Adding convert endpoint#5
Closed
kc13greiner wants to merge 164 commits intoazasypkin:issue-xxx-uiam-mtls-devfrom
Closed
Adding convert endpoint#5kc13greiner wants to merge 164 commits intoazasypkin:issue-xxx-uiam-mtls-devfrom
kc13greiner wants to merge 164 commits intoazasypkin:issue-xxx-uiam-mtls-devfrom
Conversation
…reports run schedule (elastic#253767) Closes elastic#245086 ## Summary As a follow-up to the changes in elastic#249109 I am updating the call to bulkUpdateSchedules to regenerate the API key. I used elastic#244918 as a reference where the description says: > If a task with an API key is updated with a request, we **should** invalidate the old API key and create a new API key using the new request. ## Testing 1. Create a scheduled report which should run soon 2. Verify that created scheduled report ran successfully in the Reporting > Exports tab 3. Update the report to run soon again via Reporting > Schedules or via API 4. Confirm that the edited scheduled report ran successfully
…lastic#253909) ## Summary This PR fixes the doclinks key for deprecated hideAnnouncements setting "deprecated" badge which was leading nowhere since it was using a non-existing key (I never realized the badge was clickable): <img width="989" height="198" alt="Screenshot 2026-02-19 at 09 59 07" src="https://github.com/user-attachments/assets/8468398b-8f73-4f8a-a09e-0f467f02af73" /> ### Testing Tested that instead of opening a blank page, deprecated badge now leads to: https://www.elastic.co/docs/reference/kibana/advanced-settings#kibana-general-settings
… rule executors (elastic#252374) **Resolves: elastic#251211 ## Summary We'd like to provide a user-friendly way to view rule execution events to our customers, so that they could do some basic rule execution troubleshooting. To achieve this we are currently working ([PR](elastic#252168)) on improving the "Execution events" tab on the Rule Details page (currently hidden behind a feature flag). The "Execution events" tab would show execution events logged to event log, filtered by selected log levels. Ideally, we'd like to give users the most helpful information right away (like which indices are queried, how many alerts were created, how many were filtered by exceptions, etc) and let. Currently, we don't log a lot of info useful for customers, but we do log a lot of developer-useful info. <details> <summary>Screenshot of how "Execution events" messages look currently</summary> <img width="2932" height="675" alt="Screenshot 2026-02-09 at 17 33 56" src="https://github.com/user-attachments/assets/5ec58dd8-6032-49f3-83ec-bfbd13a6fa03" /> </details> <details> <summary>Screenshot of how "Execution events" would look after we apply changes from this PR (much cleaner)</summary> <img width="2291" height="854" alt="Screenshot 2026-02-12 at 12 07 04" src="https://github.com/user-attachments/assets/da74a5da-e6d5-4a07-885c-39ed3a55a132" /> </details> **Changes** This PR adjusts "message" logs written to event log from rule executors: - No new logs added, no information was removed. - Updated log levels: "info" for less technical user-useful info, "debug" for rule execution stages and basic stats, "trace" is for very small details, mostly useful for devs. - Updated the wording to be a bit more UI friendly and consistent. - Edited long log messages to have a summary/most useful piece of info in the first sentence, then details, separated by a newline char. We could show the first line in the "Execution events" table right away and the full message with all the details in the expandable section. > **NOTE**: You'll need to enable these Advanced Settings in Kibana config to write logs of all levels. ``` uiSettings.overrides: 'securitySolution:extendedRuleExecutionLoggingEnabled': true 'securitySolution:extendedRuleExecutionLoggingMinLevel': 'trace' ``` --------- Co-authored-by: Devin W. Hurley <snowmiser111@gmail.com>
## Summary Updates the `schema.arrayOf` in background search so they have a maxSize, this way the code scanning alerts from this area get fixed. ### Checklist - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [x] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels.
## Summary Improves condition filtering metrics in Streams data enrichment by tagging simulation-only no-op processors per condition block so the UI can show accurate match-rate badges and filter simulation results by condition. This branch is now up to date with `upstream/main` (conflicts resolved). ## Changes - Add simulation-only no-op processors (set+remove) per condition to track match rates. - Filter out condition no-op processors from document status/diff calculations. - UI: show condition match-rate badges on WHERE blocks and filter derived document metrics based on the selected condition. - UX: auto-select parent condition when creating/editing processors under it. - UX: when updating/saving a processor, keep the current condition focus (don’t clear the condition filter). ## Follow-ups from review / CI - Removed `selectSamplesForSimulation` (it only returned `context.samples`) and inlined `context.samples` at the call site. - Updated streams simulation tests to pass the now-required `conditionProcessorTags` argument. - Fixed Scout spec import to use `expect` from `@kbn/scout/ui`. - Re-ran the OAS snapshot tooling locally after merging `upstream/main`; it produced **no diff** under `oas_docs/`. ## Test plan - `yarn test:jest x-pack/platform/plugins/shared/streams/server/routes/internal/streams/processing/simulation_handler.test.ts x-pack/platform/plugins/shared/streams/server/routes/internal/streams/processing/simulation_condition_noops.test.ts` - `yarn test:jest x-pack/platform/plugins/shared/streams_app/public/components/data_management/stream_detail_enrichment/state_management/simulation_state_machine/utils.test.ts` - `yarn test:jest x-pack/platform/plugins/shared/streams_app/public/components/data_management/stream_detail_enrichment/state_management/interactive_mode_machine/interactive_mode_machine.test.ts` - `node scripts/scout.js run-tests --stateful --testFiles x-pack/platform/plugins/shared/streams_app/test/scout/ui/tests/data_management/data_processing/condition_filtering.spec.ts` --------- Co-authored-by: LucaWintergerst <luca.wintergerst@elastic.co> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Cursor <cursoragent@cursor.com> Co-authored-by: flash1293 <flash1293@users.noreply.github.com>
…tic#250806) ## 🍒 Summary Fixes unnecessary validation and Elasticsearch actions (like rollovers) when creating streams with empty/default property values. Closes elastic#241300 ## 🛠️ Changes - Updated `WiredStream.doHandleUpsertChange()` to only mark properties as changed when values are meaningful: - `ownFields`: only true when `fields` object is non-empty - `routing`: only true when routing rules array is non-empty - `processing`: only true when `processing.steps` array is non-empty - `lifecycle`: only true when lifecycle is not `inherit` (default) - `settings`: only true when `settings` object is non-empty - `failure_store`: only true when failure_store is not `inherit` (default) - Updated `ClassicStream.doHandleUpsertChange()` with the same pattern: - `processing`: only true when `processing.steps` array is non-empty - `lifecycle`: only true when lifecycle is not `inherit` (default) - `settings`: only true when `settings` object is non-empty - `field_overrides`: only true when `field_overrides` object is non-empty - `failure_store`: only true when failure_store is not `inherit` (default) - Added comprehensive unit tests for both `WiredStream` and `ClassicStream` covering: - New stream creation with empty vs non-empty values - Existing stream updates with actual vs no changes - Edge cases for all property types ## 🎙️ Prompts - Investigate the root cause of unnecessary rollovers when creating streams - Implement conditional change tracking for empty/default values - Add unit tests covering all change tracking scenarios - Validate with integration tests 🤖 This pull request was assisted by Cursor --------- Co-authored-by: Cursor <cursoragent@cursor.com> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
