern field from the sourcerer model, replacing it with direct access to data view spec. The end goal for the sourcerer is to just utilize platform wide Data View Types, instead of some custom abstractions / containers such as indexPattern field which is effectively a DataViewSpec, just packed up differently. [Cloud Security] add posture type for CSPM dashboard accounts link (#197633) - fixes https://github.com/elastic/security-team/issues/10914 [Observability Onboarding] Show search bar even when category is not selected (#197825) Closes https://github.com/elastic/observability-dev/issues/4065 🔒 Fixes an issue when search bar is not visible unless a category is selected. ![CleanShot 2024-10-25 at 14 53 44@2x](https://github.com/user-attachments/assets/774d2fe2-e4f0-4a46-a851-a0f756a96b12) Fix typo in the file name CR fixes [ResponseOps][Cases] Miscount of total numbers of alerts in telemetry (#196112) Closes https://github.com/elastic/kibana/issues/177208 Problem: - the metrics collected in telemetry for alerts don't count the total number of alerts on a case correctly. Solution: - added new aggregation function: getUniqueAlertCommentsCountQuery, which is now responsible for defining the cardinality aggregation for counting unique alert comments by alertId. - in the aggs section of the savedObjectsClient.find, the new cardinality aggregation query was added - the total number of alerts is updated to be the result extracted from the new aggregation Example: ![Screenshot 2024-10-22 at 15 20 40](https://github.com/user-attachments/assets/c418c82e-2e35-4c7f-969d-7f4f25bdbc9d) - in the telemetry object, we have the following info: <img width="331" alt="Screenshot 2024-10-22 at 15 21 40" src="https://github.com/user-attachments/assets/6419e72d-84b4-4068-a741-6e32c6e966f7"> --------- Co-authored-by: Antonio <[email protected]> [ResponseOps][Cases]Add instructions of how to create a connector in the create case form (#197041) Closes https://github.com/elastic/kibana/issues/189246 - A helper text was added in the create case form to tell the user that needs to create a connector in the stack management > cases > settings before attaching it to a case - A new "add connector" button was placed in the stack management > cases > settings page, in the connectors section https://github.com/user-attachments/assets/7866b41a-11b5-4ca3-bd65-988412ab1e2f --------- Co-authored-by: Antonio <[email protected]> [Discover][ES|QL] Rename Documents tab to Results (#197833) This PR renames Documents label to Results for ES|QL mode. <img width="1091" alt="Screenshot 2024-10-25 at 15 44 32" src="https://github.com/user-attachments/assets/8678bb86-7e4b-4341-9bb3-50becced655b"> <img width="1676" alt="Screenshot 2024-10-25 at 15 52 55" src="https://github.com/user-attachments/assets/c79d2ee0-62e1-4506-bcb5-29552287f140"> - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios [EDR Workflows] Enable Blocklist CY in MKI (#197952) Since adding this test file was tied to changes in Kibana, we initially couldn’t enable it in the MKI. The MKI relies on a Kibana image built from the main branch, and at that time, the necessary changes for these tests to pass hadn’t yet been merged. Now that these updates are included in the main branch, the Kibana image used in MKI has the required changes, so we can proceed with enabling the tests. Manual MKI run - https://buildkite.com/elastic/kibana-serverless-security-solution-quality-gate-defend-workflows/builds/1545 [Security Solution][Detection Engine] removes legacy alerting endpoints from Security Solution dev scripts (#197424) - addresses https://github.com/elastic/kibana/issues/95842 --------- Co-authored-by: Ryland Herrick <[email protected]> [CodeQL] Local run script (#194272) This PR introduces a script that allows developers to run CodeQL analysis locally. It uses a Docker container with prebuilt CodeQL queries to facilitate easy setup and execution. The script has the following key steps: - Creating a CodeQL database from the source code. The database is essentially a representation of the codebase that CodeQL uses to analyze for potential issues. - Running the analysis on the created database, `javascript-security-and-quality` suit is used. ``` bash scripts/codeql/quick_check.sh -s path/to/your-source-dir ``` For example ``` bash scripts/codeql/quick_check.sh -s ./x-pack/plugins/security_solution/public/common/components/ml/conditional_links ``` The `-s` option allows you to specify the path to the source code directory that you wish to analyze. Checked the ability to use MSFT image for local run https://github.com/microsoft/codeql-container. Turned out it has several problems: 1. The published one has an error with [execute permissions](https://github.com/microsoft/codeql-container/issues/53). 2. Container has outdated nodejs version, so it didn't parse our syntax (like `??`) and failed. 3. The technique used in the repository to download the CodeQL binaries and precompile the queries is outdated in the sense that GitHub now offers pre-compiled queries you can just download. Follow this [comment](https://github.com/microsoft/codeql-container/issues/53#issuecomment-1875879512). Taking this into consideration I have created a lightweight docker image without extraneous dependencies for go/.net/java. There are issues sometimes when analyze run returns no results, particularly when analyzing a single folder. It might be due to the missing context for the data flow graph CodeQL generates or context for interdependencies. This is actually a trade off of running it locally for a subset of source directories. We need to explicitly state that in the documentation and advise to expand the scope of source code directories involved for local scan. Documentation for triaging issues will be updated separately. __Closes: https://github.com/elastic/kibana/issues/195740__ chore(slo): remove tests migrated to agnostic framework (#197711) Resolves https://github.com/elastic/kibana/issues/183397 This PR is a follow up of https://github.com/elastic/kibana/pull/195927, that removes the old and migrated tests to the agnostic framework. --------- Co-authored-by: kibanamachine <[email protected]> Co-authored-by: Dzmitry Lemechko <[email protected]> [Response Ops][Task Manager] change task claiming interface to stop using observables (#196196) Resolves https://github.com/elastic/kibana/issues/184952 Changing task claimers to return promises instead of observables. This is a code refactor and should not have any effect on task claiming functionality. --------- Co-authored-by: Elastic Machine <[email protected]> [Fleet] Fix agents count in agent list table and add tooltip with correct info (#197834) Fixes https://github.com/elastic/kibana/issues/195441 Selection agent count on agent list table gets incorrect when there are multiple hosted agents, especially if they are on inactive state. In fact to calculate the selected number of agents we were getting hosted agents, but without taking into account the filtering applied on the page, i.e. we were always getting all the hosted agent (inactive too). This caused the final calculation to be off. In this PR