Compatibility with Elastic 8

[AlexRuiz7]

Description

We need to ensure the UI compatibility with the next version of Elastic 8.
This update is still being discussed, but we need to be aware of potential issues.

For that, we need to:

• Review Elastic 8 and Kibana 8 latest stable changelog.
• Identify improvements and potential impact on the UI.
• Develop a testing environment to verify our components would work under this new build.

For each of the following versions:

• 8.7.0 (no released yet)
• 8.5.3
• 8.5.2
• 8.5.1
• 8.5.0
• 8.4.3
• 8.4.2
• 8.4.1
• 8.4.0
• 8.3.3
• 8.3.2
• 8.3.1
• 8.3.0
• 8.2.3
• 8.2.2
• 8.2.1
• 8.2.0
• 8.1.3
• 8.1.2
• 8.1.1
• 8.1.0
• 8.0.1
• 8.0.0

We'll focus in testing the latest patch version of each minor, these in bold. We'll skip the remaining versions.

Issues

• List here the detected issues

Documentation

• Migration to Kibana 8.0 https://github.com/elastic/kibana/blob/v8.5.0/docs/migration/migrate_8_0.asciidoc

[chantal-kelm]

Elastic 8.0

Breaking changes

• Cluster and node setting changes
• Command line tool changes
• Index settings address
• Java API changes
• JVM options change
• Logging changes
• Mapping changes
• Packaging changes
• Painless changes
• Plugin changes
• Rest API changes
• SQL JDBC changes
• System req changes
• Transform Changes

Deprecations

The following functionality has been deprecated in Elasticsearch 8.0 and will be removed in a future version. While this won’t have an immediate impact on your applications, we strongly encourage you take the described steps to update your code after upgrading to 8.0.

• Cluster and node setting deprecations

We no longer recommend using transient cluster settings.

• Command line tool deprecations

If you use Elasticsearch Service, skip this section. Elasticsearch Service handles these changes for you.

[chantal-kelm]

Elastic 8.1

Breaking changes

• Rest API changes

Deprecations

The following functionality has been deprecated in Elasticsearch 8.1 and will be removed in a future version. While this won’t have an immediate impact on your applications, we strongly encourage you take the described steps to update your code after upgrading to 8.1.

• Cluster and node setting deprecations

Legacy values for the discovery.type setting are deprecated.

• REST API deprecations

Lenient parsing of bulk actions is deprecated.

Deprecate index_include_frozen request parameter in _sql API.

Development environments

8.1.0 version

I saw that from 8.1.0 the kibana_legacy folder is removed so 8.0.0 and 8.0.1 would not have that problem but if they have another one that I was investigating today but still can not solve.

8.1.3 version

In 8.1.3 the application runs but does not show the Wazuh plugin

[chantal-kelm]

Elastic 8.2

Breaking changes

There are no breaking changes in Elasticsearch 8.2.

Development environments

In 8.2.3 the application runs but does not show the Wazuh plugin

[chantal-kelm]

Elastic 8.3

Breaking changes

There are no breaking changes in Elasticsearch 8.3.

Deprecations

The following functionality has been deprecated in Elasticsearch 8.3 and will be removed in a future version. While this won’t have an immediate impact on your applications, we strongly encourage you take the described steps to update your code after upgrading to 8.3.

• Cluster and node setting deprecations

Configuring a bind DN in an LDAP or Active Directory (AD) realm without a corresponding bind password is deprecated

Development environments

In 8.3.3 the application runs but does not show the Wazuh plugin

[chantal-kelm]

Elastic 8.4

Breaking changes

There are no breaking changes in Elasticsearch 8.4.

Deprecations

The following functionality has been deprecated in Elasticsearch 8.4 and will be removed in a future version. While this won’t have an immediate impact on your applications, we strongly encourage you to take the described steps to update your code after upgrading to 8.4.