…tion of migration options. (elastic#253676) ## Summary elastic#244525 Fixes EuiComboBox migration selection when multiple migrations share the same name by ensuring options have a unique key (id) and by deriving selectedOptions from the existing option instance matched by migration id. ### Steps to reproduce 1. Create a few SIEM migrations with the same name 2. Visit the migrations page 3. Select one of the migrations ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
…L has validation errors (elastic#252698) ## Summary Fixes a bug where the "Enabled" toggle and "Run" button in the workflow detail header remained active even when the workflow YAML had validation errors. ### Problem The toggle's disabled state was driven only by `selectIsYamlSyntaxValid`, which uses a **lenient** parser (`WorkflowSchemaForAutocomplete`). Strict validation errors — schema violations, duplicate step names, invalid liquid templates, missing connector IDs — were produced by Monaco inside `WorkflowYAMLEditor` but lived as **local React state**, inaccessible to the sibling `WorkflowDetailHeader` component. Additionally, on page refresh, Monaco hasn't mounted yet so there was no validation signal at all — even workflows the server already flagged as invalid appeared toggleable. ## Before: https://github.com/user-attachments/assets/9054859c-49cc-4918-9bbc-1aa5bfafd47c ## After <img width="1913" height="843" alt="Screenshot 2026-02-11 at 13 52 55" src="https://github.com/user-attachments/assets/52f34996-3682-416b-8905-54ada8c23afd" /> ### Solution - Added `hasValidationErrors: boolean` to the Redux `WorkflowDetailState` - `WorkflowYAMLEditor` now syncs error-severity validation results to Redux via `setHasValidationErrors` - `WorkflowDetailHeader` computes a combined validity check: ``` const isValid = isSyntaxValid && !hasValidationErrors && workflow?.valid !== false; ``` This covers three layers: 1. **`isSyntaxValid`** — lenient YAML parse (catches broken syntax immediately) 2. **`hasValidationErrors`** — strict Monaco validation (catches schema errors after editor mounts) 3. **`workflow?.valid !== false`** — server-side validation (covers initial page load before Monaco mounts) ### Changes | File | Change | |------|--------| | `types.ts` | Added `hasValidationErrors` field to `WorkflowDetailState` | | `slice.ts` | Added `setHasValidationErrors` reducer and initial value | | `selectors.ts` | Added `selectHasValidationErrors` selector | | `workflow_yaml_editor.tsx` | Syncs validation errors to Redux via `useEffect` | | `workflow_detail_header.tsx` | Uses combined `isValid` for toggle, run button, and tooltips | | `workflow_detail_header.test.tsx` | Unskipped broken test, added tests for validation errors and server-side `valid` flag |
## Summary Part of elastic#246728 - Suggest a scrape_interval - Removed the validation that required a time range for` selector instant vectors` used as `range vector` parameter - Make validation of non-selector instant vectors on range vector parameters. <img width="1243" height="524" alt="aa" src="https://github.com/user-attachments/assets/be48a3f4-6ee7-4214-a1c6-e344ddc35640" /> <img width="1233" height="392" alt="a11" src="https://github.com/user-attachments/assets/37b3c675-9260-4665-aab1-52cdbb8b370b" />
## Summary The refactoring caused the ES|QL rule creation to crash. This is fixing it. <img width="819" height="289" alt="image" src="https://github.com/user-attachments/assets/d28add3d-763d-4cd4-b1e4-3e7c5b6cbbb2" />
…o 568df5f (main) (elastic#253885) This PR contains the following updates: | Package | Update | Change | |---|---|---| | docker.elastic.co/wolfi/chainguard-base | digest | `844d6d4` -> `568df5f` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xMDcuMCIsInVwZGF0ZWRJblZlciI6IjM5LjEwNy4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJUZWFtOk9wZXJhdGlvbnMiLCJiYWNrcG9ydDpza2lwIiwicmVsZWFzZV9ub3RlOnNraXAiXX0=--> Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com> Co-authored-by: Brad White <Ikuni17@users.noreply.github.com>
## Summary This is an improvement on how the badge resource browser functions with focus. At main when you click the badge there is a bad flickering, the focus goes to the editor and then to the popover which makes the transition bad. This PR ensures that the transition will be smooth 
…stic#253746) ## Summary - Document `applies_to` support in the settings-gen YAML schema, including both mapping and inline list forms. - Document nested `settings` support for hierarchical settings, including inheritance and overrides. - Add a fully worked example showing multiple `applies_to` statements. Closes elastic#250871. ## LLM usage This PR was drafted with assistance from an LLM (OpenAI GPT-5.2). Made with [Cursor](https://cursor.com) --------- Co-authored-by: OpenAI GPT-5.2 <noreply@openai.com> Co-authored-by: Cursor <cursoragent@cursor.com> Co-authored-by: David Kilfoyle <41695641+kilfoyle@users.noreply.github.com> Co-authored-by: florent-leborgne <florent.leborgne@elastic.co>
…stic#253826) ## Summary These are the utils I added as part of developing ID based risk scoring (the PR for that is not ready yet). - Added `getEuidPainlessRuntimeMapping(entityType)` for a ready-to-use runtime_mappings field - Added `getEuidSourceFields(entityType)` to expose: - `requiresOneOf` - minimum EUID field requirements to allow filtering down docs to just those with the right ID fields - deduped `identitySourceFields` used to build EUIDs - allows maintainers to bring back the ID fields needed to upsert an entity - Updated unit tests & the Scout API painless translation test to use the new runtime mapping helper directly