I'm fixing [the query](https://github.com/elastic/kibana/pull/197834/files#diff-9707a4b93a96749876e4cf173a0b39cd5a620e311e2652c5ed4b8670ca7e6becR309-R320) used to get those agents to take in account the filters and I'm also adding a small tooltip that breaks up the number of agents (selected, total, hosted) - Make sure to have many agents, hosted and not in different states (inactive, unenrolled) - To make a hosted agent inactive follow the steps explained [here](https://github.com/elastic/kibana/issues/195441) - Verify that the selection numbers are correct: select agents on all pages and hover on the new tooltip shown besides the "selected agents". This number should match the number shown on the actions dropdown <img width="2376" alt="Screenshot 2024-10-25 at 17 00 44" src="https://github.com/user-attachments/assets/81d2836a-f997-4ccb-a23c-3d2cfbfa62d3"> <img width="2409" alt="Screenshot 2024-10-25 at 17 00 59" src="https://github.com/user-attachments/assets/ba21933a-f1e6-457e-8059-e87b3e29a7d1"> https://github.com/user-attachments/assets/c153c491-29a1-481c-a3e3-25bab6412963 - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: Elastic Machine <[email protected]> [Cloud Security] exclude unknown findings from compliance score calculation (#197829) Findings from 3rd party date can have `result.evaluation: unknown`. This leads to incorrect posture/compliance score in our flows. This PR removes these findings from the score calculation and graphical representation. properly introducing `unknown` in the compliance score UX flows will be solved separately - fixes https://github.com/elastic/security-team/issues/10913 <img width="1473" alt="Screenshot 2024-10-25 at 14 19 03" src="https://github.com/user-attachments/assets/c69e45b0-7da1-4eb8-b83a-f895e7b7c3a4"> Delete any items that are not applicable to this PR. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) - [ ] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US)) - [x] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)) - [ ] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers) [Authz] OAS Descriptions for Route Authz (#197001) Closes https://github.com/elastic/kibana/issues/191714 Update process router to generate authz descriptions based on the new Route Security objects. Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: kibanamachine <[email protected]> Co-authored-by: Elastic Machine <[email protected]> Add tags to connector run failures indicating if it's user or framework error (#197818) Resolves https://github.com/elastic/kibana/issues/197315 In this PR, I'm adding the following tags to the connector failure logs so it makes it easier to filter for systematic errors. - `connector-run-failed` for logs specific to connector run failures - `user-error` for errors caused by the user - `framework-error` for systematic errors You can either use the jest test to observe the returned flags or set your logging to JSON and make connectors fail. kibana.yml to set logging to JSON ``` logging: appenders: json-layout: type: console layout: type: json root: appenders: [json-layout] ``` [EDR Workflows] Fix Cypress tests failing on Alerts step (#197384) Delete data when clearing security entity store (#197938) Fixed a bug where the "Clear all entities" button in the security entity store didn't delete data due to a missing query parameter. FTR SAML Auth - Adjust stateful internal request header (#197994) This PR adds the `x-elastic-internal-origin` header to the stateful internal request headers used by FTR. This fixes an issue that we're seeing when running deployment agnostic tests against ESS on 9.0.0-SNAPSHOT. [SKIP ON MKI] reporting datastream (#197958) See details: https://github.com/elastic/kibana/issues/197955 [SKIP ON MKI] discover reporting (#197959) See details: https://github.com/elastic/kibana/issues/197957 fix: [Stateful:Connectors:New connector page]Configuration form missing instructions and field names from announcement (#197963) Closes: #197586 Forms, requiring user input, should have clear instructions on how to fill them. Specific fields can have their own help (guidance) text on how to fill them with examples. All fields which are present in the form can be programmatically determined, especially for the users using assistive technology to understand what fields are present, what input is expected. 1. `aria-label` values are explicitly set for `ConnectorConfigurationField` child components. I suspect that due to the dynamic nature of this component, the standard mechanism does not work properly. <img width="1163" alt="image" src="https://github.com/user-attachments/assets/00e1bd87-30b3-4c8f-a3d7-0c7774028a66"> [ES|QL] detect the type of `COUNT(*)` (#197914) We weren't properly detecting the type of the expression `COUNT(*)`. Now we are! Before: <img width="950" alt="Screenshot 2024-10-25 at 4 38 08 PM" src="https://github.com/user-attachments/assets/e9bd8d78-d0c8-4069-a818-5bf3486b925b"> After: <img width="1093" alt="Screenshot 2024-10-25 at 4 35 44 PM" src="https://github.com/user-attachments/assets/235c63dc-7d6c-49df-9adf-e225c4550a42"> - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios Co-authored-by: Stratoula Kalafateli <[email protected]> [ES|QL] remove signatures from function suggestion labels (#197842) Showing a single acceptable function signature in the suggestions list is confusing since it may imply that other options are not accepted. Instead, this PR follows the Typescript tooling and simply shows the function name in the list. ![Screenshot 2024-10-25 at 8 17 38 AM](https://github.com/user-attachments/assets/9caf4998-b144-45d4-8a53-b41846714d5b) The signatures are still available in the details flyout. <img width="981" alt="Screenshot 2024-10-25 at 8 50 01 AM" src="https://github.com/user-attachments/assets/17ca7b55-9c88-4a42-91e0-762cfc4809b5"> - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios Co-authored-by: Stratoula Kalafateli <[email protected]> [Response Ops][Task Manager] Propagate `msearch` error status code so backpressure mechanism responds correctly (#197501) Resolves https://github.com/elastic/response-ops-team/issues/240 Creating an `MsearchError` class that preserves the status code from any msearch errors. These errors are already piped to the managed configuration observable that watches for and responds to ES errors from the update by query claim strategy so I updated that filter to filter for msearch 429 and 503 errors as well. 1. Make sure you're using the mget claim strategy (`xpack.task_manager.claim_strategy: 'mget'`) and start ES and Kibana. 