• REST API deprecations

Deprecate the _knn_search endpoint

Development environments

In 8.4.2 the application runs but does not show the Wazuh plugin

In version 8.4.2 of elastic we identified the reasons why the Wazuh plugin is not showing, one of them was because of the @kbn/i18n/react dependency and the second one is because elastic has deleted the kibana_legacy folder which we used in the following files:

wazuh-kibana-app/public/get_inner_angular.ts
wazuh-kibana-app/public/kibana-integrations/kibana-discover.js
wazuh-kibana-app/public/kibana-integrations/discover/build_services.ts
wazuh-kibana-app/public/kibana-integrations/discover/kibana_services.ts
wazuh-kibana-app/public/kibana-integrations/discover/application/components/doc_viewer/doc_viewer_render_error.tsx
wazuh-kibana-app/public/kibana-integrations/plugins/kibana_legacy/public/notify/lib/format_angular_http_error.ts
wazuh-kibana-app/public/kibana-integrations/plugins/kibana_legacy/public/notify/lib/format_msg.ts
wazuh-kibana-app/public/kibana-integrations/plugins/kibana_legacy/public/notify/lib/format_stack.ts

Resolved conflicts with the @kbn/i18n/react dependency renamed to @kbn/i18n-react

[yenienserrano]

Testing to run Wazuh in Kibana 8.4.3.

Change the imports from @kbn/i18n/react to @kbn/i18n-react in the files:

• registry-table.tsx
• kbn-search-bar.tsx
• no_results.js
• uninitalized.tsx
• tool_bar_pager_text.tsx
• discover_legacy.tsx
• context_error_message.tsx
• doc.tsx
• doc_viewer_tab.tsx
• hits_counter.tsx
• loading_spinner.tsx
• discover_field_details.tsx
• discover_field_search.tsx
• discover_index_pattern_title.tsx
• discover_index_pattern.tsx
• discover_sidebar.tsx
• skip_bottom_button.tsx
• table_row_btn_filter_add.tsx
• table_row_btn_filter_exists.tsx
• table_row_btn_filter_remove.tsx
• table_row_btn_toggle_column.tsx
• timechart_header.tsx
• open_search_panel.js

Problems found with the kibana_legacy plugin, which was removed since version 8.1.0.

To solve this problem, the plugin has been copied in Kibana integrations folder and the paths where it was being used have been modified.

At this point Kibana is up but the Wazuh app is not visible and there are no errors in the Kibana logs.

As far as I can see, in Kibana documentation, it is said that you have to migrate from kibana_legacy to kibanaPlatform.

This migration, from what they say, is not an easy task, they provide some steps to follow, but the actual amount of changes depends on each application.

This would translate in having another branch in the repository to be compatible with 8.x versions, from what I understand, which would mean another branch to maintain.

[Desvelao]

Update

I was researching and I got the mentioned problems.

My research was based on Kibana 8.4.2

I could solve some of these problems:

• Moved dependency: @kbn/i18n/react to @kbn/i18n-react
• Missing files in src/plugins/kibana_legacy. In the plugin, we have the methods imported in some files. It only requires to import the plugin files instead of the plugin platform.

After these fixes, the plugin doesn't throw errors when transpiling the code. But, it doesn't work.

In my first view, there are other required changes:

• Remove the kibanaLegacy dependency from the plugin platform manifest file kibana.json
• In the frontend, it is required to register the plugin in the setup function. Currently, we register the plugin after a request. We should move the request and doesn't block the plugin registration. I got the plugin that appears in the plugin platform menu, but this is not visible, there are more problems to solve.
  
• The information about the index used by the platform seems to be removed. This is affecting to the initialize job of the plugin on the backend.
• I got some errors related to the security client that the plugin adds under the wazuh route context. I could not find a solution.

Unfortunately, these errors are the first ones, and we can't see any more errors until we solve them. We have to solve each error until we don't get any errors. After solving these problems, we have to test the UI and each functionality (monitoring, statistics, etc...)

I attach a patch that contains some fixes and workarounds to go over more errors as the first contact:
adapt_kibana_8.4.2.txt

[c10k-cc]

What is the current (as well as any future plans) status of Wazuh Kibana plugin compatibility with OpenSearch Dashboards (Kibana fork; ex OpenDistro)?
Wazuh Indexer is already based on more recent OpenSearch (ElasticSearch fork; ex OpenDistro) versions...
This is their own changelog, however they don't explicitly state which version is based on which Kibana OSS version...