…lastic#252772) closes elastic#252282 ## Summary Lens embeddable consumers (e.g. Metrics Experience) can now pass custom warning/error messages into the Lens embeddable. Those messages are merged with Lens internal messages. ## Changes ### API - Added optional `userMessages?: UserMessage[]` so consumers can provide custom messages. - **Lens embeddable data loader**: Reads `userMessages` from the parent API when present and passes them into the user-messages pipeline via a `getConsumerMessages` getter. - **User messages API** (`buildUserMessagesHelpers`): New optional parameter `getConsumerMessages?: () => UserMessage[]`. When `getUserMessages` runs, consumer messages are appended to the list (with internal and datasource/visualization messages) and then filtered/sorted and passed through `onBeforeBadgesRender` as before. ### Type guard - **`apiHasUserMessages`** in `type_guards.ts`: Checks that the API has a `userMessages` property (for safe access from the data loader). Unit tests added in `type_guards.test.ts`. ### Unified chart / Metrics Experience - **Chart props**: `userMessages` is threaded through the chart (Chart component → `useLensProps` → `getLensProps`) and passed to the Lens embeddable so Metrics Experience (or other consumers) can inject messages per chart. ### Tests - **type_guards.test.ts**: Covers `apiHasUserMessages` (array, empty array, null, undefined, missing property, primitives). - **user_messages/api.test.ts**: Two new tests — consumer + internal messages are both returned; only consumer messages when there are no internal messages. ## Backward compatibility - All new surface is optional. Existing consumers that do not pass `userMessages` are unchanged. - When `userMessages` is not provided, `getConsumerMessages` returns `[]` and behavior matches the previous implementation. ## Examples ### When an internal error occurs (block chart rendering), the consumer message is not displayed. https://github.com/user-attachments/assets/098d7205-11ef-4542-8cf4-6929e0fc6017 ### Both internal and consumer messages https://github.com/user-attachments/assets/f88a69c1-6a50-43d5-bdc3-7f8b034ff5be ### Multiple consumer messages with different severities https://github.com/user-attachments/assets/0ad4250a-6e1c-4dcc-9fdf-9bf416628ec6
…kable (elastic#253319) ### Summary This work consists of a small improvement to make it easier to explore Traces from the Trace section in the document flyout in Discover: Changes: - Rename "Traces" section to "Traces summary" - Change information popover text to more accurately match functionality - Make traces section panel clickable to open full trace waterfall ### Demo https://github.com/user-attachments/assets/249efdb5-cab8-42ab-9c9e-1b737fa301ec
Closes elastic#253793 ## Summary This PR cleanups the remaining styled components in favour of emotion css. The components look the same way as before: <img width="1672" height="864" alt="image" src="https://github.com/user-attachments/assets/7c82944e-ccf4-4ffb-baa5-a1282911d9f2" /> <img width="1659" height="728" alt="image" src="https://github.com/user-attachments/assets/38260e07-0141-4335-9728-fce325aa47a9" />
## Summary Adds a **maintainer task framework** to the entity_store plugin so other plugins can register custom recurring tasks that run in the context of the entity store (e.g. per-space maintenance). Registration is persisted in a new saved object; scheduling uses Task Manager and is triggered when an entity store is started (e.g. on install). ## What's in scope - **Public API:** Plugin setup exposes `registerEntityMaintainer(config)` so consumers can register a maintainer with `id`, `interval`, `run`, optional `setup`, `initialState`, and `description`. - **Persistence:** A new hidden saved object type `entity-maintainers-tasks` stores the list of registered tasks (id + interval). A dedicated **EntityMaintainersTasksClient** owns all reads/writes so registration and scheduling stay free of direct SO usage. - **Scheduling:** When the entity store is started (e.g. via install API), all registered maintainer tasks are loaded from the client and scheduled with Task Manager (`ensureScheduled`) for the current space. Task runner supports optional first-run `setup`, status metadata (runs, lastSuccessTimestamp, lastErrorTimestamp), and debug logging. - **Install flow:** The install route now calls `assetManager.init(req, entityTypes, logExtraction)` so init and maintainer scheduling live in one place (with try/catch and error handling). ## How to try it 1. A sample maintainer is registered in plugin setup (id: `entity-maintainer-task-test`, interval: `20s`) for POC. 2. Call the install API with one or more entity types; after init, maintainer tasks for that space are scheduled. 3. Check Task Manager and logs; task runner logs include task id and run number at debug level. --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
azasypkin
force-pushed
the
issue-xxx-uiam-mtls-dev
branch
2 times, most recently
from
0de0719 to
b7aeef8
Compare
…lastic#253938) - Changes from always create to update with upsert - If conflict versions seen, retry.
…elastic#250894) Closes elastic/streams-program#569 ## Description This PR introduces a `network_direction` processor to Streamlang which calculates the network direction given a source IP address, destination IP address, and a list of internal networks. It uses the [network_direction](https://www.elastic.co/docs/reference/enrich-processor/network-direction-processor#supported-named-network-ranges) processor for ingest pipeline transpilation and it uses the new [NETWORK_DIRECTION](elastic/elasticsearch#136133) function for ES|QL transpilation. ## Demo https://github.com/user-attachments/assets/5e9807ad-37e5-4e7b-8b00-7df8b318f2cb --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary This PR skips View Cases tests FTR serverless tests. Details of the failure/flakiness in elastic#253931. Relevant older issues/PRs: * elastic#241493 * elastic#250424
## Summary Just a small refactoring now that the resources browser got added
…253705) ## Summary Upgraded `fast-xml-parser` and `@types/nodemailer`
…ated with the same name (elastic#253110) Closes: elastic/search-team#12339 ## Summary When deleting a tool that is still used by agents, the API returns **409** with the list of agents. The UI shows a confirmation modal; "Yes, remove and delete" calls delete again with **`force: true`** (removes the tool from those agents, then deletes it). ## Changes - **Public DELETE route:** Optional **`force`** query (default `false`). If `false` and any agent uses the tool → 409 with `code: 'TOOL_USED_BY_AGENTS'` and `agents: [{ id, name }, ...]`. If `true` - remove refs from agents, then delete. - **Common:** **`TOOL_USED_BY_AGENTS_ERROR_CODE`** and **`AgentRef`** for the 409 response shape. - **Agents service:** **`getAgentsUsingTools(params)`** (check-only) and existing **`removeToolRefsFromAgents`**; **`runToolRefCleanup`** overloads for typing. - **Public API:** **`delete({ toolId, force })`** and **`bulkDelete(toolIds, { force })`**. - **UI:** **`use_delete_tools`** detects 409, stores **`usedByAgents`**, shows force-confirm modal; **tools_provider** renders the modal and i18n. - **Tests:** Agents service tests for **`getAgentsUsingTools`** and **`removeToolRefsFromAgents`** (including error propagation). --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Enriches the READMEs for the Elasticsearch Service and CPS Plugin with details about their roles, features, and CPS integration. ## Summary - **ElasticsearchService**: Added details about client management, connection health, startup checks, and `CpsRequestHandler` behavior. - **CPS Plugin**: Added overview, server-side routes, and client-side `CPSManager` details. Made with [Cursor](https://cursor.com) --------- Co-authored-by: Cursor <cursoragent@cursor.com> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary Reduces memory pressure and network payload size by lazy-loading workflow step execution I/O data instead of fetching it all upfront. https://github.com/user-attachments/assets/2d77d88d-4017-44bd-8581-082717352921 - **Lazy-load step I/O**: Execution polling (`loadExecutionThunk`) now requests lightweight data (`includeInput=false`, `includeOutput=false`). Full step input/output is fetched on demand — when the user clicks a step's tab or hovers a template expression in the YAML editor. - **Server-side source filtering**: `getWorkflowExecution` accepts `includeInput`/`includeOutput` query params and applies `_source_excludes` on Elasticsearch `mget`/`search` calls, avoiding large payloads that can cause OOM. - **Bidirectional React Query cache**: Step I/O fetched by the execution detail panel (`useStepExecution`) or by the YAML editor hover provider share a single cache via `queryClient.setQueryData`, preventing duplicate HTTP requests regardless of access order. - **Cache cleanup on execution switch**: Cached step data is cleared (`removeQueries`) when navigating to a different execution, preventing memory buildup. - **Template hover priority**: Reordered `provideCustomHover` so template expression hovers (`{{ }}`) take precedence over validation decoration tooltips. - **Pure hover enrichment**: Refactored `ensureStepData` → `fetchStepDataIfNeeded` to return enriched data instead of mutating the shared `executionContext` ref. Removed redundant `fetchedStepIds` tracking that caused a caching bug on repeated hovers. - **Extracted `useLazyStepExecutionFetcher` hook**: Moved inline fetch logic out of the YAML editor component into a dedicated hook for readability and testability. - **Narrowed memo deps**: `tabs` memo in `WorkflowStepExecutionDetails` now depends on `hasInput`/`hasError` booleans instead of the full `stepExecution` object. ### Example flows **1. Execution polling — lightweight, no I/O** ``` GET /api/workflowExecutions/exec-123?includeInput=false&includeOutput=false ``` Returns execution metadata and step statuses/durations, but `input` and `output` fields are excluded at the Elasticsearch `_source` level. This runs every poll cycle. **2. Hovering a template expression — lazy fetch + cache** User hovers `{{ steps.search.output.hits }}` in the YAML editor: ``` 1. Hover provider calls fetchStepExecutionData("search") 2. Hook maps "search" → step doc ID "step-doc-abc" 3. React Query cache miss → GET /api/workflowExecutions/exec-123/steps/step-doc-abc 4. Response stored in cache: queryClient.setQueryData(["stepExecution", "exec-123", "step-doc-abc"], data) 5. Hover tooltip shows the resolved value Second hover on the same step (or any steps.search.* expression): 1. fetchStepExecutionData("search") → cache hit → no HTTP request 2. Hover tooltip shows the resolved value immediately ``` For terminal steps, `useStepExecution` uses `staleTime: Infinity` — the cached data never goes stale for the lifetime of that execution. **3. Opening the I/O tab — served from cache** After the hover above already fetched `step-doc-abc`, user clicks the step and opens the Output tab: ``` 1. useStepExecution("exec-123", "step-doc-abc", "completed") runs 2. React Query finds ["stepExecution", "exec-123", "step-doc-abc"] in cache 3. No HTTP request — data renders immediately ``` This works in both directions: if the user clicks the Output tab first, the hover provider finds the data in cache on subsequent hovers. **4. Switching execution — cache cleanup** ``` 1. User selects execution "exec-456" 2. useEffect cleanup fires: queryClient.removeQueries({ queryKey: ["stepExecution", "exec-123"] }) 3. All cached step I/O for the previous execution is evicted 4. Fresh lightweight polling starts for "exec-456" ``` ## Test plan - [x] `get_workflow_execution.test.ts` — Verifies `_source_excludes` is correctly passed to `esClient.mget` and `searchStepExecutions` based on `includeInput`/`includeOutput` flags - [x] `get_workflow_execution_by_id.test.ts` — Updated existing route tests; added cases verifying query params are parsed and forwarded to the API layer - [x] `use_step_execution.test.ts` — Verifies `staleTime: Infinity` and no polling for terminal steps; polling at 5s for running steps; polling stops on status transition - [x] `workflow_execution_detail.test.tsx` — Verifies `removeQueries` is called on unmount and when `executionId` changes - [x] `unified_hover_provider.test.ts` — Verifies hover values persist across multiple invocations, enrichment skipped when output already present, graceful fallback when fetch returns null - [x] `workflow_yaml_editor.test.tsx` — Updated test wrapper to include `QueryClientProvider` for `useLazyStepExecutionFetcher` --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
…3954) Part of elastic/kibana-team#2651 ## Problem / Intent Several chrome UI components are still class components with manual RxJS subscription management, deprecated `defaultProps`, and `withEuiTheme` HOC patterns. Breadcrumb mapping logic is duplicated between classic and project headers, and the `hasBeta$` observable pattern is copy-pasted across two components. ## Approach - Rewrite `LoadingIndicator`, `HeaderBadge`, `HeaderExtension`, and `HeaderHelpMenu` as function components using hooks (`useState`, `useEffect`, `useCallback`, `useObservable`, `useEuiTheme`) - Extract shared `prepareBreadcrumbs()` utility to deduplicate breadcrumb mapping in `HeaderBreadcrumbs` and project `Breadcrumbs` - Extract `useHasAppMenuConfig` hook to deduplicate the `hasBeta$` observable pattern used in `Header` and project `AppMenu` ## Notes - The `prepareBreadcrumbs()` extraction fixes a subtle pre-existing bug: when `breadcrumbs` was empty, `isLast` was computed against the original empty array length (`i === -1`, always false) instead of the fallback array. The fallback "Kibana" breadcrumb now correctly receives the `last` class in its `data-test-subj` attribute (`"breadcrumb first last"` instead of `"breadcrumb first"`).
resolves elastic/kibana-team#2704 ## Summary - Improve the Saved Objects baseline-missing guidance by surfacing remediation directly in the failing CI step logs. - Keep the check behavior unchanged: the step still fails when no baseline snapshot is found. - Remove PR-comment posting so guidance is communicated in-step without adding PR thread noise. ## Problem - The Saved Objects check can fail when no baseline snapshot is found after traversing merge-base ancestors. - Contributors needed clearer, immediate guidance on how to recover from that failure. - Posting a dedicated PR comment for this case adds extra PR noise and was not necessary. ## Solution - Keep the baseline-missing message in the step error logs with a direct remediation instruction. - Remove the explicit PR comment-posting path for this failure scenario. - Preserve existing failure semantics while making the guidance easier to consume in CI logs. --------- Co-authored-by: Cursor <cursoragent@cursor.com>
Models sometimes run --project with tsconfig.type_check.json, which is generated; this now maps to the sibling tsconfig.json, logs a warning, and is covered by tests.
