[Discover] Managed data view improvement#223451
Conversation
## Summary Ref: elastic/security-team#12791 Enable `newDataViewPickerEnabled` and fresh kibana build ### Before  ### After Label is cut off in security pages because of the `Managed` label, will address this in a separate PR (likely in #223451)   ### Checklist - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
## Summary Ref: elastic/security-team#12791 Enable `newDataViewPickerEnabled` and fresh kibana build ### Before  ### After Label is cut off in security pages because of the `Managed` label, will address this in a separate PR (likely in elastic#223451)   ### Checklist - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) (cherry picked from commit 26a14f3)
…) (#225174) # Backport This will backport the following commits from `main` to `8.19`: - [[Security Solution] Fix default data view name mismatch (#224333)](#224333) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"christineweng","email":"18648970+christineweng@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-06-24T21:05:52Z","message":"[Security Solution] Fix default data view name mismatch (#224333)\n\n## Summary\n\nRef: https://github.com/elastic/security-team/issues/12791\n\nEnable `newDataViewPickerEnabled` and fresh kibana build\n\n### Before\n\n\n\n\n### After\n\nLabel is cut off in security pages because of the `Managed` label, will\naddress this in a separate PR (likely in\nhttps://github.com//pull/223451)\n\n\n\n\n\n\n\n\n### Checklist\n\n- [x] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"26a14f36bf8208caa8836b54607514810378372b","branchLabelMapping":{"^v9.1.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Threat Hunting:Investigations","backport:version","v9.1.0","v8.19.0"],"title":"[Security Solution] Fix default data view name mismatch","number":224333,"url":"https://github.com/elastic/kibana/pull/224333","mergeCommit":{"message":"[Security Solution] Fix default data view name mismatch (#224333)\n\n## Summary\n\nRef: https://github.com/elastic/security-team/issues/12791\n\nEnable `newDataViewPickerEnabled` and fresh kibana build\n\n### Before\n\n\n\n\n### After\n\nLabel is cut off in security pages because of the `Managed` label, will\naddress this in a separate PR (likely in\nhttps://github.com//pull/223451)\n\n\n\n\n\n\n\n\n### Checklist\n\n- [x] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"26a14f36bf8208caa8836b54607514810378372b"}},"sourceBranch":"main","suggestedTargetBranches":["8.19"],"targetPullRequestStates":[{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/224333","number":224333,"mergeCommit":{"message":"[Security Solution] Fix default data view name mismatch (#224333)\n\n## Summary\n\nRef: https://github.com/elastic/security-team/issues/12791\n\nEnable `newDataViewPickerEnabled` and fresh kibana build\n\n### Before\n\n\n\n\n### After\n\nLabel is cut off in security pages because of the `Managed` label, will\naddress this in a separate PR (likely in\nhttps://github.com//pull/223451)\n\n\n\n\n\n\n\n\n### Checklist\n\n- [x] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"26a14f36bf8208caa8836b54607514810378372b"}},{"branch":"8.19","label":"v8.19.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: christineweng <18648970+christineweng@users.noreply.github.com>
## Summary Ref: elastic/security-team#12791 Enable `newDataViewPickerEnabled` and fresh kibana build ### Before  ### After Label is cut off in security pages because of the `Managed` label, will address this in a separate PR (likely in elastic#223451)   ### Checklist - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
christineweng
force-pushed
the
managed-dataview-disable-save
branch
2 times, most recently
from
9aceec8 to
ddeaf14
Compare
christineweng
changed the title
...atform/plugins/shared/data_view_editor/public/components/data_view_editor_flyout_content.tsx
Outdated
Show resolved
Hide resolved
src/platform/plugins/shared/data_view_editor/public/components/footer/footer.tsx
Outdated
Show resolved
Hide resolved
src/platform/plugins/shared/data_view_editor/public/components/footer/footer.tsx
Outdated
Show resolved
Hide resolved
src/platform/plugins/shared/data_views/common/data_views/abstract_data_views.ts
Outdated
Show resolved
Hide resolved
| data_view: serviceKey === SERVICE_KEY ? dataViewSpecSchema : schema.never(), | ||
| index_pattern: | ||
| serviceKey === SERVICE_KEY_LEGACY ? dataViewSpecSchema : schema.never(), | ||
| managed: schema.maybe(schema.boolean({ defaultValue: false })), |
There was a problem hiding this comment.
@davismcphee who would we need to update on the docs side about documenting this change in a release note? Not sure what the process is for platform here..