[AlexRuiz7]

@carpetmaker Wazuh Dashboard is based on OpenSearch Dashboards and already includes a compatible plugin.

4.3.x versions are based in OpenSearch 1.2.0.
4.4.x versions will be based in OpenSearch 2.3.0, as described here: #4160

We do not plan to provide a standalone plugin for OpenSearch Dashboards, as we already provide a built-in plugin for Wazuh Dashboard.

Btw, OpenDistro (and later on OpenSearch) was forked from Elastic 7.10.2

[Desvelao]

We are going to work using as base the last current version of Kibana: 8.5.0.

We will create a development branch where we will implement the solutions to the compatibility problems.

Development branch: https://github.com/wazuh/wazuh-kibana-app/tree/4.4-8.5-dev

Tasks

• Solve the compatibility issues
• Unit tests should pass
• Manual tests

Compatibility issues

❗ The following table lists the problems found during the entire compatibility testing process. As some of the problems are resolved, more may appear when testing some features not accessible until a previous problem has been fixed. This means the current list doesn't show all the compatibility problems.

Error	Comment/Solution	Solved (include commit SHA)
Renamed dependency @kbn/i18n/react	Rename to @kbn/i18n-react	022b6ba
Renamed dependency @elastic/safer-lodash-set	Rename to @kbn/safer-lodash-set	818f71a
Error creating a template for .kibana
Imports from src/plugins/kibana_legacy	Use the dependencies hosted in the plugin itself	73d7b09
Removed plugin kibanaLegacy	Remove dependency of the plugin manifest kibana.json	aecbb21
Plugin lifecycle methods should be synchronous	Adapt to synchronous
Applications cannot be registered after "setup"	The plugin on frontend should be registered synchronous	b8530c7 77dbe7d
Can't get the platform index name	The configuration object doesn't include the index. More info	1410f29
Can't import SearchBar component	The component was moved to the unifiedSearch plugin	ddeefcb 10e4cb5 2ecca75
Initialize (check plugin platform index existence) and any responses of Elasticsearch client	The response of the client doesn't come from body property	07c43b2
SavedObjectLoader is not exported from the saved_object plugin	Add the saved_object_loader file to our repository	2465c10
The context in the endpoints is a promise	add await to context.wazuh in wazuh-api.ts and wazuh-elastic.ts	690cddb a5d41f4
Cannot read properties of undefined (reading 'FilterStateStore')	Delete the esFilters. and import directly from @kbn/es-query	5184e7c
visualizations.createVis is not a function	The method is not accessible. More info: #4567 (comment)
Object(...)(...).convertToSerializedVis is not a function	The method is not accessible. More info: #4567 (comment)
Monitoring and statistics templates can't be indexed due to errors	Change dateOptionalTime to date_optional_time	2de382c
Monitoring task doesn't index data	fix the response of the current template	99c1930
(elastic-eui)Removed EuiCodeEditor (#5323)
Cannot read properties of undefined (reading 'id') when the menu opens	currently working	✔️
Sample data cannot be removed and get	The response of the client doesn't come from body property	e404969
Sample data cannot be added	The response of the client doesn't come from body property	e404969
hits no defined in agents view	The response of the client doesn't come from body property	7adc647
Error in the default filters of the views	currently working	✔️
review the styles for the elastic EUI upgrade
the Events tab is not working
esFilters can't be imported (and other related variables)	the properties of esFilters were moved to @kbn/es-query. More info
FieldIcon, FieldButton components are missing	Components were moved to @kbn/react-field. #4567 (comment)
The table row of results in Events tabs is not rendered	The problem is related to the definition of the directive #4567 (comment)

[Desvelao]

Get the platform index name

The platform configuration kibana.index was removed in Kibana 8.0.0-beta1 https://www.elastic.co/guide/en/kibana/8.0/release-notes-8.0.0-beta1.html#breaking-112773.