…stic#253285) ## Summary This PR adds the ability to view, create & manage SLOs in Service Views. Changes: - Fixed a bug where SLO and alert burn rules created with `service.environment: *` weren't retrieved with `service.environment: <Whatever>`. - Added an icon to the SLO status badge - Added status "NO SLO" for the status badge, which we will show in Service Inventory if other services have SLOs and in the Service Overview - Refactored code that was used in multiple places to use shared context/hooks - Improved SLO callout design in Service Overview - Added "Actions" contextual menu next to Environment selector on Service Overview - Added SLO Overview and SLO Create Flyouts to the Service Overview - Added Service header to show the count of alerts and highest critical SLO status - Removed the alert count in Alerts tab for the Service Overview - Add empty state for the SLO Overview flyout to be able to create an SLO ## Demo General Changes https://github.com/user-attachments/assets/a0fa653f-2ab4-491f-9130-b7651323aeea Creation functionality inside Service Overview https://github.com/user-attachments/assets/ce7d4e40-7fb7-43e9-a7bc-e134233db920
…tic#253510) ## Summary https://github.com/user-attachments/assets/86cb366c-2a5b-4a79-a4a7-7905d718393c Resolves elastic#191885. ### Checklist - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [x] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [x] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels.
Adds support for the `profiles` signal type when creating otel transforms Relates to: elastic/prodfiler#6641 Package spec changes: elastic/package-spec#1092
…251376) ## Summary Resolves elastic#251289. ~Re-introduces the "all metrics" ES|QL recommendation that was previously removed.~ Update: per the ticket, we have changed the copy to read "Search all metrics". The screenshots are the same but the copy has been [updated](https://github.com/elastic/kibana/pull/251376/changes#diff-c9b2af3b7c484565768216fd866cd80df9df1e3b1c919994c1bbbbb41be93a96R74). ## Demonstration of change ### Recommends when clicking empty editor  ### Recommends when user types "metrics"  ### ~Includes the recommendation in ES|QL help menu~ **redacted** We are actually blocked on providing this functionality for the time being. See the discussion on elastic#237425 for further information. ## Testing the PR Load some metrics data. You can do this using [simian-forge](https://github.com/simianhacker/simian-forge). Pull the code, `npm ci && npm run build`, and you can index data with a command like: ```bash ./forge --backfill now-1h --interval 10s --count 100 --dataset hosts --purge --elasticsearch-url {ES_URL} --elasticsearch-api-key {CREATE_AN_API_KEY} ``` Navigate to Discover and test the UI. --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
This is now a required for merging.
…253044) closes elastic#244194 ## Summary - Support **legacy histograms** in the metrics experience (include them in the grid and render as 95th percentile via `TO_TDIGEST` in ES|QL). - Add a **generic user messages** module and use it for legacy histogram messaging. ## Changes ### Legacy histogram support - **`isLegacyHistogram` helper** (`src/common/utils/legacy_histogram.ts`): Returns `true` when both field `type` and `instrument` are `'histogram'` (legacy histogram). Used for filtering, aggregation choice, and when to show user messages. - **`use_metric_fields`** (`src/components/observability/metrics/hooks/use_metric_fields.ts`): Skips a metric only when it is a histogram field but **not** a legacy histogram (`metricField.type === 'histogram' && !isLegacyHistogram(metricField)`). Legacy histograms are now included in the grid. - **ES|QL aggregation** (`src/common/utils/esql/create_aggregation.ts`): For legacy histogram, `getAggregationTemplate` returns `PERCENTILE(TO_TDIGEST(??placeholder), 95)` so the chart renders the 95th percentile. Other types (exponential_histogram, tdigest, counter, default) are unchanged. ### Consumer-controlled user messages - **MetricsGrid** (`src/components/observability/metrics/metrics_grid.tsx`): Accepts only `getUserMessages?: (metric: MetricField) => UserMessage[] | undefined`. No `userMessages` prop. For each chart it passes `userMessages={getUserMessages ? getUserMessages(metric) : undefined}`. The shared component no longer branches on metric type; the consumer decides what to pass. - **Metrics experience consumer** (`src/components/observability/metrics/metrics_experience_grid_content.tsx`): Passes `getUserMessages` that returns `LEGACY_HISTOGRAM_USER_MESSAGES` when `isLegacyHistogram(metric)` is true, otherwise `undefined`. So messages are shown only for legacy histogram metrics, and the decision lives in the consumer. ### User messages module - **Generic user messages** (`src/common/utils/user_messages.ts`): New module that exports `LEGACY_HISTOGRAM_USER_MESSAGES` (warning about T-Digest encoding). Re-exported from `src/common/utils/index.ts`. Other message sets can be added to this module later. ### Tests - **`legacy_histogram.test.ts`**: Unit tests for `isLegacyHistogram` (true when type + instrument both histogram; false for histogram + other instrument, histogram + undefined, non-histogram type). - **`create_aggregation.test.ts`**: Tests for `getAggregationTemplate` including legacy histogram (returns `PERCENTILE(TO_TDIGEST(...), 95)`) and non-legacy histogram (returns `AVG(...)`). Existing tests for `replaceFunctionParams` and `createTimeBucketAggregation` remain. - **`metrics_grid.test.tsx`**: Removed the test that expected a `userMessages` prop. Kept the test that verifies `getUserMessages(metric)` is called per chart and its return value is passed to each chart. ## How to test - `./forge --dataset histograms --count 5 --interval 10s --purge` - check discover https://github.com/user-attachments/assets/23787fc8-1cd5-458e-bedb-410be5052c49
…astic#254152) ## Summary <img width="506" height="455" alt="Screenshot 2026-02-20 at 15 09 48" src="https://github.com/user-attachments/assets/de92629d-2a10-4740-9fd6-bf762bc89b39" /> <img width="495" height="533" alt="Screenshot 2026-02-20 at 15 10 05" src="https://github.com/user-attachments/assets/80250f57-e131-4639-a195-2f09345f803a" /> Adds client-side validation to the "Add field" flyout in the streams schema editor for wired streams, matching the server-side validation behavior: - Field names must be namespaced (start with `attributes.`, `body.structured.`, `scope.attributes.`, or `resource.attributes.`) OR be in the keepFields list - Field names cannot be OTel reserved fields (`body`, `attributes`, `scope`, `resource`, `span.id`, `message`, `trace.id`, `log.level`) This provides immediate feedback to users when entering invalid field names, rather than waiting for a server error. ### Changes - Export `otelReservedFields` and `isOtelReservedField` from `@kbn/streams-schema` - Add validation rules to `FieldNameSelector` in `add_field_flyout.tsx` - Add unit tests for validation behavior (14 tests) - Add Scout UI integration test for field name validation ## Test plan - [ ] Open streams schema editor for a wired stream - [ ] Click "Add field" - [ ] Enter a non-namespaced field like `foo` - should show error about namespaced ECS/OTel schema - [ ] Enter `body` - should show error about OTel reserved field - [ ] Enter `attributes.foo` - should be accepted (valid namespace) - [ ] Verify classic streams do not have these restrictions Closes: elastic/streams-program#472 Made with [Cursor](https://cursor.com) --------- Co-authored-by: Cursor <cursoragent@cursor.com>