2. Inject a 429 error into an msearch response. ``` --- a/x-pack/plugins/task_manager/server/task_store.ts +++ b/x-pack/plugins/task_manager/server/task_store.ts @@ -571,6 +571,8 @@ export class TaskStore { }); const { responses } = result; + responses[0].status = 429; + const versionMap = this.createVersionMap([]); ``` 3. See task manager log the msearch errors and eventually reduce polling capacity ``` [2024-10-23T15:35:59.255-04:00][ERROR][plugins.taskManager] Failed to poll for work: Unexpected status code from taskStore::msearch: 429 [2024-10-23T15:35:59.756-04:00][ERROR][plugins.taskManager] Failed to poll for work: Unexpected status code from taskStore::msearch: 429 [2024-10-23T15:36:00.257-04:00][ERROR][plugins.taskManager] Failed to poll for work: Unexpected status code from taskStore::msearch: 429 [2024-10-23T15:36:00.757-04:00][ERROR][plugins.taskManager] Failed to poll for work: Unexpected status code from taskStore::msearch: 429 ... [2024-10-23T15:36:06.267-04:00][WARN ][plugins.taskManager] Poll interval configuration is temporarily increased after Elasticsearch returned 19 "too many request" and/or "execute [inline] script" error(s). [2024-10-23T15:36:06.268-04:00][WARN ][plugins.taskManager] Capacity configuration is temporarily reduced after Elasticsearch returned 19 "too many request" and/or "execute [inline] script" error(s). ``` --------- Co-authored-by: Elastic Machine <[email protected]> [Stateful sidenav] Fix dashboard listing breadcrumbs (#197986) [Onboarding] Check for user privileges before creating an API key (#197964) Resolves https://github.com/elastic/kibana/issues/192983 Check for user privileges before creating an API key <img width="1413" alt="Screenshot 2024-10-28 at 10 28 58" src="https://github.com/user-attachments/assets/aa54ce74-98ac-43f0-b422-ab3d895c97ab"> [Fleet] Couple agent and package policies spaces (#197487) Consolidate Rule schemas (#195613) Towards: #172513 This PR removes `RawRule` type from `alerting/server/type` and `RuleAttributes` schema/types. And uses the `RawRule` that is used for ModelVersions instead of them. --------- Co-authored-by: kibanamachine <[email protected]> Improve header button spacing (#197896) Closes #197873 - Fix spacing between 'Give feedback' and AI button. - While in the neighborhood, I noticed the search button had some extra padding, so I fixed that quick too. - Lastly, I pushed the project switcher to the far right. This is only used for local development of Serverless and was otherwise appearing between production buttons. <img width="420" src="https://github.com/user-attachments/assets/f5abe1af-1762-4658-8040-d802b9752667" /> <img width="420" src="https://github.com/user-attachments/assets/04288ff3-6012-4518-866f-0dea4ad62401" /> <img width="420" src="https://github.com/user-attachments/assets/ef2e0eff-d4f4-4ceb-bbf8-c39d2e3e9949" /> To test, you'll need to run this in serverless mode where the 'Give feedback' button appears. You can force it on by setting the following line equal to `true`. https://github.com/elastic/kibana/blob/ae9c0d385015f3068a04af46678e18e2f00b519a/src/plugins/guided_onboarding/public/plugin.tsx#L50 Co-authored-by: Elastic Machine <[email protected]> [Security Solution][Detection Engine] fixes preview logs issue when switching between rules (#197098) - addresses https://github.com/elastic/kibana/issues/196616 [Lens] fix showing points on line by default (#197828) Fix the missing style to show points in line charts. Line charts should show data points whenever the distance between points is larger than 40px. [Fleet] Fix flaky agentless test (#197951) Fixes https://github.com/elastic/kibana/issues/189038 Attempt to fix [this flaky test ](https://buildkite.com/elastic/kibana-on-merge/builds/53472#0192c57d-51ca-4b9b-a934-dc13b0b9b7ca) failing with ``` Timed out in waitForNextUpdate after 1000ms. -- | | at waitForNextUpdate (node_modules/@testing-library/react-hooks/lib/core/asyncUtils.js:96:13) ``` I'm adding a longer timeout hoping to resolve this issue. There is no way to run jest tests with flaky test runner so I'm not sure how to verify that the flakiness is really gone. --------- Co-authored-by: Elastic Machine <[email protected]> Serverless tests - enable dot-prefixed index validation (#197141) This PR enables Elasticsearch dot-prefixed index validation for serverless tests. [ObsUx][Infra] Remove no longer used feature flags for GA features (#197684) Closes #197612 This PR removes the feature flags (`observability:enableInfrastructureHostsView` and `enableInfrastructureContainerAssetView` ) for host and container views Feature settings under `Infrastructure > Settings` (ignore the profiling one) | Before | After | | ------ | ----- | |![image](https://github.com/user-attachments/assets/f7ee9585-e96c-4492-9116-8de3c5e0c9c6) | ![image](https://github.com/user-attachments/assets/1c75e229-bd29-45c5-a354-cfdcb324ea9d) | The feature flags should not appear in the settings The Host menu item should be visible The Container asset views should be always enabled and visible (without an option to disable them) The Host asset views should be always enabled and visible (without an option to disable them) https://github.com/user-attachments/assets/a4d574d0-2669-4f96-88a4-a40c2f5023c2 do not set full screen mode on ExitFullScreenButton re-render (#198012) https://github.com/elastic/kibana/pull/194892 is refactoring [DashboardRenderer](https://github.com/elastic/kibana/blob/3391344e8dc8377d359b918521b6c48838cde8ae/src/plugins/dashboard/public/dashboard_container/external_api/dashboard_renderer.tsx) component to replace Dashboard Embeddable with a plain old javascript object. Dashboard Embeddable rendered its contents in a new react tree. The new implementation does not. Since the new implementation does not render the dashboard in a new react tree, any re-render in `DashboardViewport` parent components causes `ExitFullScreenButton` to re-render. In its current form, re-rendering `ExitFullScreenButton` calls `onExit`, which causing dashboard to exit full screen mode. This PR makes use of `useCallback` to fix the issue where re-rending `ExitFullScreenButton` calls `onExit`. 1) Open dashboard that ships with sample web logs data set 2) switch to view mode 3) click "Full screen" button 4) Maximize a panel. Verify dashboard stays in full screen mode. [ci] Run linting before tests (#197310) Linting is a frequent source of build failures. By increasing the cpu count we can run this check before starting our highly-parallel tests without impacting total build time. Fix documentation for session lifespan default (#198065) This pull request includes an update to the `docs/settings/security-settings.asciidoc` file to clarify the default session lifespan settings for different installation environments. Documentation update: * [`docs/settings/security-settings.asciidoc`](diffhunk://#diff-97a4c4e3696b33b246f55ddd794608530b693f0a7a66ae1361a32b67c7461523L204-R204): Clarified that the default session lifespan is 30 days for on-prem installations and 24 hours for Elastic Cloud installations. [FTR][Ownership] Assign aiops, custom branding, etc (#197468) Assign test files to small number of reviewers Assigned custom_branding due to https://github.com/elastic/kibana/blob/main/x-pack/plugins/custom_branding/kibana.jsonc#L4 Assigned response_ops_docs due to the name Assigned monitoring due to https://github.com/elastic/kibana/blob/main/x-pack/plugins/monitoring/kibana.jsonc#L4 Assigned so managment due to https://github.com/elastic/kibana/blob/main/src/plugins/saved_objects_management/kibana.jsonc#L4 Assigned aiops due to https://github.com/elastic/kibana/blob/main/x-pack/plugins/aiops/kibana.jsonc#L4 Assigned banners_functional due to