[Security Solutions] Trial Companion - adds ai chat and elastic agent detectors#9
Closed
[Security Solutions] Trial Companion - adds ai chat and elastic agent detectors#9
Conversation
…tic#246156) ## Summary This PR introduces the new [app menu **component**](https://github.com/elastic/kibana/blob/main/src/core/packages/chrome/app-menu/core-chrome-app-menu-components/src/components/app_menu.tsx) to discover application. As per design, discover won't have an actual [app menu](https://github.com/elastic/kibana/blob/main/src/core/packages/chrome/app-menu/core-chrome-app-menu/src/app_menu.tsx) (it won't be mounted in the app menu region of the application) but instead it will incorporate the standalone component into unified tabs, which occupy the app workspace. However, in single tab view, the app menu will be mounted in the app menu region. The design introduces a change to the `Switch to classic` button, which now is part of the tab actions menu. Classic view (classic mode): <img width="1525" height="92" alt="Screenshot 2026-01-20 at 20 43 31" src="https://github.com/user-attachments/assets/b8741a0f-3f4c-4933-b6fc-87998d450507" /> Classic view (ESQL mode): <img width="1524" height="214" alt="Screenshot 2026-01-20 at 20 43 44" src="https://github.com/user-attachments/assets/9ef666fb-119e-44c4-8887-64c9d21ac487" /> Solution view (classic mode): <img width="1439" height="89" alt="Screenshot 2026-01-20 at 20 44 52" src="https://github.com/user-attachments/assets/d3846c73-e06e-467e-ab4a-c539f1dfa2fc" /> Solution view (ESQL mode): <img width="1431" height="211" alt="Screenshot 2026-01-20 at 20 45 04" src="https://github.com/user-attachments/assets/b521d19c-a59f-499d-a2fb-3267e6484c7d" /> Closes: elastic/kibana-team#2350 --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Davis McPhee <davis.mcphee@elastic.co>
Closes elastic/obs-ai-team#480 ## Summary AI Insights use the Observability Agent with the merge of elastic#249776 This PR updates the AI Insight subtitle copy to say `Observability Agent` instead of `Elastic AI Agent` . <img width="1344" height="96" alt="Screenshot 2026-01-22 at 7 37 39 PM" src="https://github.com/user-attachments/assets/a6e5e669-ac8d-4008-9f49-316c677b1de9" /> ### Checklist - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [x] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels.
…@elastic/ml-ui` files (elastic#249699) > [!CAUTION] >⚠️ **Changes / translations were made by GenAI**. I’ve reviewed them carefully, but your code owners’ expert eyes will ensure they’re 100% right. ## Summary This PR applies the auto-fix for the newly introduced `@elastic/eui/require-table-caption`. This rule ensure `EuiInMemoryTable`, `EuiBasicTable` have a `tableCaption` prop for accessibility. ## Changes 1. 🎯 Added missing `tableCaption` attributes to elements flagged by `@elastic/eui/require-table-caption` — accessibility leveled up! ## Related - elastic/eui#9168 This time, to avoid annoying approvals collection, we've broken files down by teams. Now, we are waiting a review only from your team! --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Pete Harverson <pete@elastic.co>
…lastic#249097) ## Summary Updates the remaining web logs ES|QL journey visualizations to use ES|QL. The only one that couldn't be updated to ES|QL was <img width="657" height="420" alt="Screenshot 2026-01-22 at 1 42 22 PM" src="https://github.com/user-attachments/assets/2004ad4a-757b-43f0-b98c-d8c4a776e5e1" /> (ES|QL can't yet replicate the doc-count sorted behavior of a terms agg with two group-bys) Note: the panels were also made by-value
… API usage (elastic#250101) Resolves elastic#249234 ## Summary Adds call to report event when entity details highlight API is called. ## To Verify 1. Add `telemetry.localShipper: true` to your Kibana config 2. Start ES and Kibana 3. Generate some entity data 4. For each entity, open the flyout and generate a summary 5. Repeat for a few different entities 6. In Dev Tools, perform the following query ``` GET ebt-kibana-server/_search { "query": { "bool": { "filter": [ { "term": { "event_type": "entity_highlights_usage" } } ] } } } ``` 7. You should see a document for each time you generated a summary with the entity type and space ID properties populated correctly Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
…#249559) Resolves elastic/streams-program#268 ## Summary This adds the Failure Store as an option when running simulations. https://github.com/user-attachments/assets/3987bf08-1197-407b-9cba-a88381e80add ## Details * Adds an internal endpoint `GET /internal/streams/{name}/processing/_failure_store_samples` which returns samples that are in the failure store for a stream which will have the processors applied of all the ancestor streams. * Adds `failure-store` as a DataSourceActor in XState
… summary when no AI connectors are available (elastic#249932) ## Summary This PR updates the entity highlight summary to check whether any inference connectors exist. * If none exist, we show an `Add connector` button and hide the settings menu since everything in the menu will be disabled except for the ability to add a connector * Clicking `Add connector` will bring up a connector modal * After adding a connector through this modal, the list of connectors should refresh, the connector should be selected and the `Generate` button should show. ## To Verify 1. Ensure you have no preconfigured AI connectors in your `kibana.dev.yml` 2. Start ES and Kibana 3. Generate some entity data 4. Open the entity flyout for a user or host entity 5. You should see an `Add connector` gradient button 6. Click `Add connector` and follow the add connector flow 7. On saving the new connector, you should now see the `Generate` button and be able to click it. https://github.com/user-attachments/assets/2ff62180-c774-49e2-aaae-e9e13b7b4105