There was a problem hiding this comment.
I don't think we should expose managed in the public API. Is it needed? I'm under the impression all internal requests run through the content management API that uses the saved object client under the hood.
There was a problem hiding this comment.
I'm not too familiar with internal/external API, is removing this line sufficient to keep it internal?
There was a problem hiding this comment.
Yep, should be. Sorry for the delayed response here!
There was a problem hiding this comment.
I think it should be, and maybe removing from the schema in src/platform/plugins/shared/data_views/server/rest_api_routes/schema.ts too.
...s/shared/discover/public/application/main/components/sidebar/discover_sidebar_responsive.tsx
Show resolved
Hide resolved
| const savedDataViewRefs = savedDataViews | ||
| const availableDataViewRefs = savedDataViews | ||
| ? savedDataViews | ||
| : (await data.dataViews.getIdsWithTitle()) ?? []; |
There was a problem hiding this comment.
Not really on you here, but should this be wrapped in a try catch? fyi @davismcphee
There was a problem hiding this comment.
More of a question for the Presentation team as Unified Search owners, but it definitely could be. Even something like data.dataViews.getIdsWithTitle().catch(() => []) would stop things from blowing up, although I guess it must not fail much as is or we'd probably hear about it 😄
src/platform/plugins/shared/unified_search/public/dataview_picker/change_dataview.tsx
Show resolved
Hide resolved
src/platform/plugins/shared/unified_search/public/dataview_picker/change_dataview.tsx
Outdated
Show resolved
Hide resolved
src/platform/plugins/shared/unified_search/public/dataview_picker/change_dataview.tsx
Outdated
Show resolved
Hide resolved
davismcphee
left a comment
davismcphee
left a comment
There was a problem hiding this comment.
Great job! The code changes are looking good overall. I left some questions and feedback in addition to what @michaelolo24 already added, but it seems like we're on the right track. I have a few comments around the UX, but I'll save them for the One Discover sync so we can discuss.
A couple of things I noticed when testing locally:
A user is still able to implicitly modify a managed data view through the field editor flyout and persist the changes. I think for this case, we can probably just do a check for managed and completely disable the ability to save, with a tooltip along the lines of Fields cannot be edited on managed data views. Duplicate the data view in order to make changes.:
It looks like managed data views can still be edited from data view management. This might be related to the isEdit thing added in this PR. We may need to figure out a way to handle this without each data view editor consumer having to explicitly pass isEdit since it can be error prone if missed:
src/platform/plugins/shared/data_views/common/data_views/abstract_data_views.ts
Outdated
Show resolved
Hide resolved
src/platform/plugins/shared/data_views/common/data_views/data_views.ts
Outdated
Show resolved
Hide resolved
src/platform/plugins/shared/unified_search/public/dataview_picker/change_dataview.tsx
Outdated
Show resolved
Hide resolved
src/platform/plugins/shared/unified_search/public/dataview_picker/change_dataview.tsx
Outdated
Show resolved
Hide resolved
| const savedDataViewRefs = savedDataViews | ||
| const availableDataViewRefs = savedDataViews | ||
| ? savedDataViews | ||
| : (await data.dataViews.getIdsWithTitle()) ?? []; |
There was a problem hiding this comment.
More of a question for the Presentation team as Unified Search owners, but it definitely could be. Even something like data.dataViews.getIdsWithTitle().catch(() => []) would stop things from blowing up, although I guess it must not fail much as is or we'd probably hear about it 😄
src/platform/plugins/shared/unified_search/public/dataview_picker/change_dataview.tsx
Show resolved
Hide resolved
| name: 'All logs', | ||
| title: 'logs-*,dataset-logs-*-*', | ||
| timeFieldName: '@timestamp', | ||
| managed: true, |
There was a problem hiding this comment.
On a totally unrelated note since I just happened to notice it, @elastic/obs-ux-logs-team shouldn't this just be { id: ALL_LOGS_DATA_VIEW_ID } like it is here?
There was a problem hiding this comment.
@thomheymann @weltenwort is this a leftover from #209565? Or we need this for redirects?
There was a problem hiding this comment.
@davismcphee Yeh, looks like All Logs is used as a fallback which should be using the ALL_LOGS_DATA_VIEW_ID data view.
@gbamparop This code was introduced as part of #215867 to pass app state from Logs Stream component to Discover.
There was a problem hiding this comment.
Agreed. Although I suspect this is a dead code path since the conditional earlier in that function already seems to cover all cases and we'd never reach that fall-through. For cleanliness's sake one could turn the 'all' branch into the default to remove this.
christineweng
force-pushed
the
managed-dataview-disable-save
branch
3 times, most recently
from
ee414c0 to
1a3bbd8
Compare
christineweng
added
release_note:fix
Team:DataDiscovery
christineweng
force-pushed
the
managed-dataview-disable-save
branch
from
1a3bbd8 to
f4a8630
Compare
davismcphee
left a comment
davismcphee
left a comment
There was a problem hiding this comment.
Left one more round of minor feedback, but we're just about there! I've tested basically everything I could think of at this point and it's working great overall, so this should be good to go on my end once addressed 🙂
...hared/data_view_editor/public/components/advanced_params_content/advanced_params_content.tsx
Outdated
Show resolved
Hide resolved
...atform/plugins/shared/data_view_editor/public/components/data_view_editor_flyout_content.tsx
Outdated
Show resolved
Hide resolved
...atform/plugins/shared/data_view_editor/public/components/data_view_editor_flyout_content.tsx
Outdated
Show resolved
Hide resolved
...atform/plugins/shared/data_view_editor/public/components/data_view_editor_flyout_content.tsx
Outdated
Show resolved
Hide resolved
...atform/plugins/shared/data_view_field_editor/public/components/field_editor/field_detail.tsx
Show resolved
Hide resolved
...form/plugins/shared/data_view_field_editor/public/components/field_editor_flyout_content.tsx
Outdated
Show resolved
Hide resolved
...s/shared/discover/public/application/main/components/sidebar/discover_sidebar_responsive.tsx
Show resolved
Hide resolved
src/platform/plugins/shared/unified_search/public/dataview_picker/change_dataview.tsx
Outdated
Show resolved
Hide resolved
| onSave: (newDataView) => { | ||
| onDataViewCreated(newDataView); | ||
| }, | ||
| allowAdHocDataView: true, |
There was a problem hiding this comment.
So I ended up looking into this, and afaict there weren't any consumers who both allowed data view creation within Unified Search but didn't support ad hoc data views, so I'm pretty sure we're ok here. But I'll ping them again directly in their channel to be sure.
...orm/plugins/shared/data_view_editor/public/components/data_view_flyout_content_container.tsx
Outdated
Show resolved
Hide resolved
christineweng
force-pushed
the
managed-dataview-disable-save
branch
from
1b769db to
4b4a35a
Compare
davismcphee
left a comment
davismcphee
left a comment
There was a problem hiding this comment.
Thanks for the latest changes, this all looks good to me now! I opened a tiny PR against the branch to fix the data views API issue, but once that's merged and we confirm CI is green, I'll drop by to approve 🙂
...atform/plugins/shared/data_view_field_editor/public/components/field_editor/field_detail.tsx
Show resolved
Hide resolved
src/platform/plugins/shared/data_views/server/rest_api_routes/schema.ts
Outdated
Show resolved
Hide resolved
Fix validation issue with data views API schema
davismcphee
left a comment
davismcphee
left a comment
There was a problem hiding this comment.
Awesome work @christineweng! Thanks for all your effort here and working with us through the iterations 🙏 It was a long road, but I think we're finally there!
…eng/kibana into managed-dataview-disable-save
💛 Build succeeded, but was flaky
Failed CI StepsMetrics [docs]
History
|
20 participants
Summary
This PR adds a
managedproperty toDataViewtype. It leveraged the existingmanagedproperty in saved objects, when a data view is created,managedis also passed to SO creation.Major changes:
Managedtag. The tags are present consistently across applicationsDuplicatebuttonManaged this data viewfor a managed data view, the form is disabled from editing. User has the option to clickDuplicate, which will open a new flyout with the indices populatedStack management->Data views, editing a managed data view also shows a disabled form.Managedtag is added.Duplicateis not available in stack management -> data views -> edit. If the data view is managed, the form is disabled and save button is not presentScreen.Recording.2025-09-04.at.2.18.03.PM.mov
Data view editor flyout logic
As the variation of the editor form increase from 2 scenarios to 4, additional logic is added. A small refactoring was made to
onDataViewCreatedto standardized the props, so that it can be reused by the duplicate logic (when duplicating, it is essentially the same behavior as creating a data view.UI updates
Checklist
release_note:breakinglabel should be applied in these situations.release_note:*label is applied per the guidelines