Pierre being all over the git blame. :lol: Assigned x-pack/test/screenshot_creation due to https://github.com/elastic/kibana/pull/197468#discussion_r1817460031 Contributes to: https://github.com/elastic/kibana/issues/194817 [Security GenAI][BUG] KB index entry created via pdf upload does not give the right response (#198020) These changes fix the issue with the wrong response of the AI Assistant using knowledge base tool and index entry generated from a PDF file. The issue happens because we are using the first chunk of uploaded PDF document as a context that we pass to LLM instead of using inner hits chunks which are actual parts of the document relevant to the questions. Here is [the blog post](https://www.elastic.co/search-labs/blog/semantic-text-with-amazon-bedrock) that talks about the strategy of using inner hits to get the most relevant documents. (see `Strategy 1: API Calls` section) 1. Navigate to Integrations page 2. Select "Upload a file" 3. Select and upload a PDF file 4. Press Import button 5. Switch to Advanced tab 6. Fill in "Index name" 7. Add additional field > Add semantic text field > Fill in form * Field: `attachment.content` * Copy to field: `content` * Inference endpoint: `elser_model_2` 8. Press Add button 9. Press Import button 1. Navigate to AI Assistant's Knowledge Base page 2. New > Index 3. Fill in "New index entry" form (below are main fields) * Name: `[add entry name]` * Index: `[select index name created during uploading a PDF file]` * Field: `content` 4. Press Save button Enable knowledge base feature via ``` xpack.securitySolution.enableExperimental: - 'assistantKnowledgeBaseByDefault' ``` **PDF document**: [Elastic Global Threat Report 2024](https://github.com/user-attachments/files/17544720/elastic-global-threat-report-2024.pdf) **KB Index entry**: Data Description: "Use this tool to answer questions about the Elastic Global Threat Report (GTR) 2024" Query Instruction: "Key terms to return data relevant to the Elastic Global Threat Report (GTR) 2024" **Questions**: 1. Who are the authors of the GTR 2024? 2. What is the forecast for the coming year in GTR 2024? 3. What are top 10 Process Injection by rules in Windows endpoints in GTR 2024? 4. What is the most widely adopted cloud service provider this year according to GTR 2024? 6. Give a brief conclusion of the GTR 2024 **Current behaviour**: <img width="656" alt="Screenshot 2024-10-28 at 16 43 48" src="https://github.com/user-attachments/assets/90615356-8807-4786-b58d-ca28c83aaec9"> **Fixed behaviour**: <img width="655" alt="Screenshot 2024-10-28 at 16 44 47" src="https://github.com/user-attachments/assets/9ebefbcc-20c2-4c79-98f3-11fa6acf3da6"> Improves pattern matching for data telemetry (#197876) Addresses concerns with Regex matching. Co-authored-by: Elastic Machine <[email protected]> [Synthetics] Refactor delete route !! (#195387) Fixes https://github.com/elastic/kibana/issues/193790 !! Refactor delete route !! Make sure to send delete response in bulk to synthetics service !! [Fleet] Prevent hosted policies space change (#198043) Revert "[Canvas] Update kbn/flot to remove table.replace() issue" (#198067) Fixes #197998 Reverts elastic/kibana#195643 skip failing test suite (#181466) [Global Search] Instantly set `isLoading=true` when search value changes (#197750) Close https://github.com/elastic/kibana/issues/77059 This PR solves the bug by setting the `isLoading` flag outside of the block of debounced code whenever the search term changes. This also makes a few slight cleanups to `search_bar.tsx`, which is quite large. I avoided doing any serious cleanups that would make the diff hard to read or detract from the fix. skip flaky suite (#178404) skip flaky suite (#197335) skip flaky suite (#189038) skip flaky suite (#192126) skip flaky suite (#197765) skip flaky suite (#189739) skip flaky suite (#196766) skip flaky suite (#174661) Added redirect option after Entity CSV upload (#197937) Added a redirect button to view Entities after a successful Asset Criticality CSV file upload process Additionally, made some small changes to the copy for the Entity Store management workflows <img width="1490" alt="Screenshot 2024-10-27 at 9 49 17 PM" src="https://github.com/user-attachments/assets/77b587b7-8300-40ae-adc2-5119aa5f39ab"> Co-authored-by: Elastic Machine <[email protected]> Update dependency msw to ^2.4.12 (main) (#198060) This PR contains the following updates: | Package | Type | Update | Change | Pending | |---|---|---|---|---| | [msw](https://mswjs.io) ([source](https://togithub.com/mswjs/msw)) | devDependencies | patch | [`^2.4.11` -> `^2.4.12`](https://renovatebot.com/diffs/npm/msw/2.4.11/2.4.12) | `2.5.2` (+3) | --- <details> <summary>mswjs/msw (msw)</summary> [Compare Source](https://togithub.com/mswjs/msw/compare/v2.4.11...v2.4.12) - **node:** preserve headers instanceof when recording raw headers ([#2321](https://togithub.com/mswjs/msw/issues/2321)) ([`a58a300`](https://togithub.com/mswjs/msw/commit/a58a300687a48e13c0268403a71183cf7825f748)) [@paoloricciuti](https://togithub.com/paoloricciuti) </details> --- 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://togithub.com/renovatebot/renovate).  Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com> [CI] Disable UpdateCLI workflow on forks (#196624) The UpdateCLI workflow is running against forks when it shouldn't be: https://github.com/Ikuni17/kibana/actions/runs/11359905941 Fix Dev Container KBN_DIR (#195810) In #193488, `KBN_DIR` was changed to be a dynamic variable. It wasn't being properly propagated through the build process in the Dockerfile and the full path to `env.sh` wasn't being set. This passes the directory as a build `ARG` as well to fix the path. [api-docs] 2024-10-29 Daily api_docs build (#198103) Generated by https://buildkite.com/elastic/kibana-api-docs-daily/builds/875 [Security Solution][Hotfix] Avoid blocking prebuilt rule upgrade upon conflicts with disabled feature flag (#198106) It turned out some of the update rule buttons are disabled. This is a side effect of the functionality not fully hidden under a feature flag. This PR hides prebuilt rule customisation functionality disabling update rule buttons under `prebuiltRulesCustomizationEnabled` feature flag. ![image](https://github.com/user-attachments/assets/b7ca5ff8-be37-47a7-ad7e-b85386909f38) <img width="1719" alt="image" src="https://github.com/user-attachments/assets/349223dc-dda5-46fb-832f-d7097a81580e"> <img width="1721" alt="image" src="https://github.com/user-attachments/assets/a28512f6-e605-460e-884d-571ab408a7d9"> [Infra] Fix anomalies flyout navigation failing test (#197999) Closes #192882 The issue was that the url was checked too early which resulted in checking the locator url instead of the page url after navigating so I added a check for loading before the URL check and this solved the issue. https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7284 [ObsUx][Infra] Unskip and try to fix hosts view test (#197861) Closes #191806 The parts of the unskipped test were fixed here - the only case I couldn't find the reason for failing after unskipping it is `should have an option to open the chart