I was reviewing the related issues and PRs:

• Removing legacy multitenancy elastic/kibana#82020
• Deprecate kibana.index setting elastic/kibana#82521
• [8.0] remove kibana.index config property elastic/kibana#112773

And I found a way to get this index. This can be obtained from the core.savedObjects.getKibanaIndex() on the setup (https://github.com/elastic/kibana/pull/112773/files#diff-518c24f824853d21141674f3bfbb9215fe6516f6086775ed2b2e41eef636e0a2R200)

[Desvelao]

Applications cannot be registered after "setup"

The plugin setup should be synchronous. In the plugin for previous Kibana versions, before the plugin registration, we do a request to get the customized logos and register the plugin with the customized logos, it avoids the logos change on the UI.

I added a commit to register the plugin using the default images, and after, when the plugin is mounted on the UI, could change the logos causing a blink.

Tasks

• Review if the customization of logos (menu and sidebar) cause some blink on the UI.

[Desvelao]

visualizations.createVis is not a function

The createVis function is not available in objects exported by the visualizations plugin in the plugin lifecycle.

In 8.5.0: https://github.com/elastic/kibana/blob/v8.5.0/src/plugins/visualizations/public/plugin.ts#L390-L393
In 7.17.5: https://github.com/elastic/kibana/blob/v7.17.5/src/plugins/visualizations/public/plugin.ts#L235-L236

References:

• Combine visualizations and visualize plugins elastic/kibana#121550

Digging in

I was researching and in Kibana 7.17.5, the createVis function is a wrapper of another function called createVisAsync https://github.com/elastic/kibana/blob/v7.17.5/src/plugins/visualizations/public/plugin.ts#L235-L236.

In Kibana 8.5.0, the createVisAsync continues in the same file: https://github.com/elastic/kibana/blob/v8.5.0/src/plugins/visualizations/public/vis_async.ts#L12-L25.

I reviewed the stuff exported by the visualizations plugin and this doesn't export directly the createVisAsync function https://github.com/elastic/kibana/blob/v8.5.0/src/plugins/visualizations/public/index.ts.

Currently, I am researching if another exported method is a wrapper of this function, so we can use it.

UPDATE 2022/11/25

We reviewed if there were some methods to create the visualizations of how the current plugin is doing, and we can't find anything that could be useful to us.

In the last few days, I was researching the embeddable and reviewing if the visualization could be implemented through this feature.

I found a dashboard embeddable that allows embedding a dashboard. The dashboard can contain other embeddables, for our use case, we require to embed visualizations.

So in the last few days, I was playing around with this, and I got to implement a visualization of the Wazuh plugin. This is good news. After that, I reviewed if the visualization could react to external changes as changing the query or time range and this is supported, so it is good for us. The type of visualization that I implemented, offers some actions that affect the search. Unfortunately, the visualization embeddable (through the dashboard embeddable) does not provide any way to capture these events and change the filters or time filter. Today, I found out that these actions modify the unified search (filters and time). This means that if the plugin uses this unified search, we could change the input of the embeddable and this should react to it and apply the new search.

This approach opens an opportunity to render the visualization of the Wazuh plugin and includes some extra functionalities that could give more value to the product.

Currently, we are reviewing if this approach complies with the use case of the plugin.

UPDATE 2022/11/29

ℹ️ The next information is related to a minimal POC to see the capabilities of the embeddable to render visualization and see if they match with the plugin requirements.

I continued researching the capabilities of these embeddable and how to communicate with them and react to actions done in the embeddable. I integrated a search bar, to replicate the Dashboard tab of the modules, and I tried to communicate the search bar and the visualizations.

I was able to:

• Render the visualization through the dashboard embeddable
• Integrate a search bar
• Communicate search bar and visualizations

This requires more work. Some cases were not solved.

The dashboard embeddable offers some functionalities that add some value, such as:

• Customize the range of time for a unique visualization. Changing the range of time in the search bar causes the visualization uses the range of time of the search bar.
• Inspect a visualization
  • Data
  • Request
    • Statistics
    • Request
    • Response
  • Expression. This requires some checks if it is working as expected.
• Export data to CSV
• Maximize the panel. It doesn't work in the current implementation status, it could require some work.
• Copy visualization to a dashboard

Some functionalities are not working and require some research to see if they are fixable.