## Summary Fix elastic#252492 ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
… layers (elastic#251731) Closes elastic#239346 Closes elastic#251894 ## Summary This PR enable multiple selection in the Dimension Dropdown found in Discover. It also completes a previous "TODO" in the Lens Embeddable Utils package making it possible to visualize the breakdown of multiple dimensions in XY charts ### Changes - Dimension dropdown supports multiple selection, up to 5 maximum - Charts were improved for better readability: - Now it show labels for multi-dimension - Now it renders different colored lines for different breakdowns - Changed how the selection count and clear button are displayed in the dropdown - Improved clarity when the maximum options are reached - Hovering the entire dropdown button now shows a proper tooltip(There was an issue where it would show the button label as well) - Hovering a disabled option shows a tooltip - `ToolbarSelector` component now accepts `buttonTooltipContent` prop for custom tooltip ### Expected Results **Dimensions Selector improvements** <img width="626" height="367" alt="image" src="https://github.com/user-attachments/assets/a3281c82-6d71-435c-b9fb-37f75e186390" /> **Charts improvements** <img width="729" height="237" alt="image" src="https://github.com/user-attachments/assets/38e99cc2-2d5a-43b0-aba1-f84ed2814f04" /> --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
…lastic#254263) ## Summary Rolls back the `Run` button changes in this PR elastic#252698. Maintaining the changes in the `Enabled` switch. ### Screenshot <img width="1917" height="987" alt="Captura de pantalla 2026-02-20 a les 17 46 42" src="https://github.com/user-attachments/assets/542bc02a-2379-4b48-973c-10cf1e296bea" />
…c#254274) ## Summary Assigns `/src/platform/test/functional/apps/discover/observability` to `@elastic/obs-exploration-team` instead of `@elastic/observability-ui`. This directory contains the observability-specific Discover functional tests, which are already maintained by obs-exploration-team — they own the subdirectories (`/embeddable`, `/logs`). The parent directory ownership should match. ## Test plan - No code changes; CODEOWNERS-only update. Made with [Cursor](https://cursor.com) Co-authored-by: Cursor <cursoragent@cursor.com>
…#252786) ## Summary Closes elastic#239970. Stored panel state no longer has `attributes.references`. Search source refs (data view, filter indices) are in the dashboard’s top-level `references` and are extracted in `transformIn` and injected in `transformOut` using the same logic as in `extract_references.ts` / `inject_references.ts` --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary Renaming the "Browse indices" label for the suggestion to "Browse data sources" as per our discussion on Slack. <img width="876" height="349" alt="Screenshot 2026-02-19 at 15 57 56" src="https://github.com/user-attachments/assets/a22b0246-85ef-4e9a-82e5-87c2f676b0ef" />
## Summary Add UIAM API Keys spec for grant and invalidate --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
…eturning 500 on Basic license when dealing with ML rules (elastic#253574) ## Summary Addresses elastic#253340 Adds filters to the `rules/prepackaged` and `rules/prepackaged/_status` API endpoints to guard against use cases where users are on basic licenses and are trying to install or update rules that include ML rules. Currently ML rules are limited to platinum licenses and should not be included in these endpoint responses. The inclusion of these rules in all cases were causing 500 errors every time the calls were made, even if all license-available rules were installed successfully. This PR also adds unit and FTR tests to cover the fixed legacy endpoint logic ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: Tiago Costa <tiago.costa@elastic.co>
…t is available (elastic#254281) ## Summary Dynamically import `@kbn/dev-utils` in `serve.js` only if it is available.
## Summary <img src="https://github.com/user-attachments/assets/c9223d29-64d0-4a11-b445-592e2a0d1617" /> Resolves elastic#253400. ### Checklist - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [x] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [x] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels.
Fixes elastic#253480 `storedFilterMetaSchema.value` schema is too restrictive and needs to be broadened. This PR broadens `storedFilterMetaSchema.value` to any since `storedFilterMetaSchema.value` is a subset of `FilterMetaParams` and to prevent future issues like this. PR also updates `FilterMeta.value` type to more accurately reflect usage. [mapPhrases](https://github.com/elastic/kibana/blob/main/src/platform/plugins/shared/data/public/query/filter_manager/lib/mappers/map_phrases.ts#L32) sets value to `PhraseFilterValue[]` ``` export const mapPhrases = (filter: Filter) => { if (!isPhrasesFilter(filter)) { throw filter; } const { type, key, params } = filter.meta; return { type, key, value: params, params, }; }; ``` [mapRange](https://github.com/elastic/kibana/blob/main/src/platform/plugins/shared/data/public/query/filter_manager/lib/mappers/map_range.ts#L54) sets value to `RangeFilterParams` ``` function getParams(filter: RangeFilter) { const isScriptedRange = isScriptedRangeFilter(filter); const key: string = (isScriptedRange ? filter.meta.field : getFirstRangeKey(filter)) || ''; const params: any = isScriptedRange ? get(filter.query, 'script.script.params') : getRangeByKey(filter, key); return { type: FILTERS.RANGE, key, value: params, params }; } export const mapRange = (filter: Filter) => { if (!isMapRangeFilter(filter)) { throw filter; } return getParams(filter); }; ``` --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
…54071) ## Summary This PR updates the scope tooling to allow pinned panels. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [x] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels.