in lens` - for some reason, the whole menu is gone when checking the CI and I couldn't reproduce that so this will be the only skipped part so we can at least have all the other `Hosts view` tests [Cloud Security] Fix flaky metering tests [Observability Onboarding] Set tech preview badges correctly (#197831) As discussed, adjust the first onboarding page: * Remove tech preview labels from EA flows * Change wording <img width="857" alt="Screenshot 2024-10-25 at 15 23 47" src="https://github.com/user-attachments/assets/ceffbe90-019d-4fa8-ab6f-16cbf0aaf3d4"> <img width="814" alt="Screenshot 2024-10-25 at 15 23 59" src="https://github.com/user-attachments/assets/4f5cf657-6fd2-479f-aa92-9460bc2ecfef"> [EDR Workflows] Skip Osquery test in MKI (#198117) [EDR Workflows] Improve on unavailable shard exception flakiness in cypress (#197864) The cypress task `cy.task('indexEndpointHosts')` sometimes throws `no_shard_available_action_exception`, when transforms are stopped. This looks like a temporary issue, and in other tests it is simply retried. This PR adds the retry logic for this type of error, and unskips some tests. closes #194135 closes #191914 Delete any items that are not applicable to this PR. - [x] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed [Cloud Security] add vulnerabilties data set to filter for links from CNVM dashboard (#197648) - fixes https://github.com/elastic/security-team/issues/10915 [Entity Analytics] [Entity Store] Telemetry (#196880) This PR adds telemetry for the Entity Store. Client side tracks UI enablement actions, whilst Kibana side tracks execution time of the store initialisation process and execution time of the enrich policy task. Finally we also track number of entities in the store Update docker.elastic.co/wolfi/chainguard-base:latest Docker digest to 1815394 (main) (#198099) This PR contains the following updates: | Package | Update | Change | |---|---|---| | docker.elastic.co/wolfi/chainguard-base | digest | `de4d5b0` -> `1815394` | --- 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://togithub.com/renovatebot/renovate).  Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com> Update dependency @launchdarkly/node-server-sdk to ^9.6.1 (main) (#196897) [ML] Data Frame Analytics: removing scss overrides for exploration pages (#197724) Related meta issue: https://github.com/elastic/kibana/issues/140695 Regression model evaluation before: <img width="1455" alt="image" src="https://github.com/user-attachments/assets/cfdb794d-4576-4c10-96c1-0b3856857cdd"> After: <img width="1455" alt="image" src="https://github.com/user-attachments/assets/4c2bbdf3-85ef-489e-bc3a-1281d3531328"> Classification evaluation before: <img width="1474" alt="image" src="https://github.com/user-attachments/assets/e565cac3-8c1d-4e4f-8cac-7ea8abf4358d"> After switching fully to flex layout as we no longer support IE11 and all the workarounds were no longer needed (Note it's all left aligned now): <img width="1467" alt="image" src="https://github.com/user-attachments/assets/280ea446-17fc-4622-a925-57ef6c01cd89"> Delete any items that are not applicable to this PR. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) - [ ] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US)) - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)) - [ ] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers) --------- Co-authored-by: Elastic Machine <[email protected]> [ES|QL] separate `KEEP`, `DROP`, and `SORT` autocomplete routines (#197744) This PR begins the refactor described in https://github.com/elastic/kibana/issues/195418. The autocomplete engine now delegates to command-specific routines attached to the command definitions for `KEEP`, `DROP`, and `SORT`. The naming of `getFieldsFor` has been broadened to `getColumnsFor` because the response from Elasticsearch can contain variables as well as fields, depending on the query that is used to fetch the columns. No user-facing behavior should have changed. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: Elastic Machine <[email protected]> [CI] Fix project build & deploy job (#196562) In #195581 we've added the option to deploy through the clickable triggers. But in it's current state, it's broken in several aspects. (1) It's not starting on click. Triggers was resulting in a 422 on Buildkite's side, and after digging more into it, this was the error: <img width="1019" alt="Screenshot 2024-10-16 at 16 53 13" src="https://github.com/user-attachments/assets/f602dde9-2cc4-474f-b432-a3d4f9d5ae91"> Apparently, building PRs needs to be enabled on jobs that want to be triggered through the PR bot. (2) It is set up to run regardless of the labels (3) There's no feedback on runs This PR: - enables buildability in the pipeline's config - exits early if deploy labels are missing - adds a comment on the PR if a deploy job is started or finished - removes the kibana build step, it's not needed, as we have a step to build the docker image TODO: - [x] Add feedback about a started job (either through a non-required check, or a github comment) - [x] Early exit if a label is missing There are several other builds started right now, because the logic that would trigger a build on changing a draft to ready. To be fixed in https://github.com/elastic/buildkite-pr-bot/issues/78 Tested after manually by enabling the option on the UI, and triggering through the checkbox: https://buildkite.com/elastic/kibana-deploy-project-from-pr/builds/23 Expand README (#197880) Adds a bit more general background, intro to concepts, and guidelines about what to use FF for and what not to Delete any items that are not applicable to this PR. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) - [ ] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US)) - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)) - [ ] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers) Delete this section if it is not applicable to this PR. Before closing this PR, invite QA, stakeholders, and other developers to identify risks that should be tested prior to the change/feature release. When forming the risk matrix, consider some of the following examples and how they may potentially impact the change: | Risk | Probability | Severity | Mitigation/Notes | |---------------------------|-------------|----------|-------------------------| | Multiple Spaces—unexpected behavior in non-default Kibana Space. | Low | High | Integration tests will verify that all features are still supported in non-default Kibana Space and when user switches between spaces. | | Multiple nodes—Elasticsearch polling might have race conditions when multiple Kibana nodes are polling for the same tasks. | High | Low | Tasks are idempotent, so executing them multiple times will not result in logical error, but will degrade performance. To test for this case we add plenty of unit tests around this logic and document manual testing procedure. | | Code should gracefully handle cases when feature X or plugin Y are disabled. | Medium | High | Unit tests will verify that any feature flag or plugin combination still results in our service operational. | | [See more potential risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) | - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels) - [ ] This will appear in the **Release Notes** and follow the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --------- Co-authored-by: Alejandro Fernández Haro <[email protected]> Fix Typo: Change 'dashaboard' to 'dashboard' on APM-service Dashboards page #195773 (#196969) **Title:** Fix Typo: Change 'dashaboard' to 'dashboard' on APM-service Dashboards page **Description:** This PR fixes a typo on the "Dashboards" page for APM-service. The typo "dashaboard" has been corrected to "dashboard" to ensure proper functionality and readability. closes #195773 **Changes Made:** - Corrected the typo in the text "To get started, add your dashaboard" to "To get started, add your dashboard." **Testing:** - Verified the change on the Dashboards page for APM-service. - Ensured no other instances of the typo exist in the codebase. **Release note:** Fixes a typo on the "Dashboards" page for APM-service, changing 'dashaboard' to 'dashboard'. **Additional Notes:** No additional notes. Summarize your PR. If it involves visual changes include a screenshot or gif. Delete any items that are not applicable to this PR. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [x] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) - [x] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US)) - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [x] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)) - [x] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers) Delete this section if it is not applicable to this PR. Before closing this PR, invite QA, stakeholders, and other developers to identify risks that should be tested prior to the change/feature release. When forming the risk matrix, consider some of the following examples and how they may potentially impact the change: | Risk | Probability | Severity | Mitigation/Notes | |---------------------------|-------------|----------|-------------------------| | Multiple Spaces—unexpected behavior in non-default Kibana Space. | Low | High | Integration tests will verify that all features are still supported in non-default Kibana Space and when user switches between spaces. | | Multiple nodes—Elasticsearch polling might have race conditions when multiple Kibana nodes are polling for the same tasks. | High | Low | Tasks are idempotent, so executing them multiple times will not result in logical error, but will degrade performance. To test for this case we add plenty of unit tests around this logic and document manual testing procedure. | | Code should gracefully handle cases when feature X or plugin Y are disabled. | Medium | High | Unit tests will verify that any feature flag or plugin combination still results in our service operational. | | [See more potential risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) | - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels) - [ ] This will appear in the **Release Notes** and follow the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --------- Co-authored-by: Cauê Marcondes <[email protected]> Co-authored-by: Nathan L Smith <[email protected]> Co-authored-by: jennypavlova <[email protected]> [Response Ops][Actions] Remove deprecated HTTP APIs (#197510) Resolves https://github.com/elastic/kibana/issues/90382 Removes legacy action APIs for 9.0 and updates all tests that still used the legacy APIs to use the current APIs. Also did some renaming of action -> connector in the files I had to touch. Co-authored-by: Elastic Machine <[email protected]> [Fleet] Prevent duplication of managed policy !! (#197575) Fixes https://github.com/elastic/kibana/issues/194149 Prevent duplication of managed policy !! <img width="1594" alt="image" src="https://github.com/user-attachments/assets/f386a287-4f9e-4307-ba84-98f3ea807ef9"> [Security Solution][Notes] - switch the securitySolutionNotesEnables feature flag to securitySolutionNotesDisabled (#196778) This PR switches the `securitySolutionNotesEnabled` to `securitySolutionNotesDisabled` (with a `false` value by default) to enable the new Notes functionality in `8.16`. Customers can set the new `securitySolutionNotesDisabled` feature flag to true in their environment if they want to go back to the old notes system. The PR also fixes a tiny bug with the badge showing the number of notes in the Timeline Notes tab. The new system was not taking into account a timeline description, so if the timeline had a description the number of notes was always 1 lower than the actual number of notes displayed below. This issue was highlighted by a Cypress test! The goal is to remove the old system entirely within a few releases (maybe `8.18` or `9.0`). - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios https://github.com/elastic/kibana/issues/189879 [ci] Fix cloud deployments (#198086) Our build scripts are relying on a step that was removed in https://github.com/elastic/elasticsearch/pull/115357. The image that was produced by this script is eventually consumed by cloud deployments from pull requests. This updates our scripts to use the cloud-ess variant instead. There should not be any functional difference. We'll need the image to go through our promotion pipeline to be tested via label. https://buildkite.com/elastic/kibana-elasticsearch-snapshot-build/builds/4673 [ci] Use es snapshot cache on miscellaneous steps 2 (#198078) Adds the remaining steps missing snapshot loading from cache that I missed on the first loop. [Observability] Update breadcrumbs for observability project based navigation (#196785) ~⚠️ I'm still putting out some fires with tests, but this is ready to start being reviewed.~ A continuation of https://github.com/elastic/kibana/pull/196169 for Observability (please read that PR description first). Related: https://github.com/elastic/kibana/issues/192050 There are essentially three types of breadcrumbs - serverless (which is project style), stateful project style (set through spaces settings), and classic style (the old breadcrumbs we've seen for years). Whilst serverless and stateful project style both use the project based style the navigation trees are slightly different, so the breadcrumbs results are not identical [when they derive the "nav crumbs"](https://github.com/elastic/kibana/blob/9577aa980dd1565fba05e34292fb5c0bba692889/packages/core/chrome/core-chrome-browser-internal/src/project_navigation/breadcrumbs.tsx#L55). Here "project style" will refer to serverless and stateful project style. In these changes I've, for the most part, tried to refactor things so Observability solutions route their breadcrumbs through the observability-shared `useBreadcrumbs` hook, this way the logic around project style, adding an Observability crumb in classic etc is consolidated in one place. [For several solutions `absolute` breadcrumbs are being used](https://github.com/elastic/kibana/blob/9577aa980dd1565fba05e34292fb5c0bba692889/packages/core/chrome/core-chrome-browser-internal/src/project_navigation/breadcrumbs.tsx#L46), and this means we'll roughly have the same breadcrumbs across the 3 experience…