Screenshots:

• Dashboard (through dashboard embeddable). I replicated the visualizations of the Security events/Dashboard module of the current plugin.
  

Ignore the section of the plugin the visualizations are rendered. It is only a test to explore the capabilities of these embeddable.

• Functionalities of this embeddable
  
  
  
  

The approach of dashboard embeddable force us to refactor some things and understand the responsibilities of old code to be able to adapt, create or remove logic not used. This means that requires a lot of work to implement.

ℹ️ The POC uses the dashboard embeddable. It could have an embeddable to render only one visualization, it requires research if it exists and what capabilities have.

[yenienserrano]

Object(...)(...).convertToSerializedVis is not a function

The convertToSerializedVis function is not available in objects exported by the visualizations plugin in the plugin lifecycle.

• In 8.5.0:
  • https://github.com/elastic/kibana/blob/v8.5.0/src/plugins/visualizations/public/utils/saved_visualize_utils.ts#L139-L154
• In 7.17.5:
  • https://github.com/elastic/kibana/blob/v7.17.5/src/plugins/visualizations/public/plugin.ts#L237

[yenienserrano]

Cannot read properties of undefined (reading 'id') when the menu opens

I was investigating the error, but it seems to be related to the indexes and their fields, so I think it is related to the problem of adding sample data since it is about indexes, I am investigating to see if I can fix that sample data error and see if this error is fixed, since as far as I can see it comes from a problem reading the indexes.

[yenienserrano]

Error in the default filters of the views, warning appears instead of the filter

[yenienserrano]

Error in the default filters of the views

With the indexes working, there is no longer a problem with filters

[yenienserrano]

Cannot read properties of undefined (reading 'id') when the menu opens

With the indexes in place, this is no longer a problem.

[Desvelao]

FieldIcon, FieldButton components are missing

These components were imported from the kibana_react plugin. https://github.com/elastic/kibana/blob/v7.17.6/src/plugins/kibana_react/public/index.ts#L19-L20

In Kibana 8.5.0, they are not available there: https://github.com/elastic/kibana/blob/v8.5.0/src/plugins/kibana_react/public/index.ts. It seems they were moved to @kbn/react-field https://github.com/elastic/kibana/blob/v8.5.0/packages/kbn-react-field/index.ts

[Desvelao]

The table row of results in the Events tabs is not rendered

If found a problem with the creation of the angular directive:

Digging

I was researching and this could be related to the CSP (Content Security Policy) of the page. This is set to disallow the eval of JavaScript code.

Comparison in:

• Wazuh dashboard 4.3.x
  

• Kibana 8.5.0 (dev mode)
  

The difference that causes the problem in Kibana 8.5.0 is that it doesn't have the unsafe-eval value for script-src.

The error is coming from the template method of lodash. This function evals code and the CSP (Content security policy) disallow it, so the AngularJS directive can't be set. We should search for an alternative to work around this problem.

More information about the CSP (Content security policy): https://developer.mozilla.org/es/docs/Web/HTTP/CSP

Update 2022/12/02

The unsafe-eval can be set through a Kibana configuration csp.disableUnsafeEval. More information: https://www.elastic.co/guide/en/kibana/8.5/settings.html.

I reviewed the configuration of my Kibana in development mode, but it doesn't set it. So I was researching and I found the unsave-eval is set for default for the Kibana distributables (if not set in the Kibana configuration file through csp.disableUnsafeEval) and this value is removed in another cases. It means, that if we set the setting, we should get the workaround.

csp.disableUnsafeEval: false

With this patch, I got in Kibana development mode, that the rows of the table in the Events tabs are rendered (with some problems that require to be researched):

But, this is a possible problem that could get the users if they set the setting in the kibana.yml:

csp.disableUnsafeEval: true

Reference: https://github.com/elastic/kibana/blob/v8.5.0/packages/core/http/core-http-server-internal/src/csp/config.ts#L42-L47

[AlexRuiz7]

Elastic has releases v8.5.2, v8.5.3 and a v8.7.0 is on the way.
https://www.elastic.co/guide/en/elasticsearch/reference/master/es-release-notes.html

[Desvelao]

Compatibility current status

There are 2 big things that need much effort:

• Adapt the building of the visualizations related to Elasticsearch data
  The previous way to build the visualizations is not compatible with Kibana 8.5.x. We researched how to render these visualizations and did a POC with some of them where we saw that this could be the way to create them. There are some unsolved problems as the connection of the search bar with the visualizations and viceversa required to ensure the same functionality. More information: Compatibility with Elastic 8 #4567 (comment). Adapting the visualizations and dashboards could require a significant amount of time.

• Fix the problems in the Events tab of the modules
  We identified some problems and saw the possible solutions for some of them, but there are others that are not solved. We can not check if there are more problems until we solve the previous problems.

❗ It is important to know that after solving the mentioned problems, others could appear when exploring other sections or features of the Wazuh plugin. Unfortunately, some of the unsolved problems block us to check other plugin functionalities, for this reason, we need to resolve them before proceeding.

[florian-besser]

Hi @Desvelao

We have faced the same issue, but we're on elastic 8.5.1.
We've built a custom kibana plugin using your guide at https://documentation.wazuh.com/current/development/packaging/generate-wazuh-kibana-app.html with

./generate_wazuh_app.sh -b 4.4-8.5-dev -s ./wazuhapp/kibana/out -r 1

We did a quick tweak to let the plugin work in Kibana 8.5.1 and it seems the plugin is installed successfully.

Unfortunately we receive a 405 method not allowed error when pointing the plugin to our Wazuh server, despite having correct credentials:

kibana@kibana-kibana-6b98dbff7-jcndz:~$ curl -u wazuh-wui:wazuh-wui -k "https://wazuh:55000/security/user/authenticate?raw=true"
eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjczNTgxODQ5LCJleHAiOjE2NzM1ODI3NDksInN1YiI6IndhenVoLXd1aSIsInJ1bl9hcyI6ZmFsc2UsInJiYWNfcm9sZXMiOlsxXSwicmJhY19tb2RlIjoid2hpdGUifQ.ATbBEiOu--nqQhWYRkAY31EhRLMxxDiifzD3Li_7_xX3iHH5Inpp8VRqn6gnDYV_xN1bfd-AwKcUfWVT_WXwH6zrAdaEyxuIiRqkwzZdThmGgsDFvrN21F3AoFEOsHxlX1je3e6-QwniOWnOArRwMm-Nu59r_SygluglOZhsP-mdnmAc

I reckon this is because the Kibana plugin expects Wazuh 4.4 and not Wazuh 4.3 that we have installed.

I would appreciate if Wazuh could provide guidance how to install with the current versions of the ELK stack or provide explicit guidance that the endeavor is not going to work.
Basically getting to the current point took me a few days and I'm now stuck between half-working components and unsure if I should invest time to try and fix the rest or just abandon the work.

From the top post it seems elastic 8.5.0 was tested successfully, which gave me hope that the Kibana plugin could be built and deployed successfully, given that 8.5.1 hasn't introduced any breaking changes that I'm aware of.

Maybe you have a guide somewhere that includes a compatible wazuh server with a kibana plugin compiled against ELK 8.5.x?

[Desvelao]

Hi @florian-besser,

What branch did you use to build the package?

The method to authenticate in Wazuh API 4.4.0 will be unified to POST instead of using GET for non-context authentication. In this issue, we were working in a plugin compatible with Wazuh API 4.4.0 and Kibana 8.5.0 (4.4-8.5-dev) so if you built a plugin package from this branch, then the plugin expects a Wazuh API 4.4.0. If you are using a previous Wazuh API version, you could change the request to authenticate.

Comparison:
Wazuh 4.3.10 and Kibana 7.17.6: https://github.com/wazuh/wazuh-kibana-app/blob/v4.3.10-7.17.6/server/lib/api-interceptor.ts#L46-L71
Development branch related to this issue: https://github.com/wazuh/wazuh-kibana-app/blob/4.4-8.5-dev/server/lib/api-interceptor.ts#L46-L71

This pull request (#4103) changed the authentication for plugin compatibles with Wazuh API 4.4.0. These changes are included in the development branch related to this issue.