Close [elastic#440](elastic/obs-ai-team#440) This PR adds streaming support to all AI insights (log, error, and alert insights) in the Observability Agent Builder. Changes in the PR: 1. Updated insight generation functions to return Observables instead of Promises: `getLogAiInsights()`,`generateErrorAiInsight()`, `getAlertAiInsight()` 2. Added `Stop generating` button during streaming 3. Added "Regenerate" button after stopping Examples: 1. Alert AI Insights: https://github.com/user-attachments/assets/4cc45e02-14f4-450b-877b-aa1b13c71f70 2. Error Ai Insights: https://github.com/user-attachments/assets/251e0150-9ae8-4267-8695-fb4b750e924f 3. Log Ai Insights: https://github.com/user-attachments/assets/dbfeda64-4d63-4d9a-b371-4557aeb6dd4b --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Viduni Wickramarachchi <viduni.wickramarachchi@elastic.co>
## Summary Close elastic#181994 Support generating OAS for `@kbn/config-schema`'s using our new `schema.discriminatedUnion` type elastic#246095 ## Notes * Force developers to define a `{ meta: { id: '...' } }` for the objects inside a `schema.discriminatedUnion` so that we can generate the correct OAS. Guidance for name is as follows: `<your-id>-<your-team-or-area>`. The intention is that IDs are globally unique while remaining somewhat user readable as they will be surfaced in our docs. * Tackled a few unrelated OAS/schema chores in this PR ## Conversion Given a schema like: ```ts schema.discriminatedUnion('type', [ schema.object( { type: schema.literal('str'), value: schema.string() }, { meta: { id: 'my-str-my-team' } } ), schema.object( { type: schema.literal('num'), value: schema.number() }, { meta: { id: 'my-num-team' } } ), ]), ``` Produce OAS like: ```js { oneOf: [ { $ref: '#/components/schemas/my-str-my-team', }, { $ref: '#/components/schemas/my-num-team', }, ], discriminator: { propertyName: 'type', } } ... components: { schemas: { 'my-str-my-team': { type: 'object', properties: { type: { type: 'string', enum: ['str'] }, }, }, 'my-num-team': { type: 'object', properties: { type: { type: 'string', enum: ['num'] }, }, }, }, } ```
## Summary This updates Streams App Scout tests. ## Details * Adds Scout API tests for relevant areas * Removes Scout UI tests for areas now more reliably covered by API tests * Attempts to address low hanging fruit with regards to flaky UI tests for Streams App ### UI Tests: Category | Before | After | Reduction -- | -- | -- | -- Data Retention | 13 tests (8 files) | 8 tests (7 files) | -5 tests, -1 file Data Routing | ~24 tests | ~24 tests | Added comments only Data Processing | ~11 tests | ~9 tests | -2 tests Total | ~48 tests | ~41 tests | ~15% reduction ### API Tests: * lifecycle_retention.spec.ts - 16 tests covering DSL retention, inheritance, switching * routing_fork_stream.spec.ts - 24 tests covering all condition types (eq, neq, and, or, not, etc.) * processing_simulate.spec.ts - 28 tests covering all processor types (grok, dissect, date, rename, etc.) * schema_field_mapping.spec.ts - 27 tests covering field type simulation --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
…es (elastic#249625) ## Summary Fixes part of elastic#234621, elastic#249889 These changes make the OAS Lens bundle size shrink from 116 to 1 MB (-99%) Before: ``` yarn build:lens-docs yarn run v1.22.22 $ node scripts/capture_oas_snapshot --include-path /api/lens --no-serverless --update info Capturing OAS for traditional Kibana... info Starting Kibana... │ info Loading core with all plugins enabled so that we can capture OAS for all... info Recieved OAS, writing to /Users/marcoliberati/Work/kibana/oas_docs/bundle.json... succ OAS written to /Users/marcoliberati/Work/kibana/oas_docs/bundle.json. File size ~116.44 MB. succ Captured OAS for traditional Kibana. ✨ Done in 50.17s. ``` Initial optimization ``` yarn lens-docs yarn run v1.22.22 $ yarn build:lens-docs && yarn deploy:lens-docs $ node scripts/capture_oas_snapshot --include-path /api/lens --no-serverless --update info Capturing OAS for traditional Kibana... info Starting Kibana... │ info Loading core with all plugins enabled so that we can capture OAS for all... info Recieved OAS, writing to /Users/marcoliberati/Work/kibana/oas_docs/bundle.json... succ OAS written to /Users/marcoliberati/Work/kibana/oas_docs/bundle.json. File size ~37.13 MB. succ Captured OAS for traditional Kibana. ``` Second iteration: ``` ✗ yarn lens-docs yarn run v1.22.22 $ yarn build:lens-docs && yarn bundle:lens-docs $ node scripts/capture_oas_snapshot --include-path /api/lens --no-serverless --update info Capturing OAS for traditional Kibana... info Starting Kibana... │ info Loading core with all plugins enabled so that we can capture OAS for all... info Recieved OAS, writing to /Users/marcoliberati/Work/kibana/oas_docs/bundle.json... succ OAS written to /Users/marcoliberati/Work/kibana/oas_docs/bundle.json. File size ~1.07 MB. ``` Final solution: ``` ✗ yarn lens-docs yarn run v1.22.22 $ yarn build:lens-docs && yarn bundle:lens-docs $ node scripts/capture_oas_snapshot --include-path /api/lens --no-serverless --update info Capturing OAS for traditional Kibana... info Starting Kibana... │ info Loading core with all plugins enabled so that we can capture OAS for all... info Recieved OAS, writing to /Users/marcoliberati/Work/kibana/oas_docs/bundle.json... succ OAS written to /Users/marcoliberati/Work/kibana/oas_docs/bundle.json. File size ~1.59 MB. succ Captured OAS for traditional Kibana. ``` That enables a smoother deployment over the API publishing platform and perform gitops over it (Github has a 100MB per file limit). ~~Unfortunately there are still issues on the doc platform itself which has a 30s timeout for server side rendering, and `metric` and `gauge` chart take longer to generate 🦥 I'll create a separate issue to track them.~~ The final solution produces a bundle which a bit less optimised than the previous step, but it guarantees that each entity chunk is relatively small (> 10kb) and that prevents issues with the documentation platform. <details> <summary>Entity size table details</summary> ``` === Schema Sizes (in bytes) === Total schemas found: 76 Schema Name Size (bytes) =========================================================================== Kibana_HTTP_APIs_metricESQL 8003 Kibana_HTTP_APIs_xyDataLayer 7445 Kibana_HTTP_APIs_heatmapNoESQL 7285 Kibana_HTTP_APIs_metricNoESQL 6859 Kibana_HTTP_APIs_gaugeESQL 4919 Kibana_HTTP_APIs_termsOperationSchema 4854 Kibana_HTTP_APIs_categoricalColorMappingSchema 4405 Kibana_HTTP_APIs_gradientColorMappingSchema 4295 Kibana_HTTP_APIs_tagcloudESQL 3714 Kibana_HTTP_APIs_movingAverageOperationSchema 3582 Kibana_HTTP_APIs_differencesOperationSchema 3487 Kibana_HTTP_APIs_legacyMetricESQL 3481 Kibana_HTTP_APIs_gaugeNoESQL 3375 Kibana_HTTP_APIs_heatmapESQL 3113 Kibana_HTTP_APIs_regionMapESQL 3108 Kibana_HTTP_APIs_xyReferenceLayerESQL 3096 Kibana_HTTP_APIs_xyAxis 3080 Kibana_HTTP_APIs_cumulativeSumOperationSchema 2878 Kibana_HTTP_APIs_counterRateOperationSchema 2874 Kibana_HTTP_APIs_formulaOperationDefinitionSchema 2778 Kibana_HTTP_APIs_xyDataLayerESQL 2761 Kibana_HTTP_APIs_colorByValuePercentage 2563 Kibana_HTTP_APIs_xyReferenceLayer 2235 Kibana_HTTP_APIs_colorByValueAbsolute 2165 Kibana_HTTP_APIs_xyChartSchema 2091 Kibana_HTTP_APIs_xyAnnotationQuery 1859 Kibana_HTTP_APIs_xyLegendInternal 1671 Kibana_HTTP_APIs_heatmapAxesSchema 1655 Kibana_HTTP_APIs_xyLegendExternal 1565 Kibana_HTTP_APIs_xyAnnotationManualEvent 1445 Kibana_HTTP_APIs_lastValueOperationSchema 1392 Kibana_HTTP_APIs_uniqueCountMetricOperationSchema 1360 Kibana_HTTP_APIs_sumMetricOperationSchema 1343 Kibana_HTTP_APIs_countMetricOperationSchema 1331 Kibana_HTTP_APIs_percentileRanksOperationSchema 1323 Kibana_HTTP_APIs_minMaxAvgMedianStdDevMetricOperationSchema 1320 Kibana_HTTP_APIs_percentileOperationSchema 1315 Kibana_HTTP_APIs_indexDatasetTypeSchema 1207 Kibana_HTTP_APIs_xyAnnotationLayer 1184 Kibana_HTTP_APIs_histogramOperationSchema 1176 Kibana_HTTP_APIs_xyDecorations 1153 Kibana_HTTP_APIs_searchFilterQueryStringSchema 952 Kibana_HTTP_APIs_dateHistogramOperationSchema 945 Kibana_HTTP_APIs_xyXAxis 878 Kibana_HTTP_APIs_xyAnnotationManualRange 858 Kibana_HTTP_APIs_heatmapLegendSchema 811 Kibana_HTTP_APIs_staticOperationDefinitionSchema 777 Kibana_HTTP_APIs_xyFittingFunction 775 Kibana_HTTP_APIs_metricBreakdownByEsql 638 Kibana_HTTP_APIs_searchFilterObjectSchema 625 Kibana_HTTP_APIs_xyAnnotationManualRangeInterval 583 Kibana_HTTP_APIs_xyAnnotationPointLine 576 Kibana_HTTP_APIs_metricPrimaryMetricAlignments 544 Kibana_HTTP_APIs_metricCompareToBaseline 534 Kibana_HTTP_APIs_numericFormatSchema 533 Kibana_HTTP_APIs_xyYAxisExtentCustom 517 Kibana_HTTP_APIs_xyXAxisExtentCustom 507 Kibana_HTTP_APIs_filtersOperationSchema 494 Kibana_HTTP_APIs_metricIconConfig 450 Kibana_HTTP_APIs_durationFormatSchema 443 Kibana_HTTP_APIs_metricCompareToPrimary 432 Kibana_HTTP_APIs_esqlDatasetTypeSchema 408 Kibana_HTTP_APIs_dataViewDatasetTypeSchema 406 Kibana_HTTP_APIs_byteFormatSchema 405 Kibana_HTTP_APIs_heatmapCellsSchema 380 Kibana_HTTP_APIs_xyAnnotationQueryTextField 377 Kibana_HTTP_APIs_staticColorSchema 363 Kibana_HTTP_APIs_xyAxisTitle 342 Kibana_HTTP_APIs_filterSimpleSchema 340 Kibana_HTTP_APIs_xyYAxisExtentFull 330 Kibana_HTTP_APIs_filterWithLabelSchema 320 Kibana_HTTP_APIs_xyXAxisExtentFull 310 Kibana_HTTP_APIs_customFormatSchema 305 Kibana_HTTP_APIs_heatmapAxisSimpleSchema 280 Kibana_HTTP_APIs_xyYAxisExtentFocus 269 Kibana_HTTP_APIs_tableESQLDatasetTypeSchema 257 =========================================================================== TOTAL 138709 === Summary Statistics === Average size: 1825 bytes Minimum size: 257 bytes (Kibana_HTTP_APIs_tableESQLDatasetTypeSchema) Maximum size: 8003 bytes (Kibana_HTTP_APIs_metricESQL) ``` </details> ## Testing it To check the actual changes it is best to use @nickofthyme 's temporary PR here: elastic#249426 with the `yarn build:lens-docs` command. Also, it is possible to get the generated `bundle.json` file from that PR and import it into https://editor.swagger.io/ to see the data in it --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
…lastic#249777) ## Summary See elastic#245363 Notes being deleted via the timelines table does not automatically update on the UI because the timeline states that include the notes are not being updated properly. Refactor the notes preview delete button in the timelines table to use the redux state as we do in the notes management page/popup. ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [x] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [x] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [x] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [x] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
…ity summary highlight. (elastic#250093) ## Summary The entity summary feature calls the inference plugin chat complete API which does not perform its own RBAC checks and instead relies on the calling feature to check permissions. Currently, it checks whether the user has permissions to access AI assistant. This PR expands the checks to also check whether the user has permissions to agent builder and whether the user has connector permissions (which is needed to invoke gen ai connectors). Note: I did not replace the permissions check for AI Assistant with Agent Builder. Instead, I modified the check to ensure that a user has at least one of these permissions. This prevents users who only have AI Assistant permissions from suddenly not being able to see the entity summary highlight. In the future, when Assistant is removed, we can update the check to only check Agent Builder permissions. ## To Verify 1. Start ES and Kibana 2. Generate some entity data 3. Create a custom role with limited permissions, specifically, no agent builder or ai assistant permissions. Make sure you have permissions to `Actions and Connectors` under Stack Management <img width="762" height="1031" alt="Screenshot 2026-01-22 at 12 19 46 PM" src="https://github.com/user-attachments/assets/eb41f8b2-1401-4c12-8d77-4775be5c132d" /> 4. Create a user `test` and assign it to the role you just created 5. Log in as your new user (I do this in an incognito window) 6. Verify that you cannot see the entity summary highlight section on an entity flyout 7. As your admin user, modify the role to give permission to AI Assistant 8. As the `test` user, reload the entity flyout. You should now see the entity summary highlight section 9. As your admin user, modify the role to remove permission to AI Assistant and give permission for Agent Builder 10. As the `test` user, reload the entity flyout. You should now see the entity summary highlight section 11. As your admin user, modify the role to remove permissions to `Actions and Connectors` under `Stack Management` 12. As the `test` user, reload the entity flyout. You should no longer see the entity summary highlight section.
…astic#249683) ## Summary Part of elastic/kibana-team#2179. Fixes elastic#249912. Adds some more granular failure reasons for ES|QL conversion: - `non_utc_timezone` - Timezone is not UTC - `formula_not_supported` - Lens formulas cannot be converted - `time_shift_not_supported` - Time shift operations not supported - `runtime_field_not_supported` - Runtime fields not supported - `reduced_time_range_not_supported` - Reduced time range not supported - `function_not_supported` - Operation type has no ES|QL equivalent - `drop_partials_not_supported` - Drop partial buckets not supported - `include_empty_rows_not_supported` - Include empty rows not supported - `terms_not_supported` - Terms aggregation not supported - `unknown` - Catch-all for unexpected failures - `getESQLForLayer` now returns `EsqlQueryResult` (success with data OR failure with reason) - Added `isEsqlQuerySuccess` type guard for safe property access <img width="1962" height="868" alt="CleanShot 2026-01-23 at 10 18 02@2x" src="https://github.com/user-attachments/assets/72261f56-e3bc-45d9-a27f-bab71917e5d8" /> ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] Used `cursor-cli` with `opus-4.5`
…c#250233) ## Summary After this [PR](elastic#248979) merged, it looks like the `security.entity` attachment would throw a validation error because it's expecting an object and we're returning a string representation from the validate function. Removing this extra formatting fixes the issue. ## To Verify 1. Start ES and Kibana 2. Generate some alert data and then enable the risk scoring engine so the risk score task runs 3. Make sure you're using AI Agents (not Assistant) 4. From the Entity Analytics overview, click an entity to open the flyout then `Expand details` 5. From the expanded flyout, click `Add to chat` and then submit the conversation 6. You should see no validation errors and see a response from the agent.
…tion (elastic#249450) ## Summary Related to elastic#241152. ~This PoC would replace the metrics panel custom header components with a native Lens implementation of the highlighting functionality.~ Previously, the Metrics UI team implemented a custom header component to use for the Metrics embeddables shown in Discover. This allowed for a highlight mechanic that was not present in lens, shown below:  Unfortunately, with the custom implementation they also had to cancel interaction events related to selecting/copying the text contents of the header, because of unwanted UI side effects. As noted in the linked issue, rather than adding additional CSS hacks, the desire was instead to have Lens support the highlight feature, and remove the custom implementation altogether. **The goal of this patch is to allow Metrics UI to use the default embeddable title component, while keeping the highlight feature.** This is achieved by adding a `titleHighlight` prop to the embeddable component. When this prop is defined, the embeddable will wrap the title content in an `EuiHighlight` as the custom component was doing. In the case of Metrics UI, which passes the highlight, the embeddable's title will wrap the intended content in a highlight. Otherwise, the new code is skipped, and the embeddable component should behave exactly as it normally would. ## Testing ### Getting data Testing this PR will require metrics data indexed at a path like `metrics*`. There are a bunch of ways to do this, but a simple way is to clone Simian Forge: ```bash git clone https://github.com/simianhacker/simian-forge.git ``` Perform an install + build: ```bash npm i && npm run build ``` Then, create an Elasticsearch API key. This is easily achieved in Kibana by going to the API key management page and creating a new key. Copy the key Kibana created for you and use it in your command, like below: <img width="1146" height="465" alt="API key management page" src="https://github.com/user-attachments/assets/a19639af-7642-4d02-b32d-6d6413676b9d" /> ```bash ./forge --backfill now-1h --interval 10s --count 100 --dataset hosts --purge --elasticsearch-url {ES_URL} --elasticsearch-api-key {API_KEY} ``` If you're running Elasticsearch locally, you can simply specify `--elasticsearch-url http://localhost:9200`. ### Querying data Perform a metrics ES|QL query like: ``` TS metrics* ``` When the metrics visualizations appear, make sure you're able to select the text with your mouse pointer and copy the contents. Both the highlight functionality, and text selection, are shown in the image below:  _Additional note:_ because this change makes the Metrics component `ChartTitle` obsolete, it removes the component's file/tests as well. --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary This PR builds on prior art elastic#209047, to bring grouped data (named cascade) exploration to discover for ES|QL. When a user inputs any ES|QL query; said query will be parsed, on parsing said inputted query if an occurrence of the [`STATS`](https://www.elastic.co/docs/reference/query-languages/esql/commands/stats-by) command is found it would trigger the possibility of having a different view; the grouped view. However this experience is not necessarily what the user would always have, the heuristics for being presented the cascade experience are as follows; - The user inputted an ES|QL query that includes the target command (i.e `STATS`) - The feature flag for the cascade experience is enabled - The user has not specifically chosen to opt out from the cascade experience. That being said, given the following valid query including a `STATS` command; ```esql FROM kibana_sample_data_logs | KEEP bytes, clientip, url.keyword, response.keyword | STATS Visits = COUNT(), Unique = COUNT_DISTINCT(clientip), p95 = PERCENTILE(bytes, 95), median = MEDIAN(bytes) BY url.keyword | LIMIT 123 ``` The user would be presented with a combobox alongs side the regular document options, that allows the user to select at this time an option to group by the field which the user grouped the STATS query by or a choice to revert to the regular view. It's worth mentioning that in the event that the user provides a query that specifies more than one grouping, for example; ```esql FROM kibana_sample_data_logs | KEEP bytes, clientip, url.keyword, response.keyword | STATS Visits = COUNT(), Unique = COUNT_DISTINCT(clientip), p95 = PERCENTILE(bytes, 95), median = MEDIAN(bytes) BY bytes, clientip, url.keyword, response.keyword | LIMIT 123 ``` We'd revert to the regular view the user is familiar with. A note on how groups are selected; all referenced columns that exist on the record from the last `STATS` command are selected by default as data pivot option, whilst STATS also supports the [`BUCKET`](https://www.elastic.co/docs/reference/query-languages/esql/functions-operators/grouping-functions#esql-bucket), [`TBUCKET`](https://www.elastic.co/docs/reference/query-languages/esql/functions-operators/grouping-functions#esql-tbucket) and [`CATEGORIZE`](https://www.elastic.co/docs/reference/query-languages/esql/functions-operators/grouping-functions#esql-categorize) grouping functions, at this time this implementation will only provide pivot points for the `CATEGORIZE` grouping function. ## How to test - Add the config `feature_flags.overrides.discover.cascadeLayoutEnabled: true` in your `kibana.dev.yml` - install your data of choice, for the sake of this guide the `kibana_sample_data_logs` sample data is sufficient. - Navigate to discover, select the button that prompts to "Tryout ES|QL" - Input the query from above or a different one, and you should be presented with the cascade experience similar to the screen recording below; https://github.com/user-attachments/assets/c3931adf-d88e-4369-b304-1bc2635b9182 ### Checklist Reviewers should verify this PR satisfies this list as well. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) <!-- ### Identify risks Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ... --> --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Ryan Keairns <contactryank@gmail.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> Co-authored-by: Davis McPhee <davis.mcphee@elastic.co>
…lastic#250040) ## Summary We have been dealing with a lot of flakiness in our tests due to package registry not being available, this PR changes the package registery being used to the dockerized one in Dataset Quality. As well as centralizing its usage in kbn-test package so that it can later on be used from a central place by other teams instead of duplicating it in every test suite. This is work continuation for [[Dataset quality] configuring dockerized package registry in tests](elastic#234891).
… and test snapshot (elastic#249998) ## Summary This PR is for an intermediate release for elastic#248845 . * Update the Custom Threshold Rule schema to accept an optional KQL string filter as part of the `metrics` items : schema changed from `never` to `optional string` ## Test I tested it manually and verified that Custom Threshold Rules with the new schema in place are executed without issues in current Kibana version in `main`
## Summary Closes elastic#126894 ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed --------- Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [nodemailer](https://nodemailer.com/) ([source](https://github.com/nodemailer/nodemailer)) | dependencies | patch | [`7.0.11` -> `7.0.12`](https://renovatebot.com/diffs/npm/nodemailer/7.0.11/7.0.12) | --- ### Release Notes <details> <summary>nodemailer/nodemailer (nodemailer)</summary> ### [`v7.0.12`](https://github.com/nodemailer/nodemailer/blob/HEAD/CHANGELOG.md#7012-2025-12-22) [Compare Source](https://github.com/nodemailer/nodemailer/compare/v7.0.11...v7.0.12) ##### Bug Fixes - added support for REQUIRETLS ([#&elastic#8203;1793](https://github.com/nodemailer/nodemailer/issues/1793)) ([053ce6a](https://github.com/nodemailer/nodemailer/commit/053ce6a772a7c608e6bee7f58ebe9900afbd9b84)) - use 8bit encoding for message/rfc822 attachments ([adf8611](https://github.com/nodemailer/nodemailer/commit/adf86113217b23ff3cd1191af5cd1d360fcc313b)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xMDcuMCIsInVwZGF0ZWRJblZlciI6IjM5LjEwNy4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJiYWNrcG9ydDphbGwtb3BlbiIsInJlbGVhc2Vfbm90ZTpza2lwIl19--> Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com>
…I tests (elastic#249734) Closes elastic#247125 ## Summary Migration node details page ## Running tests e2e locally #### Run server (first terminal): `node scripts/scout.js start-server --stateful` #### Run apm tests (second terminal): `npx playwright test --project local --ui --config x-pack/solutions/observability/plugins/infra/test/scout/ui/parallel.playwright.config.ts` ## Unit tests `yarn test:jest x-pack/solutions/observability/plugins/infra/public/components/asset_details/tabs/overview/overview.test.tsx` `yarn test:jest x-pack/solutions/observability/plugins/infra/public/components/asset_details/tabs/metadata/metadata.test.tsx` `yarn test:jest x-pack/solutions/observability/plugins/infra/public/components/asset_details/tabs/overview/kpis/cpu_profiling_prompt.test.tsx` `yarn test:jest x-pack/solutions/observability/plugins/infra/public/common/asset_details_config/asset_details_tabs.test.tsx` `yarn test:jest x-pack/solutions/observability/plugins/infra/public/components/asset_details/hooks/use_page_header.test.tsx` ## Checklist - [x] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) - [(Last successful run)](elastic#249734 (comment)) --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
This PR contains the following updates: | Package | Type | Update | Change | Pending | |---|---|---|---|---| | [@opentelemetry/context-async-hooks](https://github.com/open-telemetry/opentelemetry-js/tree/main/packages/opentelemetry-context-async-hooks) ([source](https://github.com/open-telemetry/opentelemetry-js)) | dependencies | minor | [`2.2.0` -> `2.3.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2fcontext-async-hooks/2.2.0/2.3.0) | `2.5.0` (+1) | | [@opentelemetry/exporter-metrics-otlp-grpc](https://github.com/open-telemetry/opentelemetry-js/tree/main/experimental/packages/opentelemetry-exporter-metrics-otlp-grpc) ([source](https://github.com/open-telemetry/opentelemetry-js)) | dependencies | minor | [`0.208.0` -> `0.209.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2fexporter-metrics-otlp-grpc/0.208.0/0.209.0) | `0.211.0` (+1) | | [@opentelemetry/exporter-metrics-otlp-http](https://github.com/open-telemetry/opentelemetry-js/tree/main/experimental/packages/opentelemetry-exporter-metrics-otlp-http) ([source](https://github.com/open-telemetry/opentelemetry-js)) | dependencies | minor | [`0.208.0` -> `0.209.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2fexporter-metrics-otlp-http/0.208.0/0.209.0) | `0.211.0` (+1) | | [@opentelemetry/exporter-metrics-otlp-proto](https://github.com/open-telemetry/opentelemetry-js/tree/main/experimental/packages/opentelemetry-exporter-metrics-otlp-proto) ([source](https://github.com/open-telemetry/opentelemetry-js)) | dependencies | minor | [`0.208.0` -> `0.209.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2fexporter-metrics-otlp-proto/0.208.0/0.209.0) | `0.211.0` (+1) | | [@opentelemetry/exporter-prometheus](https://github.com/open-telemetry/opentelemetry-js/tree/main/experimental/packages/opentelemetry-exporter-prometheus) ([source](https://github.com/open-telemetry/opentelemetry-js)) | dependencies | minor | [`0.208.0` -> `0.209.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2fexporter-prometheus/0.208.0/0.209.0) | `0.211.0` (+1) | | [@opentelemetry/exporter-trace-otlp-grpc](https://github.com/open-telemetry/opentelemetry-js/tree/main/experimental/packages/exporter-trace-otlp-grpc) ([source](https://github.com/open-telemetry/opentelemetry-js)) | dependencies | minor | [`0.208.0` -> `0.209.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2fexporter-trace-otlp-grpc/0.208.0/0.209.0) | `0.211.0` (+1) | | [@opentelemetry/exporter-trace-otlp-http](https://github.com/open-telemetry/opentelemetry-js/tree/main/experimental/packages/exporter-trace-otlp-http) ([source](https://github.com/open-telemetry/opentelemetry-js)) | dependencies | minor | [`0.208.0` -> `0.209.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2fexporter-trace-otlp-http/0.208.0/0.209.0) | `0.211.0` (+1) | | [@opentelemetry/exporter-trace-otlp-proto](https://github.com/open-telemetry/opentelemetry-js/tree/main/experimental/packages/exporter-trace-otlp-proto) ([source](https://github.com/open-telemetry/opentelemetry-js)) | dependencies | minor | [`0.208.0` -> `0.209.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2fexporter-trace-otlp-proto/0.208.0/0.209.0) | `0.211.0` (+1) | | [@opentelemetry/instrumentation](https://github.com/open-telemetry/opentelemetry-js/tree/main/experimental/packages/opentelemetry-instrumentation) ([source](https://github.com/open-telemetry/opentelemetry-js)) | dependencies | minor | [`0.208.0` -> `0.209.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2finstrumentation/0.208.0/0.209.0) | `0.211.0` (+1) | | [@opentelemetry/instrumentation-http](https://github.com/open-telemetry/opentelemetry-js/tree/main/experimental/packages/opentelemetry-instrumentation-http) ([source](https://github.com/open-telemetry/opentelemetry-js)) | dependencies | minor | [`0.208.0` -> `0.209.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2finstrumentation-http/0.208.0/0.209.0) | `0.211.0` (+1) | | [@opentelemetry/otlp-exporter-base](https://github.com/open-telemetry/opentelemetry-js/tree/main/experimental/packages/otlp-exporter-base) ([source](https://github.com/open-telemetry/opentelemetry-js)) | dependencies | minor | [`0.208.0` -> `0.209.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2fotlp-exporter-base/0.208.0/0.209.0) | `0.211.0` (+1) | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>open-telemetry/opentelemetry-js (@&elastic#8203;opentelemetry/context-async-hooks)</summary> ### [`v2.3.0`](https://github.com/open-telemetry/opentelemetry-js/blob/HEAD/CHANGELOG.md#230) [Compare Source](https://github.com/open-telemetry/opentelemetry-js/compare/v2.2.0...v2.3.0) ##### 🚀 Features - feat(sdk-trace-base): implement on ending in span processor [#&elastic#8203;6024](https://github.com/open-telemetry/opentelemetry-js/pull/6024) [@&elastic#8203;majanjua-amzn](https://github.com/majanjua-amzn) - note: this feature is experimental and subject to change ##### 🐛 Bug Fixes - fix(sdk-metrics): remove setImmediate usage in ConsoleMetricExporter [#&elastic#8203;6199](https://github.com/open-telemetry/opentelemetry-js/pull/6199) [@&elastic#8203;overbalance](https://github.com/overbalance) ##### 🏠 Internal - refactor(bundler-tests): split webpack tests into webpack-4 and webpack-5 [#&elastic#8203;6098](https://github.com/open-telemetry/opentelemetry-js/pull/6098) [@&elastic#8203;overbalance](https://github.com/overbalance) - refactor(sdk-metrics): remove isNotNullish() utility function [#&elastic#8203;6151](https://github.com/open-telemetry/opentelemetry-js/pull/6151) [@&elastic#8203;cjihrig](https://github.com/cjihrig) - refactor(sdk-metrics): remove FlatMap() utility function [#&elastic#8203;6154](https://github.com/open-telemetry/opentelemetry-js/pull/6154) [@&elastic#8203;cjihrig](https://github.com/cjihrig) - refactor(sdk-metrics): simplify AllowList and DenyList processors [#&elastic#8203;6159](https://github.com/open-telemetry/opentelemetry-js/pull/6159) [@&elastic#8203;cjihrig](https://github.com/cjihrig) - chore: disallow constructor parameter property syntax [#&elastic#8203;6187](https://github.com/open-telemetry/opentelemetry-js/pull/6187) [@&elastic#8203;legendecas](https://github.com/legendecas) - refactor(sdk-metrics): use test() instead of match() in isValidName() [#&elastic#8203;6205](https://github.com/open-telemetry/opentelemetry-js/pull/6205) [@&elastic#8203;cjihrig](https://github.com/cjihrig) - refactor(core): remove TimeOriginLegacy Safari <15 fallback [#&elastic#8203;6235](https://github.com/open-telemetry/opentelemetry-js/pull/6235) [@&elastic#8203;overbalance](https://github.com/overbalance) - chore: remove backcompat workspace [#&elastic#8203;6238](https://github.com/open-telemetry/opentelemetry-js/pull/6238) [@&elastic#8203;overbalance](https://github.com/overbalance) - refactor(core,resources): consolidate platform-specific code [#&elastic#8203;6208](https://github.com/open-telemetry/opentelemetry-js/pull/6208) [@&elastic#8203;overbalance](https://github.com/overbalance) - test(api): remove unnecessary conditional [#&elastic#8203;6241](https://github.com/open-telemetry/opentelemetry-js/pull/6241) [@&elastic#8203;cjihrig](https://github.com/cjihrig) - refactor(api): remove several reverse() calls [#&elastic#8203;6252](https://github.com/open-telemetry/opentelemetry-js/pull/6252) [@&elastic#8203;cjihrig](https://github.com/cjihrig) - refactor(api): remove unnecessary map() call [#&elastic#8203;6251](https://github.com/open-telemetry/opentelemetry-js/pull/6251) [@&elastic#8203;cjihrig](https://github.com/cjihrig) - chore: add zed to gitignore [#&elastic#8203;6258](https://github.com/open-telemetry/opentelemetry-js/pull/6258) [@&elastic#8203;overbalance](https://github.com/overbalance) - chore(deps): update nx to 22.3.0 [#&elastic#8203;6233](https://github.com/open-telemetry/opentelemetry-js/pull/6233) [@&elastic#8203;overbalance](https://github.com/overbalance) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xMDcuMCIsInVwZGF0ZWRJblZlciI6IjM5LjEwNy4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJUZWFtOkFJIEluZnJhIiwiVGVhbTpDb3JlIiwiVGVhbTpNb25pdG9yaW5nIiwiVGVhbTpTZWN1cml0eSIsInJlbGVhc2Vfbm90ZTpza2lwIl19--> --------- Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
…cts (elastic#240470) ## Summary This PR updates scripts for extract product docs to have a more robust query for fetching documentation ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [ ] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. ### Identify risks Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ... --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
…n artifacts" (elastic#250294) Reverts elastic#240470
…stic#250296) Reverts elastic#231473. This PR was allowed to auto-merged accidently
Reverts elastic#247826, it was allowed to auto-merged accidently.
…#250850) ## Summary Health badges in the service inventory table have weak contrast between text and background. Instead of leveraging standard named colours for the health badges, we're passing `euiTheme` colours straight as HEX values. While this might seem equivalent at a glance, badges work differently visually with named colours than they do with HEX values. In order to improve the contrast between text and background in the badge and to visually standardize health with other badges in the table (alerts & SLOs) this PR updates health badges to use named colours instead. ## UI Updates ### Before <img width="1589" height="200" alt="Before" src="https://github.com/user-attachments/assets/7ae9fa8d-7c1d-4d0b-9d10-f2b36de506eb" /> ### After <img width="1584" height="202" alt="After" src="https://github.com/user-attachments/assets/513f0f3c-77a0-4c13-ab17-d2d646530e47" />
…lyouts (elastic#250602) ## Summary <img width="1806" height="939" alt="Screenshot 2026-01-27 at 17 37 31" src="https://github.com/user-attachments/assets/4f8b8a2a-ca8c-4c8c-80e5-d01ccc61bc64" /> <img width="1803" height="1140" alt="Screenshot 2026-01-27 at 17 13 54" src="https://github.com/user-attachments/assets/b1761c76-4b9c-4493-9a20-d169aa60e2fe" /> ### Checklist - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [x] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels.
#Closes [431](elastic/obs-ai-team#431) The agent now automatically formats known Observability entities as Markdown links in its responses. This enables users to click directly on entity references to navigate to the relevant APM views, improving workflow efficiency. To make these links space-aware for the agent as well, we introduced a change that allows `BuiltInAgentDefinition.configuration` to be defined as either: a static configuration object, or a function that receives runtime context and returns the configuration dynamically. **How it works** 1. At setup (registration) time, the agent stores the configuration function. 2. When handling a request, createAgentHandler checks whether the configuration is a function. 3. If it is, the function is called with { spaceId, request } to resolve the actual configuration. 4. The resolved instructions then include the correct space-aware links. ### Changes - Added entity-linking instructions to the Observability Agent’s system prompt. - Added entity-linking support to Errors, Logs and Alerts AI Insights. - All links are space-aware. **Testing with Cursor:** Test Prompt: [test_prompt.md](https://github.com/user-attachments/files/24771581/test_prompt.md) Results: [hereisresults.md](https://github.com/user-attachments/files/24771728/hereisresults.md) **Test scenario:** - Start es, kibana and otel-demo - Enable productCatalogFailure feature flag - Start a conversation with the Observability Agent - Ask about a specific service (e.g., "What's the status of checkout service?") - The agent's response should format service names as clickable Markdown links Traces for [Error AI insight](https://oblt-apps.elastic.dev/phoenix-ai/projects/UHJvamVjdDoxMTIy/traces/5fd67e44e280ab0514f17d53e23cd828?selected) and [Alert AI Insight](https://oblt-apps.elastic.dev/phoenix-ai/projects/UHJvamVjdDoxMTIy/traces/9dff61da9be3240830e83e6d99d17265?selected) --------- Co-authored-by: Viduni Wickramarachchi <viduni.ushanka@gmail.com> Co-authored-by: Søren Louv-Jansen <sorenlouv@gmail.com> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Closes elastic#250156 ## Summary This PR gets rid of `mutate.commands.stats.summarizeCommand` in favour of adding `grouping` and `aggregations` to the `sumarizeQuery` method. * A bug that was producing wrong column names when using `WHERE` function within `STATS` has been solved. Cleanup of the summary fields * `usedFields` has been removed from the summary. * `column` has been removed from the summary. * `terminals` has been removed from the summary and a helper has been added to extract it. * Relevant clients of the summary has been carefully refactored to adapt to the new signature. --------- Co-authored-by: Stratou <efstratia.kalafateli@elastic.co>
… API `expect` (elastic#250772) ## Summary Updates Solutions API tests to use the dedicated API `expect` from `@kbn/scout/api` and adds an ESLint rule to enforce correct import paths. ### Changes - Added `api.ts` exports for `@kbn/scout-oblt`, `@kbn/scout-search`, and `@kbn/scout-security` packages - Updated solutions API tests to import `expect` from `@kbn/scout-oblt/api` - Changed assertions from `toBeTruthy()`/`toBeFalsy()` to explicit `toBe(true)`/`toBe(false)` - Refactored stack trace handling to use native `Error.captureStackTrace` instead of manually filtering stack lines - Added ESLint rule `scout_expect_import` to validate `expect` imports based on test type (api/ui)
…stic#250554) ## 🍒 Summary When a stream is in time-series (TSDB) mode, the "Explore in Discover" links should use `TS` instead of `FROM` in the ES|QL query to properly leverage TSDB optimizations. Closes elastic#246220 ## 🛠️ Changes - Created a new `useStreamTSDBMode` hook that creates a DataView for a stream and checks `dataView.isTSDBMode()` to determine if the stream has TSDB characteristics (time series dimensions/metrics) - Updated 4 components that generate "Open in Discover" links to use `TS` or `FROM` based on the stream's TSDB mode: - `streams_list/index.tsx` (StreamNode component) - `stream_detail_overview/components/stream_chart_panel.tsx` - `stream_badges/index.tsx` (DiscoverBadgeButton) - `stream_detail_systems/stream_systems/system_events_data.tsx` - Added Scout/Playwright UI integration tests to validate TSDB-aware Discover links - Note: The failure store redirect link (`use_failure_store_redirect_link.ts`) was intentionally not updated as the failure store is a separate index with a `-failures` suffix that doesn't share TSDB characteristics with the main stream ## 🎙️ Prompts - "When a stream is in time-series (TSDB) mode, clicking 'Explore in Discover' should use TS instead of FROM in the ES|QL query" 🤖 This pull request was assisted by Cursor --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Cursor <cursoragent@cursor.com>
…c#250695) ## Summary Adds a tooltip to the refresh button in the Streams simulation playground that explains it refetches samples and reruns the simulation. Closes elastic#229255 ## Changes - Added `EuiToolTip` import to `simulation_playground.tsx` - Wrapped the refresh button (`EuiButtonIcon`) with `EuiToolTip` - Tooltip content: "Refetch samples and rerun simulation" (i18n-ized) - Preserved existing `aria-label` for accessibility ## Prompts - Add tooltip to the refresh button in simulation_playground.tsx explaining it refetches samples and reruns simulation 🤖 This pull request was assisted by Cursor Co-authored-by: Cursor <cursoragent@cursor.com>
…lastic#250362) Closes elastic#248216 ## Summary - moved RO packages from `src` to `x-pack` --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
… to invalid API payload (elastic#250758) **Copilot:** This pull request makes a minor update to the API call in the `useEntityAnalyticsRoutes` hook. The change removes the unnecessary `type: 'index'` property from the request body, simplifying the payload. ### Summary This fixes a bug causing an issue where, after creating the initial index in the management page, no new indices could be selected, as the update payload no longer supports the type field. **Desk Testing Steps:** 1. Load up kibana 2. Add a couple of indicies from the manage sources page of privmon 3. Add a user or two to both indicies 4. Add one index to manage sources - index, update privileged users. 5. Try to delete that index from the options, and add the second instead. OR add the second index and try to update privileged users. 6. Should see - both / either indicies are available on update. **Desk Test Demo:** https://github.com/user-attachments/assets/1c4f5e87-9b03-4b75-92ca-450c5f5cfca3
…250538) ## Summary - Change implementation for `onGroupCollapse` in place of invoking the passed callback on unmount, we invoke the callback only when the row is explicitly not expanded. - Also fix console error, with `maskImage` style getting set as an attribute on the dom elements. <!-- ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [ ] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. ### Identify risks Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ... --> --------- Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Automated by https://buildkite.com/elastic/package-storage-infra-kibana-discover-release-branches/builds/4064 Co-authored-by: elastic-vault-github-plugin-prod <elasticmachine@elastic.co> Co-authored-by: Julia Bardi <90178898+juliaElastic@users.noreply.github.com>
…ve fetch (elastic#250714) ## Summary This PR removes the `node-fetch` dependency and replaces it with Node.js's native `fetch` API for files owned by `@elastic/obs-presentation-team`. ### Why Node.js 18+ includes a native `fetch` API (built on undici internally), making the `node-fetch` package unnecessary. This reduces the dependency footprint by removing one runtime dependency and its transitive dependencies. ### Changes - Updated `kbn-synthtrace` to use native fetch with `undici.Agent` for custom TLS configuration - Updated APM agent version fetching (`fetch_agents_latest_version.ts`) - Updated Java agent versions fetching (`get_java_agent_versions.ts`) - Updated all related test files to use `jest.spyOn(global, 'fetch')` > [!WARNING] > These changes were vibe-coded using the AI agent `claude-4.5-opus-high`. Please review carefully. ## Test plan - [x] Type check passes - [x] ESLint passes - [ ] Unit tests pass for modified files
…flyout (elastic#250862) - Show feature ID and expires at in the flyout description list - Add Meta panel with JSON code block for feature.meta (or placeholder when empty) - Add unit tests for FeatureDetailsFlyout (ID and meta section) --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Kevin Lacabane <klacabane@gmail.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
…lastic#249533) ## Summary Fix elastic#244506 This PR fixes few Metric chart API shortcomings: * Breakdown dimension can be ranked by secondary metric now * due to `schema` library lack of tuple support, while the `metrics` property can be an array, the introduction of the `type` discrimination property had to be done to avoid random default injections. * Fixed background chart schema for ES|QL version * Added more E2E tests (both from SO and API versions) ### Checklist - [x] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: Andreana Malama <andreana.malama@elastic.co>
…oute (elastic#250848) ## Summary This PR adds a validation on the string length of the Enrich policies create routes.
## Summary Improves `PROMQL` command parsing: - Mostly improves params map index pattern parsing. Now the parser properly breaks down index patterns into their constituent parts (cluster, index, selector) and wraps them in a new "bare" list AST node type. - Added support for a new 'bare' list subtype—lists without any enclosing brackets. - The pretty printers (BasicPrettyPrinter and WrappingPrettyPrinter) now know how to format these correctly, without adding extra brackets or weird indentation. - Also added a helper `Builder.expression.list.bare()` for constructing these nodes programmatically. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
## Summary A combination of elastic#250566 + elastic#250772 caused a lint issue, then an import issue on main.
…astic#241365) Resolves [issue](elastic#202490) ## Summary Updating the error message in `config_service.ts` for the special use case when the provided config includes an `enabled` field and the validated config does not. The error message is more human friendly and specific to the `enabled` setting. --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
…@elastic/contextual-security-apps` files (elastic#250018) > [!CAUTION] >⚠️ **Changes / translations were made by GenAI**. I’ve reviewed them carefully, but your code owners’ expert eyes will ensure they’re 100% right. ## Summary This PR applies the auto-fix for the newly introduced `@elastic/eui/require-table-caption`. This rule ensure `EuiInMemoryTable`, `EuiBasicTable` have a `tableCaption` prop for accessibility. ## Changes 1. 🎯 Added missing `tableCaption` attributes to elements flagged by `@elastic/eui/require-table-caption` — accessibility leveled up! ## Related - elastic/eui#9168 This time, to avoid annoying approvals collection, we've broken files down by teams. Now, we are waiting a review only from your team! --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
… fetch (elastic#250718) ## Summary This PR removes the `node-fetch` dependency for files owned by `@elastic/kibana-presentation`. ### Why Node.js 18+ includes a native `fetch` API (built on undici internally), making the `node-fetch` package unnecessary. This reduces the dependency footprint by removing one runtime dependency and its transitive dependencies. ### Changes - Updated Maps WMS client to use native fetch - Updated Maps glyphs to use native fetch - Updated all related test files to use `jest.spyOn(global, 'fetch')` > [!WARNING] > These changes were vibe-coded using the AI agent `claude-4.5-opus-high`. Please review carefully. ## Test plan - [x] Type check passes - [x] ESLint passes - [ ] Unit tests pass for modified files
## Summary Part of elastic#188992 Cleanups the editor, part of a redesign to focus on the query statistics (part of Discover only). - Removed the limit 1000 as many find it confusing - Removed the @timestamp found / not found - Added stats for the query run It also removes the grey from the editor footer upon request <img width="2502" height="450" alt="image" src="https://github.com/user-attachments/assets/d793c587-e7dd-426d-85ad-1f1be98136bf" /> Also the documents queried are also present at the inspector <img width="834" height="267" alt="image" src="https://github.com/user-attachments/assets/850b5fa9-57d4-4d75-8018-acadcc2f8000" /> ### Checklist - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
Closes elastic/kibana-operations#414 This PR declares spotZones to be used on preemptible machine based jobs according to data we have of zones that historically have been failing the most over the past couple months. --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Tyler Smalley <tyler.smalley@elastic.co>
Owner
Author
|
I have applied all the comments. Lets review and discuss the rest in the main repo elastic#250908 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.