## Summary Part of #195418 **NOTES** - need to make sure these don't regress - #195771 - #197139 - suggesting variables after binary operator (e.g. `field + <suggest>` - I've noticed that incomplete null statements such as `is n` are corrected in our syntax tree. This sends the autocomplete down a "completed operator expression" route as opposed to an unknown operator or "to right of column" route. So, `... | EVAL foo IS N/` is interpreted as `... | EVAL foo IS NULL /`. It accidentally works (lol) because the logic for `<operator-expression> <suggest>` suggests operators that accept the return type of the existing operator expression as their left-hand argument. Since `foo IS NULL` is of type `boolean` and `IS NULL` accepts boolean values, it gets included in the suggestion list which Monaco then filters by the actual prefix (`IS N`). 🤣 ([issue](#199401)) ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: Stratoula Kalafateli <[email protected]>

## Summary Part of elastic#195418 **NOTES** - need to make sure these don't regress - elastic#195771 - elastic#197139 - suggesting variables after binary operator (e.g. `field + <suggest>` - I've noticed that incomplete null statements such as `is n` are corrected in our syntax tree. This sends the autocomplete down a "completed operator expression" route as opposed to an unknown operator or "to right of column" route. So, `... | EVAL foo IS N/` is interpreted as `... | EVAL foo IS NULL /`. It accidentally works (lol) because the logic for `<operator-expression> <suggest>` suggests operators that accept the return type of the existing operator expression as their left-hand argument. Since `foo IS NULL` is of type `boolean` and `IS NULL` accepts boolean values, it gets included in the suggestion list which Monaco then filters by the actual prefix (`IS N`). 🤣 ([issue](elastic#199401)) ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: Stratoula Kalafateli <[email protected]> (cherry picked from commit 2466a17)

## Summary Part of elastic#195418 **NOTES** - need to make sure these don't regress - elastic#195771 - elastic#197139 - suggesting variables after binary operator (e.g. `field + <suggest>` - I've noticed that incomplete null statements such as `is n` are corrected in our syntax tree. This sends the autocomplete down a "completed operator expression" route as opposed to an unknown operator or "to right of column" route. So, `... | EVAL foo IS N/` is interpreted as `... | EVAL foo IS NULL /`. It accidentally works (lol) because the logic for `<operator-expression> <suggest>` suggests operators that accept the return type of the existing operator expression as their left-hand argument. Since `foo IS NULL` is of type `boolean` and `IS NULL` accepts boolean values, it gets included in the suggestion list which Monaco then filters by the actual prefix (`IS N`). 🤣 ([issue](elastic#199401)) ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: Stratoula Kalafateli <[email protected]>

drewdaemon added Feature:ES|QL ES|QL related features in Kibana Team:ESQL ES|QL related features in Kibana technical debt Improvement of the software architecture and operational architecture labels Oct 8, 2024

drewdaemon changed the title ~~[ES|QL] separate command validation/autocomplete routines~~ [ES|QL] separate command autocomplete routines Oct 8, 2024

drewdaemon mentioned this issue Oct 8, 2024

[ES|QL] Add the ability to filter per aggregation in the editor autocomplete #195363

Open

drewdaemon mentioned this issue Oct 28, 2024

[ES|QL] separate KEEP, DROP, and SORT autocomplete routines #197744

Merged

1 task

drewdaemon self-assigned this Oct 29, 2024

drewdaemon mentioned this issue Oct 29, 2024

[ES|QL] separate STATS autocomplete routine #198224

Merged

1 task

drewdaemon mentioned this issue Nov 4, 2024

[ES|QL] separate WHERE autocomplete routine #198832

Merged

1 task

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[ES|QL] separate command autocomplete routines #195418

[ES|QL] separate command autocomplete routines #195418

drewdaemon commented Oct 8, 2024 •

edited

Loading

elasticmachine commented Oct 8, 2024

drewdaemon commented Oct 8, 2024

[ES|QL] separate command autocomplete routines #195418

[ES|QL] separate command autocomplete routines #195418

Comments

drewdaemon commented Oct 8, 2024 • edited Loading

The problem

The plan

Hit list

elasticmachine commented Oct 8, 2024

drewdaemon commented Oct 8, 2024

drewdaemon commented Oct 8, 2024 •

edited

Loading