You should know that there is no plugin compatible with Kibana 8.x

In this issue, we tried previous versions of the Wazuh plugin in Kibana 8.x. We detected some compatibility problems that need fixes so we were working in a development branch 4.4-8.5-dev pointing to Wazuh API 4.4.0 and Kibana 8.5.0. Unfortunately, at the moment the issue is on hold, and there are unsolved problems in that branch.

[florian-besser]

I used 4.4-8.5-dev as you mentioned, yes.

After trying to build wazuh 4.4 from source to fulfill this requirement (and that for some reason stalling on our CI...) I stopped trying to force wazuh to use our existing ES8 stack and followed https://documentation.wazuh.com/current/deployment-options/deploying-with-kubernetes/kubernetes-deployment.html to recreate a (slightly duplicate) stack that has compatible versions.

Not my first choice as we're now using a bit too much in terms of resources - but hey, I got something running.

So maybe if someone else sees this thread: Stick to what works (and specifically what is documented to work!) or then be ready to start developing / contributing.

[sqrtZeroKnowledge]

Update

I was researching and I got the mentioned problems.

My research was based on Kibana 8.4.2

I could solve some of these problems:

* Moved dependency: `@kbn/i18n/react` to `@kbn/i18n-react`

* Missing files in `src/plugins/kibana_legacy`. In the plugin, we have the methods imported in some files. It only requires to import the plugin files instead of the plugin platform.

After these fixes, the plugin doesn't throw errors when transpiling the code. But, it doesn't work.

In my first view, there are other required changes:

* Remove the `kibanaLegacy` dependency from the plugin platform manifest file `kibana.json`

* In the frontend, it is required to register the plugin in the `setup` function. Currently, we register the plugin after a request. We should move the request and doesn't block the plugin registration. I got the plugin that appears in the plugin platform menu, but **this is not visible, there are more problems to solve**.
  ![image](https://user-images.githubusercontent.com/34042064/199532364-ad02d832-7566-4fa7-a594-e78cd1376a39.png)

* The information about the index used by the platform seems to be removed. This is affecting to the `initialize` job of the plugin on the backend.

* I got some errors related to the `security` client that the plugin adds under the `wazuh` route `context`. I could not find a solution.

Unfortunately, these errors are the first ones, and we can't see any more errors until we solve them. We have to solve each error until we don't get any errors. After solving these problems, we have to test the UI and each functionality (monitoring, statistics, etc...)

I attach a patch that contains some fixes and workarounds to go over more errors as the first contact: adapt_kibana_8.4.2.txt

Thank you for troubleshooting, it has been beneficial. I would like to mention that even after building the plugin from the source you provided, it is still encountering the same issue with version Kibana 8.4.2.

[Desvelao]

Hi @sqrtZeroKnowledge ,

Initially, I was working on fixing the compatibility problems with Kibana 8.4.2. I created a patch with some fixes, but there are more problems. Then, we moved to fix the compatibility problems with Kibana 8.5.0, but the issue was stopped and it is currently on hold. This means there are unsolved problems and we didn't test the plugin functionality.

We didn't try to build the plugin from the development branch we were working on, so it could have some problems we didn't identify.

What problem are you referring to?

[sqrtZeroKnowledge]

Thanks for your well detailed explanation, The plug-in well installed for me but its not showing in the route uri of kibana /app/wazuh.

[Desvelao]

Thanks for your well detailed explanation, The plug-in well installed for me but its not showing in the route uri of kibana /app/wazuh.

Hi @sqrtZeroKnowledge,

If you don't see the Wazuh plugin in the side menu of Kibana, this could mean there is a problem when trying to register the plugin. The Kibana logs could display any related information about that.

If the plugin appears in the side menu and when you access it, the page is blank, then this could mean there is some problem when mounting the application in the DOM.

Unfortunately, the current work done only fixes some problems (patch and development branch). If you need a stable plugin, then use an officially released plugin.

[gdiazlo]

Closing because we're going to use an integration. This will improve user experience for elastic users, adopting new elastic features quickly. Related issue:

• New boards and panels #5182