kc13greiner
force-pushed
the
kibana_convert_api
branch
from
5aa1430 to
e2972af
Compare
azasypkin
pushed a commit
that referenced
this pull request
Apr 2, 2026
Closes elastic#258318 Closes elastic#258319 ## Summary Adds logic to the alert episodes table to display `.alert_actions` information. This includes: - New action-specific API paths. - Snooze - **Per group hash.** - Button in the actions column opens a popover where an `until` can be picked. - **When snoozed** - A bell shows up in the status column. - Mouse over the bell icon to see until when the snooze is in effect. - Unsnooze - **Per group hash.** - Clicking the button removes the snooze. - Ack/Unack - **Per episode.** - Button in the actions column - When "acked", an icon shows in the status column. - Tags - This PR only handles displaying tags. They need to be created via API. - Resolve/Unresolve - **Per group hash.** - Button inside the ellipsis always - The status is turned to `inactive` **regardless of the "real" status.** <img width="1704" height="672" alt="Screenshot 2026-03-25 at 16 04 12" src="https://github.com/user-attachments/assets/5ef4111a-6e0c-4114-a60e-ce5f81a86ac6" /> ## Testing <details> <summary>POST mock episodes</summary> ``` POST _bulk { "create": { "_index": ".rule-events" }} { "@timestamp": "2026-01-27T16:00:00.000Z", "source": "internal", "type": "alert", "rule": { "id": "rule-1" }, "group_hash": "gh-1", "episode": { "id": "ep-001", "status": "pending" }, "status": "breached" } { "create": { "_index": ".rule-events" }} { "@timestamp": "2026-01-27T16:01:00.000Z", "source": "internal", "type": "alert", "rule": { "id": "rule-1" }, "group_hash": "gh-1", "episode": { "id": "ep-001", "status": "pending" }, "status": "no_data" } { "create": { "_index": ".rule-events" }} { "@timestamp": "2026-01-27T16:02:00.000Z", "source": "internal", "type": "alert", "rule": { "id": "rule-1" }, "group_hash": "gh-1", "episode": { "id": "ep-001", "status": "inactive" }, "status": "recovered" } { "create": { "_index": ".rule-events" }} { "@timestamp": "2026-01-27T16:03:00.000Z", "source": "internal", "type": "alert", "rule": { "id": "rule-1" }, "group_hash": "gh-1", "episode": { "id": "ep-001", "status": "inactive" }, "status": "no_data" } { "create": { "_index": ".rule-events" }} { "@timestamp": "2026-01-27T16:04:00.000Z", "source": "internal", "type": "alert", "rule": { "id": "rule-1" }, "group_hash": "gh-1", "episode": { "id": "ep-001", "status": "inactive" }, "status": "recovered" } { "create": { "_index": ".rule-events" }} { "@timestamp": "2026-01-27T16:05:00.000Z", "source": "internal", "type": "alert", "rule": { "id": "rule-1" }, "group_hash": "gh-1", "episode": { "id": "ep-001", "status": "pending" }, "status": "breached" } { "create": { "_index": ".rule-events" }} { "@timestamp": "2026-01-27T16:06:00.000Z", "source": "internal", "type": "alert", "rule": { "id": "rule-1" }, "group_hash": "gh-1", "episode": { "id": "ep-001", "status": "active" }, "status": "breached" } { "create": { "_index": ".rule-events" }} { "@timestamp": "2026-01-27T16:07:00.000Z", "source": "internal", "type": "alert", "rule": { "id": "rule-1" }, "group_hash": "gh-2", "episode": { "id": "ep-002", "status": "active" }, "status": "breached" } { "create": { "_index": ".rule-events" }} { "@timestamp": "2026-01-27T16:08:00.000Z", "source": "internal", "type": "alert", "rule": { "id": "rule-1" }, "group_hash": "gh-2", "episode": { "id": "ep-002", "status": "active" }, "status": "no_data" } { "create": { "_index": ".rule-events" }} { "@timestamp": "2026-01-27T16:09:00.000Z", "source": "internal", "type": "alert", "rule": { "id": "rule-1" }, "group_hash": "gh-2", "episode": { "id": "ep-002", "status": "recovering" }, "status": "recovered" } { "create": { "_index": ".rule-events" }} { "@timestamp": "2026-01-27T16:10:00.000Z", "source": "internal", "type": "alert", "rule": { "id": "rule-1" }, "group_hash": "gh-2", "episode": { "id": "ep-002", "status": "recovering" }, "status": "no_data" } { "create": { "_index": ".rule-events" }} { "@timestamp": "2026-01-27T16:11:00.000Z", "source": "internal", "type": "alert", "rule": { "id": "rule-1" }, "group_hash": "gh-2", "episode": { "id": "ep-002", "status": "active" }, "status": "breached" } { "create": { "_index": ".rule-events" }} { "@timestamp": "2026-01-27T16:12:00.000Z", "source": "internal", "type": "alert", "rule": { "id": "rule-1" }, "group_hash": "gh-2", "episode": { "id": "ep-002", "status": "recovering" }, "status": "recovered" } { "create": { "_index": ".rule-events" }} { "@timestamp": "2026-01-27T16:13:00.000Z", "source": "internal", "type": "alert", "rule": { "id": "rule-1" }, "group_hash": "gh-2", "episode": { "id": "ep-002", "status": "inactive" }, "status": "recovered" } { "create": { "_index": ".rule-events" }} { "@timestamp": "2026-01-27T16:14:00.000Z", "source": "internal", "type": "alert", "rule": { "id": "rule-1" }, "group_hash": "gh-1", "episode": { "id": "ep-003", "status": "pending" }, "status": "breached" } { "create": { "_index": ".rule-events" }} { "@timestamp": "2026-01-27T16:15:00.000Z", "source": "internal", "type": "alert", "rule": { "id": "rule-1" }, "group_hash": "gh-1", "episode": { "id": "ep-003", "status": "inactive" }, "status": "recovered" } { "create": { "_index": ".rule-events" }} { "@timestamp": "2026-01-27T16:16:00.000Z", "source": "internal", "type": "alert", "rule": { "id": "rule-1" }, "group_hash": "gh-4", "episode": { "id": "ep-004", "status": "pending" }, "status": "breached" } { "create": { "_index": ".rule-events" }} { "@timestamp": "2026-01-27T16:17:00.000Z", "source