[Attack Discovery][Scheduling] Improved duplicates logging#227666
Merged
e40pud merged 4 commits intoelastic:mainfrom Jul 14, 2025
Merged
[Attack Discovery][Scheduling] Improved duplicates logging#227666e40pud merged 4 commits intoelastic:mainfrom
e40pud merged 4 commits intoelastic:mainfrom
Conversation
e40pud
added
release_note:skip
Contributor
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
| if (numDuplicates > 0) { | ||
| logger.info(`Found ${numDuplicates} duplicate alert(s), skipping report for those.`); | ||
| logger.debug(() => `Duplicated alerts:\n ${JSON.stringify([...foundIds].sort(), null, 2)}`); | ||
| const logPrefix = isSchedule ? 'Attack Discovery Schedule' : 'Ad-hoc Attack Discovery'; |
Contributor
There was a problem hiding this comment.
Consider replacing the isSchedule: boolean:
interface DeduplicateAttackDiscoveriesParams {
// ...
isSchedule: boolean;
}with something like:
interface DeduplicateAttackDiscoveriesParams {
// ...
scheduleId: string | undefined;
}such that the executor in x-pack/solutions/security/plugins/elastic_assistant/server/lib/attack_discovery/schedules/register_schedule/executor.ts can pass scheduleInfo.id
const dedupedDiscoveries = await deduplicateAttackDiscoveries({
esClient,
// ...
scheduleId: scheduleInfo?.id,
});to enable logging the schedule id here:
const logPrefix =
scheduleId != null ? `Attack Discovery Schedule [${scheduleId}]` : 'Ad-hoc Attack Discovery';The example above looks like this when logged:
[2025-07-11T12:41:37.739-04:00][INFO ][plugins.elasticAssistant] Attack Discovery Schedule [4c871930-624c-4fcf-a999-94126fe8d65d]: Found 2 duplicate alert(s), skipping report for those.
Contributor
Author
There was a problem hiding this comment.
We already have ownerId which is either username/user profile ID (in case of manual generation) or rule ID (in case of schedules). One thing which is missing is the notion what type of execution it is - manual vs scheduled.
I will convert ownerId in an object that will contain both, something like:
ownerInfo: {
id: string; // username/profileId OR ruleId
isSchedule: boolean; // whether it is a scheduled run
}
Then if it is a schedule, I will add ruleId in the log.
andrew-goldstein
approved these changes
Jul 11, 2025
Contributor
andrew-goldstein
left a comment
andrew-goldstein
left a comment
There was a problem hiding this comment.
Thanks @e40pud for the improved logging!
✅ Desk tested locally
LGTM 🚀
Contributor
💚 Build Succeeded
Metrics [docs]
History
cc @e40pud |
Contributor
|
Starting backport for target branches: 8.19, 9.1 https://github.com/elastic/kibana/actions/runs/16270829330 |
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Jul 14, 2025
…27666) ## Summary Main ticket ([Internal link](elastic/security-team#10142)) With these changes we improve the attack discovery alerts duplicates logging. ### Info level logging examples **Manually generated**: > Ad-hoc Attack Discovery: Found 1 duplicate alert(s), skipping report for those. **Scheduled generations**: > Attack Discovery Schedule: Found 1 duplicate alert(s), skipping report for those. ### Additional debug level logging examples **Manually generated**: ``` Ad-hoc Attack Discovery: Duplicated alerts: [ "{{attack-discovery-alert-id}}" ] ``` **Scheduled generations**: ``` Attack Discovery Schedule: Duplicated alerts: [ "{{attack-discovery-alert-id}}" ] ``` ### To Test 1. Create Attack Discovery Schedule which runs over the same alerts multiple time (for example set alerts query time to 24h) 2. Wait until schedule runs several times and produces duplicated attack discoveries 3. Check kibana server logs ### Example of logging <img width="1536" height="101" alt="Screenshot 2025-07-11 at 16 07 09" src="https://github.com/user-attachments/assets/fe43d195-6166-483e-ad25-75aaa0f0da09" /> ## NOTES The feature is hidden behind the feature flag (in `kibana.dev.yml`): ``` feature_flags.overrides: securitySolution.attackDiscoveryAlertsEnabled: true securitySolution.assistantAttackDiscoverySchedulingEnabled: true ``` (cherry picked from commit 996eb11)
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Jul 14, 2025
…27666) ## Summary Main ticket ([Internal link](elastic/security-team#10142)) With these changes we improve the attack discovery alerts duplicates logging. ### Info level logging examples **Manually generated**: > Ad-hoc Attack Discovery: Found 1 duplicate alert(s), skipping report for those. **Scheduled generations**: > Attack Discovery Schedule: Found 1 duplicate alert(s), skipping report for those. ### Additional debug level logging examples **Manually generated**: ``` Ad-hoc Attack Discovery: Duplicated alerts: [ "{{attack-discovery-alert-id}}" ] ``` **Scheduled generations**: ``` Attack Discovery Schedule: Duplicated alerts: [ "{{attack-discovery-alert-id}}" ] ``` ### To Test 1. Create Attack Discovery Schedule which runs over the same alerts multiple time (for example set alerts query time to 24h) 2. Wait until schedule runs several times and produces duplicated attack discoveries 3. Check kibana server logs ### Example of logging <img width="1536" height="101" alt="Screenshot 2025-07-11 at 16 07 09" src="https://github.com/user-attachments/assets/fe43d195-6166-483e-ad25-75aaa0f0da09" /> ## NOTES The feature is hidden behind the feature flag (in `kibana.dev.yml`): ``` feature_flags.overrides: securitySolution.attackDiscoveryAlertsEnabled: true securitySolution.assistantAttackDiscoverySchedulingEnabled: true ``` (cherry picked from commit 996eb11)
Contributor
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
kibanamachine
added a commit
that referenced
this pull request
Jul 14, 2025
…7666) (#227858) # Backport This will backport the following commits from `main` to `9.1`: - [[Attack Discovery][Scheduling] Improved duplicates logging (#227666)](#227666) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Ievgen Sorokopud","email":"ievgen.sorokopud@elastic.co"},"sourceCommit":{"committedDate":"2025-07-14T15:18:51Z","message":"[Attack Discovery][Scheduling] Improved duplicates logging (#227666)\n\n## Summary\n\nMain ticket ([Internal\nlink](https://github.com/elastic/security-team/issues/10142))\n\nWith these changes we improve the attack discovery alerts duplicates\nlogging.\n\n### Info level logging examples\n\n**Manually generated**:\n\n> Ad-hoc Attack Discovery: Found 1 duplicate alert(s), skipping report\nfor those.\n\n**Scheduled generations**:\n\n> Attack Discovery Schedule: Found 1 duplicate alert(s), skipping report\nfor those.\n\n### Additional debug level logging examples\n\n**Manually generated**:\n\n```\nAd-hoc Attack Discovery: Duplicated alerts:\n[\n \"{{attack-discovery-alert-id}}\"\n]\n```\n\n**Scheduled generations**:\n\n```\nAttack Discovery Schedule: Duplicated alerts:\n[\n \"{{attack-discovery-alert-id}}\"\n]\n```\n\n\n### To Test\n\n1. Create Attack Discovery Schedule which runs over the same alerts\nmultiple time (for example set alerts query time to 24h)\n2. Wait until schedule runs several times and produces duplicated attack\ndiscoveries\n3. Check kibana server logs\n\n### Example of logging\n\n<img width=\"1536\" height=\"101\" alt=\"Screenshot 2025-07-11 at 16 07 09\"\nsrc=\"https://github.com/user-attachments/assets/fe43d195-6166-483e-ad25-75aaa0f0da09\"\n/>\n\n## NOTES\n\nThe feature is hidden behind the feature flag (in `kibana.dev.yml`):\n\n```\nfeature_flags.overrides:\n securitySolution.attackDiscoveryAlertsEnabled: true\n securitySolution.assistantAttackDiscoverySchedulingEnabled: true\n```","sha":"996eb11577703aae12c25ec32d84b7d7ca99210b","branchLabelMapping":{"^v9.2.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team: SecuritySolution","Team:Security Generative AI","backport:version","v9.1.0","v8.19.0","v9.2.0"],"title":"[Attack Discovery][Scheduling] Improved duplicates logging","number":227666,"url":"https://github.com/elastic/kibana/pull/227666","mergeCommit":{"message":"[Attack Discovery][Scheduling] Improved duplicates logging (#227666)\n\n## Summary\n\nMain ticket ([Internal\nlink](https://github.com/elastic/security-team/issues/10142))\n\nWith these changes we improve the attack discovery alerts duplicates\nlogging.\n\n### Info level logging examples\n\n**Manually generated**:\n\n> Ad-hoc Attack Discovery: Found 1 duplicate alert(s), skipping report\nfor those.\n\n**Scheduled generations**:\n\n> Attack Discovery Schedule: Found 1 duplicate alert(s), skipping report\nfor those.\n\n### Additional debug level logging examples\n\n**Manually generated**:\n\n```\nAd-hoc Attack Discovery: Duplicated alerts:\n[\n \"{{attack-discovery-alert-id}}\"\n]\n```\n\n**Scheduled generations**:\n\n```\nAttack Discovery Schedule: Duplicated alerts:\n[\n \"{{attack-discovery-alert-id}}\"\n]\n```\n\n\n### To Test\n\n1. Create Attack Discovery Schedule which runs over the same alerts\nmultiple time (for example set alerts query time to 24h)\n2. Wait until schedule runs several times and produces duplicated attack\ndiscoveries\n3. Check kibana server logs\n\n### Example of logging\n\n<img width=\"1536\" height=\"101\" alt=\"Screenshot 2025-07-11 at 16 07 09\"\nsrc=\"https://github.com/user-attachments/assets/fe43d195-6166-483e-ad25-75aaa0f0da09\"\n/>\n\n## NOTES\n\nThe feature is hidden behind the feature flag (in `kibana.dev.yml`):\n\n```\nfeature_flags.overrides:\n securitySolution.attackDiscoveryAlertsEnabled: true\n securitySolution.assistantAttackDiscoverySchedulingEnabled: true\n```","sha":"996eb11577703aae12c25ec32d84b7d7ca99210b"}},"sourceBranch":"main","suggestedTargetBranches":["9.1","8.19"],"targetPullRequestStates":[{"branch":"9.1","label":"v9.1.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.19","label":"v8.19.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.2.0","branchLabelMappingKey":"^v9.2.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/227666","number":227666,"mergeCommit":{"message":"[Attack Discovery][Scheduling] Improved duplicates logging (#227666)\n\n## Summary\n\nMain ticket ([Internal\nlink](https://github.com/elastic/security-team/issues/10142))\n\nWith these changes we improve the attack discovery alerts duplicates\nlogging.\n\n### Info level logging examples\n\n**Manually generated**:\n\n> Ad-hoc Attack Discovery: Found 1 duplicate alert(s), skipping report\nfor those.\n\n**Scheduled generations**:\n\n> Attack Discovery Schedule: Found 1 duplicate alert(s), skipping report\nfor those.\n\n### Additional debug level logging examples\n\n**Manually generated**:\n\n```\nAd-hoc Attack Discovery: Duplicated alerts:\n[\n \"{{attack-discovery-alert-id}}\"\n]\n```\n\n**Scheduled generations**:\n\n```\nAttack Discovery Schedule: Duplicated alerts:\n[\n \"{{attack-discovery-alert-id}}\"\n]\n```\n\n\n### To Test\n\n1. Create Attack Discovery Schedule which runs over the same alerts\nmultiple time (for example set alerts query time to 24h)\n2. Wait until schedule runs several times and produces duplicated attack\ndiscoveries\n3. Check kibana server logs\n\n### Example of logging\n\n<img width=\"1536\" height=\"101\" alt=\"Screenshot 2025-07-11 at 16 07 09\"\nsrc=\"https://github.com/user-attachments/assets/fe43d195-6166-483e-ad25-75aaa0f0da09\"\n/>\n\n## NOTES\n\nThe feature is hidden behind the feature flag (in `kibana.dev.yml`):\n\n```\nfeature_flags.overrides:\n securitySolution.attackDiscoveryAlertsEnabled: true\n securitySolution.assistantAttackDiscoverySchedulingEnabled: true\n```","sha":"996eb11577703aae12c25ec32d84b7d7ca99210b"}}]}] BACKPORT--> Co-authored-by: Ievgen Sorokopud <ievgen.sorokopud@elastic.co>
kibanamachine
added a commit
that referenced
this pull request
Jul 15, 2025
…27666) (#227857) # Backport This will backport the following commits from `main` to `8.19`: - [[Attack Discovery][Scheduling] Improved duplicates logging (#227666)](#227666) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Ievgen Sorokopud","email":"ievgen.sorokopud@elastic.co"},"sourceCommit":{"committedDate":"2025-07-14T15:18:51Z","message":"[Attack Discovery][Scheduling] Improved duplicates logging (#227666)\n\n## Summary\n\nMain ticket ([Internal\nlink](https://github.com/elastic/security-team/issues/10142))\n\nWith these changes we improve the attack discovery alerts duplicates\nlogging.\n\n### Info level logging examples\n\n**Manually generated**:\n\n> Ad-hoc Attack Discovery: Found 1 duplicate alert(s), skipping report\nfor those.\n\n**Scheduled generations**:\n\n> Attack Discovery Schedule: Found 1 duplicate alert(s), skipping report\nfor those.\n\n### Additional debug level logging examples\n\n**Manually generated**:\n\n```\nAd-hoc Attack Discovery: Duplicated alerts:\n[\n \"{{attack-discovery-alert-id}}\"\n]\n```\n\n**Scheduled generations**:\n\n```\nAttack Discovery Schedule: Duplicated alerts:\n[\n \"{{attack-discovery-alert-id}}\"\n]\n```\n\n\n### To Test\n\n1. Create Attack Discovery Schedule which runs over the same alerts\nmultiple time (for example set alerts query time to 24h)\n2. Wait until schedule runs several times and produces duplicated attack\ndiscoveries\n3. Check kibana server logs\n\n### Example of logging\n\n<img width=\"1536\" height=\"101\" alt=\"Screenshot 2025-07-11 at 16 07 09\"\nsrc=\"https://github.com/user-attachments/assets/fe43d195-6166-483e-ad25-75aaa0f0da09\"\n/>\n\n## NOTES\n\nThe feature is hidden behind the feature flag (in `kibana.dev.yml`):\n\n```\nfeature_flags.overrides:\n securitySolution.attackDiscoveryAlertsEnabled: true\n securitySolution.assistantAttackDiscoverySchedulingEnabled: true\n```","sha":"996eb11577703aae12c25ec32d84b7d7ca99210b","branchLabelMapping":{"^v9.2.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team: SecuritySolution","Team:Security Generative AI","backport:version","v9.1.0","v8.19.0","v9.2.0"],"title":"[Attack Discovery][Scheduling] Improved duplicates logging","number":227666,"url":"https://github.com/elastic/kibana/pull/227666","mergeCommit":{"message":"[Attack Discovery][Scheduling] Improved duplicates logging (#227666)\n\n## Summary\n\nMain ticket ([Internal\nlink](https://github.com/elastic/security-team/issues/10142))\n\nWith these changes we improve the attack discovery alerts duplicates\nlogging.\n\n### Info level logging examples\n\n**Manually generated**:\n\n> Ad-hoc Attack Discovery: Found 1 duplicate alert(s), skipping report\nfor those.\n\n**Scheduled generations**:\n\n> Attack Discovery Schedule: Found 1 duplicate alert(s), skipping report\nfor those.\n\n### Additional debug level logging examples\n\n**Manually generated**:\n\n```\nAd-hoc Attack Discovery: Duplicated alerts:\n[\n \"{{attack-discovery-alert-id}}\"\n]\n```\n\n**Scheduled generations**:\n\n```\nAttack Discovery Schedule: Duplicated alerts:\n[\n \"{{attack-discovery-alert-id}}\"\n]\n```\n\n\n### To Test\n\n1. Create Attack Discovery Schedule which runs over the same alerts\nmultiple time (for example set alerts query time to 24h)\n2. Wait until schedule runs several times and produces duplicated attack\ndiscoveries\n3. Check kibana server logs\n\n### Example of logging\n\n<img width=\"1536\" height=\"101\" alt=\"Screenshot 2025-07-11 at 16 07 09\"\nsrc=\"https://github.com/user-attachments/assets/fe43d195-6166-483e-ad25-75aaa0f0da09\"\n/>\n\n## NOTES\n\nThe feature is hidden behind the feature flag (in `kibana.dev.yml`):\n\n```\nfeature_flags.overrides:\n securitySolution.attackDiscoveryAlertsEnabled: true\n securitySolution.assistantAttackDiscoverySchedulingEnabled: true\n```","sha":"996eb11577703aae12c25ec32d84b7d7ca99210b"}},"sourceBranch":"main","suggestedTargetBranches":["9.1","8.19"],"targetPullRequestStates":[{"branch":"9.1","label":"v9.1.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.19","label":"v8.19.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.2.0","branchLabelMappingKey":"^v9.2.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/227666","number":227666,"mergeCommit":{"message":"[Attack Discovery][Scheduling] Improved duplicates logging (#227666)\n\n## Summary\n\nMain ticket ([Internal\nlink](https://github.com/elastic/security-team/issues/10142))\n\nWith these changes we improve the attack discovery alerts duplicates\nlogging.\n\n### Info level logging examples\n\n**Manually generated**:\n\n> Ad-hoc Attack Discovery: Found 1 duplicate alert(s), skipping report\nfor those.\n\n**Scheduled generations**:\n\n> Attack Discovery Schedule: Found 1 duplicate alert(s), skipping report\nfor those.\n\n### Additional debug level logging examples\n\n**Manually generated**:\n\n```\nAd-hoc Attack Discovery: Duplicated alerts:\n[\n \"{{attack-discovery-alert-id}}\"\n]\n```\n\n**Scheduled generations**:\n\n```\nAttack Discovery Schedule: Duplicated alerts:\n[\n \"{{attack-discovery-alert-id}}\"\n]\n```\n\n\n### To Test\n\n1. Create Attack Discovery Schedule which runs over the same alerts\nmultiple time (for example set alerts query time to 24h)\n2. Wait until schedule runs several times and produces duplicated attack\ndiscoveries\n3. Check kibana server logs\n\n### Example of logging\n\n<img width=\"1536\" height=\"101\" alt=\"Screenshot 2025-07-11 at 16 07 09\"\nsrc=\"https://github.com/user-attachments/assets/fe43d195-6166-483e-ad25-75aaa0f0da09\"\n/>\n\n## NOTES\n\nThe feature is hidden behind the feature flag (in `kibana.dev.yml`):\n\n```\nfeature_flags.overrides:\n securitySolution.attackDiscoveryAlertsEnabled: true\n securitySolution.assistantAttackDiscoverySchedulingEnabled: true\n```","sha":"996eb11577703aae12c25ec32d84b7d7ca99210b"}}]}] BACKPORT--> Co-authored-by: Ievgen Sorokopud <ievgen.sorokopud@elastic.co>
Bluefinger
pushed a commit
to Bluefinger/kibana
that referenced
this pull request
Jul 22, 2025
…27666) ## Summary Main ticket ([Internal link](elastic/security-team#10142)) With these changes we improve the attack discovery alerts duplicates logging. ### Info level logging examples **Manually generated**: > Ad-hoc Attack Discovery: Found 1 duplicate alert(s), skipping report for those. **Scheduled generations**: > Attack Discovery Schedule: Found 1 duplicate alert(s), skipping report for those. ### Additional debug level logging examples **Manually generated**: ``` Ad-hoc Attack Discovery: Duplicated alerts: [ "{{attack-discovery-alert-id}}" ] ``` **Scheduled generations**: ``` Attack Discovery Schedule: Duplicated alerts: [ "{{attack-discovery-alert-id}}" ] ``` ### To Test 1. Create Attack Discovery Schedule which runs over the same alerts multiple time (for example set alerts query time to 24h) 2. Wait until schedule runs several times and produces duplicated attack discoveries 3. Check kibana server logs ### Example of logging <img width="1536" height="101" alt="Screenshot 2025-07-11 at 16 07 09" src="https://github.com/user-attachments/assets/fe43d195-6166-483e-ad25-75aaa0f0da09" /> ## NOTES The feature is hidden behind the feature flag (in `kibana.dev.yml`): ``` feature_flags.overrides: securitySolution.attackDiscoveryAlertsEnabled: true securitySolution.assistantAttackDiscoverySchedulingEnabled: true ```
kertal
pushed a commit
to kertal/kibana
that referenced
this pull request
Jul 25, 2025
…27666) ## Summary Main ticket ([Internal link](elastic/security-team#10142)) With these changes we improve the attack discovery alerts duplicates logging. ### Info level logging examples **Manually generated**: > Ad-hoc Attack Discovery: Found 1 duplicate alert(s), skipping report for those. **Scheduled generations**: > Attack Discovery Schedule: Found 1 duplicate alert(s), skipping report for those. ### Additional debug level logging examples **Manually generated**: ``` Ad-hoc Attack Discovery: Duplicated alerts: [ "{{attack-discovery-alert-id}}" ] ``` **Scheduled generations**: ``` Attack Discovery Schedule: Duplicated alerts: [ "{{attack-discovery-alert-id}}" ] ``` ### To Test 1. Create Attack Discovery Schedule which runs over the same alerts multiple time (for example set alerts query time to 24h) 2. Wait until schedule runs several times and produces duplicated attack discoveries 3. Check kibana server logs ### Example of logging <img width="1536" height="101" alt="Screenshot 2025-07-11 at 16 07 09" src="https://github.com/user-attachments/assets/fe43d195-6166-483e-ad25-75aaa0f0da09" /> ## NOTES The feature is hidden behind the feature flag (in `kibana.dev.yml`): ``` feature_flags.overrides: securitySolution.attackDiscoveryAlertsEnabled: true securitySolution.assistantAttackDiscoverySchedulingEnabled: true ```
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Main ticket (Internal link)
With these changes we improve the attack discovery alerts duplicates logging.
Info level logging examples
Manually generated:
Scheduled generations:
Additional debug level logging examples
Manually generated:
Scheduled generations:
To Test
Example of logging
NOTES
The feature is hidden behind the feature flag (in
kibana.dev.yml):