": "internal", "type": "alert", "rule": { "id": "rule-1" }, "group_hash": "gh-4", "episode": { "id": "ep-004", "status": "active" }, "status": "breached" } { "create": { "_index": ".rule-events" }} { "@timestamp": "2026-01-27T16:18:00.000Z", "source": "internal", "type": "alert", "rule": { "id": "rule-1" }, "group_hash": "gh-4", "episode": { "id": "ep-004", "status": "recovering" }, "status": "recovered" } { "create": { "_index": ".rule-events" }} { "@timestamp": "2026-01-27T16:19:00.000Z", "source": "internal", "type": "alert", "rule": { "id": "rule-1" }, "group_hash": "gh-4", "episode": { "id": "ep-004", "status": "inactive" }, "status": "recovered" } { "create": { "_index": ".rule-events" }} { "@timestamp": "2026-01-27T16:20:00.000Z", "source": "internal", "type": "alert", "rule": { "id": "rule-1" }, "group_hash": "gh-5", "episode": { "id": "ep-005", "status": "pending" }, "status": "breached" } { "create": { "_index": ".rule-events" }} { "@timestamp": "2026-01-27T16:21:00.000Z", "source": "internal", "type": "alert", "rule": { "id": "rule-1" }, "group_hash": "gh-5", "episode": { "id": "ep-005", "status": "pending" }, "status": "no_data" } { "create": { "_index": ".rule-events" }} { "@timestamp": "2026-01-27T16:22:00.000Z", "source": "internal", "type": "alert", "rule": { "id": "rule-1" }, "group_hash": "gh-5", "episode": { "id": "ep-005", "status": "inactive" }, "status": "recovered" } { "create": { "_index": ".rule-events" }} { "@timestamp": "2026-01-27T16:23:00.000Z", "source": "internal", "type": "alert", "rule": { "id": "rule-1" }, "group_hash": "elasticgh-9", "episode": { "id": "ep-006", "status": "pending" }, "status": "breached" } { "create": { "_index": ".rule-events" }} { "@timestamp": "2026-01-27T16:24:00.000Z", "source": "internal", "type": "alert", "rule": { "id": "rule-1" }, "group_hash": "elasticgh-9", "episode": { "id": "ep-006", "status": "active" }, "status": "breached" } { "create": { "_index": ".rule-events" }} { "@timestamp": "2026-01-27T16:25:00.000Z", "source": "internal", "type": "alert", "rule": { "id": "rule-1" }, "group_hash": "elasticgh-9", "episode": { "id": "ep-006", "status": "active" }, "status": "no_data" } { "create": { "_index": ".rule-events" }} { "@timestamp": "2026-01-27T16:26:00.000Z", "source": "internal", "type": "alert", "rule": { "id": "rule-1" }, "group_hash": "elasticgh-9", "episode": { "id": "ep-006", "status": "inactive" }, "status": "recovered" } { "create": { "_index": ".rule-events" }} { "@timestamp": "2026-01-27T16:14:00.000Z", "source": "internal", "type": "alert", "rule": { "id": "rule-2" }, "group_hash": "elasticgh-7", "episode": { "id": "ep-007", "status": "pending" }, "status": "breached" } { "create": { "_index": ".rule-events" }} { "@timestamp": "2026-01-27T16:15:00.000Z", "source": "internal", "type": "alert", "rule": { "id": "rule-2" }, "group_hash": "elasticgh-7", "episode": { "id": "ep-007", "status": "inactive" }, "status": "recovered" } { "create": { "_index": ".rule-events" }} { "@timestamp": "2026-01-27T16:16:00.000Z", "source": "internal", "type": "alert", "rule": { "id": "rule-3" }, "group_hash": "elasticgh-8", "episode": { "id": "ep-008", "status": "pending" }, "status": "breached" } { "create": { "_index": ".rule-events" }} { "@timestamp": "2026-01-27T16:17:00.000Z", "source": "internal", "type": "alert", "rule": { "id": "rule-3" }, "group_hash": "elasticgh-8", "episode": { "id": "ep-008", "status": "active" }, "status": "breached" } { "create": { "_index": ".rule-events" }} { "@timestamp": "2026-01-27T16:18:00.000Z", "source": "internal", "type": "alert", "rule": { "id": "rule-3" }, "group_hash": "elasticgh-8", "episode": { "id": "ep-008", "status": "recovering" }, "status": "recovered" } { "create": { "_index": ".rule-events" }} { "@timestamp": "2026-01-27T16:20:00.000Z", "source": "internal", "type": "alert", "rule": { "id": "rule-4" }, "group_hash": "elasticgh-9", "episode": { "id": "ep-009", "status": "pending" }, "status": "breached" } { "create": { "_index": ".rule-events" }} { "@timestamp": "2026-01-27T16:21:00.000Z", "source": "internal", "type": "alert", "rule": { "id": "rule-4" }, "group_hash": "elasticgh-9", "episode": { "id": "ep-009", "status": "pending" }, "status": "no_data" } { "create": { "_index": ".rule-events" }} { "@timestamp": "2026-01-27T16:23:00.000Z", "source": "internal", "type": "alert", "rule": { "id": "rule-5" }, "group_hash": "elasticgh-10", "episode": { "id": "ep-010", "status": "pending" }, "status": "breached" } { "create": { "_index": ".rule-events" }} { "@timestamp": "2026-01-27T16:24:00.000Z", "source": "internal", "type": "alert", "rule": { "id": "rule-5" }, "group_hash": "elasticgh-10", "episode": { "id": "ep-010", "status": "active" }, "status": "breached" } { "create": { "_index": ".rule-events" }} { "@timestamp": "2026-01-27T16:25:00.000Z", "source": "internal", "type": "alert", "rule": { "id": "rule-5" }, "group_hash": "elasticgh-10", "episode": { "id": "ep-010", "status": "active" }, "status": "no_data" } ``` </details> - In the POST above, episodes 1 and 3, and episodes 6 and 9 have the same group hashes. - Go to `https://localhost:5601/app/observability/alerts-v2` and try all buttons. --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Exposing UIAM API Key
covertAPI to transform ES native API Keys into UIAM API KeysTesting
Run Kibana & Elasticsearch in UIAM mode:
Create a native ES API Key (any will do!), copy the key value
Navigate to DevTools and call the
convertendpoint that has been exposed through MockIdP:Result:
To view error conditions:
In DevTools: