Moved scheduleNow call to privmon engine init instead of monitoring source engine - bug fix #230263
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…e is initalised. Add try catch around engine status to cover undefined case as well as not running.
CAWilson94
added
release_note:fix
Team: SecuritySolution
Contributor
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
Contributor
|
Pinging @elastic/security-entity-analytics (Team:Entity Analytics) |
CAWilson94
commented
Aug 1, 2025
...olution/server/lib/entity_analytics/privilege_monitoring/privilege_monitoring_data_client.ts
Outdated
Show resolved
Hide resolved
Leftover console, changed to log
machadoum
reviewed
Aug 4, 2025
Comment on lines
147
to
150
|
|
||
| const privMonDataClient = await secSol.getPrivilegeMonitoringDataClient(); | ||
| await privMonDataClient.scheduleNow(); | ||
|
|
Member
There was a problem hiding this comment.
I believe that after this change, the schedule won't run after an update, which is the desired scenario.
Contributor
Author
There was a problem hiding this comment.
Gotcha, I thought it would still be running the same task that was triggered by privmon data client init, so would pick up from there. But will put this back in if its not the case - I think update should be safe and have resources then.
Member
|
Hey @CAWilson94! You have identified the problem with precision. We try to schedule the engine before it is installed. But the current solution causes another problem. I think we need to solve the bug in the source. From what I understand, it comes from: My suggestion is to update That would require adding a new status, and we must be aware that this will impact other places that call A quicker solution is to swallow the exception on |
machadoum
reviewed
Aug 4, 2025
Comment on lines
-21
to
-24
| 'installing', | ||
| 'started', | ||
| 'stopped', | ||
| 'updating', |
machadoum
reviewed
Aug 4, 2025
| 'updating', | ||
| 'error', | ||
| 'disabled', | ||
| 'not_installed', |
Member
There was a problem hiding this comment.
I added a new status return by getEngineStatus, instead of throwing an error.
machadoum
reviewed
Aug 4, 2025
Comment on lines
+74
to
+75
| } catch (e) { | ||
| logger.warn(`[Privilege Monitoring] Error scheduling task, received ${e.message}`); |
Member
There was a problem hiding this comment.
If the schedule fails, we warn in the console but keep going...
machadoum
reviewed
Aug 4, 2025
| const engineStatus = await privMonDataClient.getEngineStatus(); | ||
|
|
||
| try { | ||
| if (engineStatus.status === PRIVILEGE_MONITORING_ENGINE_STATUS.STARTED) { |
Member
There was a problem hiding this comment.
Only schedule if the engine is enabled.
This line is the main bug fix; all other changes are extra safety checks to prevent the same bug from happening when calling scheduleNow from other areas.
Contributor
There was a problem hiding this comment.
shouldnt the scheduleNow do all those checks instead?
machadoum
reviewed
Aug 4, 2025
Comment on lines
+245
to
+246
| status: PRIVILEGE_MONITORING_ENGINE_STATUS.NOT_INSTALLED, | ||
| error: undefined, |
Member
There was a problem hiding this comment.
This isn't strictly required for the bug fix, but it is a good way to prevent similar bugs in the future.
elastic-vault-github-plugin-prod
bot
requested a review
from a team
as a code owner
tiansivive
approved these changes
Aug 4, 2025
Contributor
tiansivive
left a comment
tiansivive
left a comment
There was a problem hiding this comment.
I think this fixes the bug but we should double check if we can do all the required cehcks inside the ScheduleNow function
hop-dev
approved these changes
Aug 4, 2025
Contributor
|
Tested locally 👍 |
natasha-moore-elastic
approved these changes
Aug 4, 2025
Contributor
natasha-moore-elastic
left a comment
natasha-moore-elastic
left a comment
There was a problem hiding this comment.
Approved for Docs
Contributor
|
Starting backport for target branches: 9.1 https://github.com/elastic/kibana/actions/runs/16728199440 |
Contributor
💚 Build Succeeded
Metrics [docs]Module Count
Async chunks
Page load bundle
History
|
kibanamachine
added a commit
to kibanamachine/kibana
that referenced
this pull request
Aug 4, 2025
…ource engine - bug fix (elastic#230263) ## Summary This PR moves the scheduleNow call from the monitoring engine initialization to the privilege monitoring initialisation step. This change ensures the task is only scheduled after the Privileged Monitoring Engine has been properly created and is ready — resolving the dependency issue. The flow for starting a sync with the monitoring engine is - 1. Create privileged users. 2. Register these with the monitoring source 3. Initialise the privilege monitoring engine - will trigger scheduleNow, and therefore the task. Also added a try catch around engine status for handling the case of status undefined within scheduleNow call. ### Testing Changes 1. Open fresh kibana and ES 2. Enable Advanced Settings **UI Test:** 1. Navigate to privileged monitoring page 2. Select index modal - create new index from here 3. Select 'add Privileged users' Look at kibana logs - "Running privilege monitoring task" should show UI should have closed modal, onto the privmon screen. **Dev Tools Test:** 1. **Create test index/ indicies** ``` PUT /tatooine- { "mappings": { "properties": { "user": { "properties": { "name": { "type": "keyword", "fields": { "text": { "type": "text" } } } } } } } } ``` 2. **OPTIONAL - Add some users to this** ``` POST tatooine-/_bulk { "index": {} } { "user": { "name": "Luke Skywalker" } } { "index": {} } { "user": { "name": "Leia Organa" } } { "index": {} } { "user": { "name": "Han Solo" } } { "index": {} } { "user": { "name": "Chewbacca" } } { "index": {} } { "user": { "name": "Obi-Wan Kenobi" } } { "index": {} } { "user": { "name": "Yoda" } } { "index": {} } { "user": { "name": "R2-D2" } } { "index": {} } { "user": { "name": "C-3PO" } } { "index": {} } { "user": { "name": "Darth Vader" } } ``` 3. **Register Monitoring Entity Source Saved Objects** ``` POST kbn:/api/entity_analytics/monitoring/entity_source { "type": "index", "name": "StarWars", "managed": true, "indexPattern": "tatooine-", "enabled": true, "matchers": [ { "fields": ["user.role"], "values": ["admin"] } ], "filter": {} } ``` 4. **Initialise monitoring engine:** ``` POST kbn:/api/entity_analytics/monitoring/engine/init {} ``` Should all work as expected (famous last words) --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: machadoum <pablo.nevesmachado@elastic.co> (cherry picked from commit 20ea09a)
Contributor
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
kibanamachine
added a commit
that referenced
this pull request
Aug 4, 2025
…ring source engine - bug fix (#230263) (#230451) # Backport This will backport the following commits from `main` to `9.1`: - [Moved scheduleNow call to privmon engine init instead of monitoring source engine - bug fix (#230263)](#230263) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Charlotte Alexandra Wilson","email":"CAWilson94@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-08-04T16:04:33Z","message":"Moved scheduleNow call to privmon engine init instead of monitoring source engine - bug fix (#230263)\n\n## Summary \nThis PR moves the scheduleNow call from the monitoring engine\ninitialization to the privilege monitoring initialisation step. This\nchange ensures the task is only scheduled after the Privileged\nMonitoring Engine has been properly created and is ready — resolving the\ndependency issue.\n\nThe flow for starting a sync with the monitoring engine is - \n1. Create privileged users. \n2. Register these with the monitoring source \n3. Initialise the privilege monitoring engine - will trigger\nscheduleNow, and therefore the task.\n\nAlso added a try catch around engine status for handling the case of\nstatus undefined within scheduleNow call.\n\n\n### Testing Changes \n1. Open fresh kibana and ES \n2. Enable Advanced Settings \n\n**UI Test:** \n1. Navigate to privileged monitoring page \n2. Select index modal - create new index from here \n3. Select 'add Privileged users' \n\nLook at kibana logs - \"Running privilege monitoring task\" should show\nUI should have closed modal, onto the privmon screen.\n\n**Dev Tools Test:** \n1. **Create test index/ indicies**\n\n```\nPUT /tatooine-\n{\n \"mappings\": {\n \"properties\": {\n \"user\": {\n \"properties\": {\n \"name\": {\n \"type\": \"keyword\",\n \"fields\": {\n \"text\": {\n \"type\": \"text\"\n }\n }\n }\n }\n }\n }\n }\n}\n\n```\n2. **OPTIONAL - Add some users to this**\n```\nPOST tatooine-/_bulk\n{ \"index\": {} }\n{ \"user\": { \"name\": \"Luke Skywalker\" } }\n{ \"index\": {} }\n{ \"user\": { \"name\": \"Leia Organa\" } }\n{ \"index\": {} }\n{ \"user\": { \"name\": \"Han Solo\" } }\n{ \"index\": {} }\n{ \"user\": { \"name\": \"Chewbacca\" } }\n{ \"index\": {} }\n{ \"user\": { \"name\": \"Obi-Wan Kenobi\" } }\n{ \"index\": {} }\n{ \"user\": { \"name\": \"Yoda\" } }\n{ \"index\": {} }\n{ \"user\": { \"name\": \"R2-D2\" } }\n{ \"index\": {} }\n{ \"user\": { \"name\": \"C-3PO\" } }\n{ \"index\": {} }\n{ \"user\": { \"name\": \"Darth Vader\" } }\n``` \n3. **Register Monitoring Entity Source Saved Objects**\n```\nPOST kbn:/api/entity_analytics/monitoring/entity_source\n{\n \"type\": \"index\",\n \"name\": \"StarWars\",\n \"managed\": true,\n \"indexPattern\": \"tatooine-\",\n \"enabled\": true,\n \"matchers\": [\n {\n \"fields\": [\"user.role\"],\n \"values\": [\"admin\"]\n }\n ],\n \"filter\": {}\n}\n \n```\n4. **Initialise monitoring engine:** \n```\nPOST kbn:/api/entity_analytics/monitoring/engine/init {}\n``` \nShould all work as expected (famous last words)\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: machadoum <pablo.nevesmachado@elastic.co>","sha":"20ea09af7fa857d75449cf2a9a2b7b2316023132","branchLabelMapping":{"^v9.2.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","Team: SecuritySolution","Theme: entity_analytics","Feature:Entity Analytics","Team:Entity Analytics","backport:version","v9.2.0","v9.1.1"],"title":"Moved scheduleNow call to privmon engine init instead of monitoring source engine - bug fix","number":230263,"url":"https://github.com/elastic/kibana/pull/230263","mergeCommit":{"message":"Moved scheduleNow call to privmon engine init instead of monitoring source engine - bug fix (#230263)\n\n## Summary \nThis PR moves the scheduleNow call from the monitoring engine\ninitialization to the privilege monitoring initialisation step. This\nchange ensures the task is only scheduled after the Privileged\nMonitoring Engine has been properly created and is ready — resolving the\ndependency issue.\n\nThe flow for starting a sync with the monitoring engine is - \n1. Create privileged users. \n2. Register these with the monitoring source \n3. Initialise the privilege monitoring engine - will trigger\nscheduleNow, and therefore the task.\n\nAlso added a try catch around engine status for handling the case of\nstatus undefined within scheduleNow call.\n\n\n### Testing Changes \n1. Open fresh kibana and ES \n2. Enable Advanced Settings \n\n**UI Test:** \n1. Navigate to privileged monitoring page \n2. Select index modal - create new index from here \n3. Select 'add Privileged users' \n\nLook at kibana logs - \"Running privilege monitoring task\" should show\nUI should have closed modal, onto the privmon screen.\n\n**Dev Tools Test:** \n1. **Create test index/ indicies**\n\n```\nPUT /tatooine-\n{\n \"mappings\": {\n \"properties\": {\n \"user\": {\n \"properties\": {\n \"name\": {\n \"type\": \"keyword\",\n \"fields\": {\n \"text\": {\n \"type\": \"text\"\n }\n }\n }\n }\n }\n }\n }\n}\n\n```\n2. **OPTIONAL - Add some users to this**\n```\nPOST tatooine-/_bulk\n{ \"index\": {} }\n{ \"user\": { \"name\": \"Luke Skywalker\" } }\n{ \"index\": {} }\n{ \"user\": { \"name\": \"Leia Organa\" } }\n{ \"index\": {} }\n{ \"user\": { \"name\": \"Han Solo\" } }\n{ \"index\": {} }\n{ \"user\": { \"name\": \"Chewbacca\" } }\n{ \"index\": {} }\n{ \"user\": { \"name\": \"Obi-Wan Kenobi\" } }\n{ \"index\": {} }\n{ \"user\": { \"name\": \"Yoda\" } }\n{ \"index\": {} }\n{ \"user\": { \"name\": \"R2-D2\" } }\n{ \"index\": {} }\n{ \"user\": { \"name\": \"C-3PO\" } }\n{ \"index\": {} }\n{ \"user\": { \"name\": \"Darth Vader\" } }\n``` \n3. **Register Monitoring Entity Source Saved Objects**\n```\nPOST kbn:/api/entity_analytics/monitoring/entity_source\n{\n \"type\": \"index\",\n \"name\": \"StarWars\",\n \"managed\": true,\n \"indexPattern\": \"tatooine-\",\n \"enabled\": true,\n \"matchers\": [\n {\n \"fields\": [\"user.role\"],\n \"values\": [\"admin\"]\n }\n ],\n \"filter\": {}\n}\n \n```\n4. **Initialise monitoring engine:** \n```\nPOST kbn:/api/entity_analytics/monitoring/engine/init {}\n``` \nShould all work as expected (famous last words)\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: machadoum <pablo.nevesmachado@elastic.co>","sha":"20ea09af7fa857d75449cf2a9a2b7b2316023132"}},"sourceBranch":"main","suggestedTargetBranches":["9.1"],"targetPullRequestStates":[{"branch":"main","label":"v9.2.0","branchLabelMappingKey":"^v9.2.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/230263","number":230263,"mergeCommit":{"message":"Moved scheduleNow call to privmon engine init instead of monitoring source engine - bug fix (#230263)\n\n## Summary \nThis PR moves the scheduleNow call from the monitoring engine\ninitialization to the privilege monitoring initialisation step. This\nchange ensures the task is only scheduled after the Privileged\nMonitoring Engine has been properly created and is ready — resolving the\ndependency issue.\n\nThe flow for starting a sync with the monitoring engine is - \n1. Create privileged users. \n2. Register these with the monitoring source \n3. Initialise the privilege monitoring engine - will trigger\nscheduleNow, and therefore the task.\n\nAlso added a try catch around engine status for handling the case of\nstatus undefined within scheduleNow call.\n\n\n### Testing Changes \n1. Open fresh kibana and ES \n2. Enable Advanced Settings \n\n**UI Test:** \n1. Navigate to privileged monitoring page \n2. Select index modal - create new index from here \n3. Select 'add Privileged users' \n\nLook at kibana logs - \"Running privilege monitoring task\" should show\nUI should have closed modal, onto the privmon screen.\n\n**Dev Tools Test:** \n1. **Create test index/ indicies**\n\n```\nPUT /tatooine-\n{\n \"mappings\": {\n \"properties\": {\n \"user\": {\n \"properties\": {\n \"name\": {\n \"type\": \"keyword\",\n \"fields\": {\n \"text\": {\n \"type\": \"text\"\n }\n }\n }\n }\n }\n }\n }\n}\n\n```\n2. **OPTIONAL - Add some users to this**\n```\nPOST tatooine-/_bulk\n{ \"index\": {} }\n{ \"user\": { \"name\": \"Luke Skywalker\" } }\n{ \"index\": {} }\n{ \"user\": { \"name\": \"Leia Organa\" } }\n{ \"index\": {} }\n{ \"user\": { \"name\": \"Han Solo\" } }\n{ \"index\": {} }\n{ \"user\": { \"name\": \"Chewbacca\" } }\n{ \"index\": {} }\n{ \"user\": { \"name\": \"Obi-Wan Kenobi\" } }\n{ \"index\": {} }\n{ \"user\": { \"name\": \"Yoda\" } }\n{ \"index\": {} }\n{ \"user\": { \"name\": \"R2-D2\" } }\n{ \"index\": {} }\n{ \"user\": { \"name\": \"C-3PO\" } }\n{ \"index\": {} }\n{ \"user\": { \"name\": \"Darth Vader\" } }\n``` \n3. **Register Monitoring Entity Source Saved Objects**\n```\nPOST kbn:/api/entity_analytics/monitoring/entity_source\n{\n \"type\": \"index\",\n \"name\": \"StarWars\",\n \"managed\": true,\n \"indexPattern\": \"tatooine-\",\n \"enabled\": true,\n \"matchers\": [\n {\n \"fields\": [\"user.role\"],\n \"values\": [\"admin\"]\n }\n ],\n \"filter\": {}\n}\n \n```\n4. **Initialise monitoring engine:** \n```\nPOST kbn:/api/entity_analytics/monitoring/engine/init {}\n``` \nShould all work as expected (famous last words)\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: machadoum <pablo.nevesmachado@elastic.co>","sha":"20ea09af7fa857d75449cf2a9a2b7b2316023132"}},{"branch":"9.1","label":"v9.1.1","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Charlotte Alexandra Wilson <CAWilson94@users.noreply.github.com> Co-authored-by: machadoum <pablo.nevesmachado@elastic.co> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
szaffarano
pushed a commit
to szaffarano/kibana
that referenced
this pull request
Aug 5, 2025
…ource engine - bug fix (elastic#230263) ## Summary This PR moves the scheduleNow call from the monitoring engine initialization to the privilege monitoring initialisation step. This change ensures the task is only scheduled after the Privileged Monitoring Engine has been properly created and is ready — resolving the dependency issue. The flow for starting a sync with the monitoring engine is - 1. Create privileged users. 2. Register these with the monitoring source 3. Initialise the privilege monitoring engine - will trigger scheduleNow, and therefore the task. Also added a try catch around engine status for handling the case of status undefined within scheduleNow call. ### Testing Changes 1. Open fresh kibana and ES 2. Enable Advanced Settings **UI Test:** 1. Navigate to privileged monitoring page 2. Select index modal - create new index from here 3. Select 'add Privileged users' Look at kibana logs - "Running privilege monitoring task" should show UI should have closed modal, onto the privmon screen. **Dev Tools Test:** 1. **Create test index/ indicies** ``` PUT /tatooine- { "mappings": { "properties": { "user": { "properties": { "name": { "type": "keyword", "fields": { "text": { "type": "text" } } } } } } } } ``` 2. **OPTIONAL - Add some users to this** ``` POST tatooine-/_bulk { "index": {} } { "user": { "name": "Luke Skywalker" } } { "index": {} } { "user": { "name": "Leia Organa" } } { "index": {} } { "user": { "name": "Han Solo" } } { "index": {} } { "user": { "name": "Chewbacca" } } { "index": {} } { "user": { "name": "Obi-Wan Kenobi" } } { "index": {} } { "user": { "name": "Yoda" } } { "index": {} } { "user": { "name": "R2-D2" } } { "index": {} } { "user": { "name": "C-3PO" } } { "index": {} } { "user": { "name": "Darth Vader" } } ``` 3. **Register Monitoring Entity Source Saved Objects** ``` POST kbn:/api/entity_analytics/monitoring/entity_source { "type": "index", "name": "StarWars", "managed": true, "indexPattern": "tatooine-", "enabled": true, "matchers": [ { "fields": ["user.role"], "values": ["admin"] } ], "filter": {} } ``` 4. **Initialise monitoring engine:** ``` POST kbn:/api/entity_analytics/monitoring/engine/init {} ``` Should all work as expected (famous last words) --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: machadoum <pablo.nevesmachado@elastic.co>
delanni
pushed a commit
to delanni/kibana
that referenced
this pull request
Aug 5, 2025
…ource engine - bug fix (elastic#230263) ## Summary This PR moves the scheduleNow call from the monitoring engine initialization to the privilege monitoring initialisation step. This change ensures the task is only scheduled after the Privileged Monitoring Engine has been properly created and is ready — resolving the dependency issue. The flow for starting a sync with the monitoring engine is - 1. Create privileged users. 2. Register these with the monitoring source 3. Initialise the privilege monitoring engine - will trigger scheduleNow, and therefore the task. Also added a try catch around engine status for handling the case of status undefined within scheduleNow call. ### Testing Changes 1. Open fresh kibana and ES 2. Enable Advanced Settings **UI Test:** 1. Navigate to privileged monitoring page 2. Select index modal - create new index from here 3. Select 'add Privileged users' Look at kibana logs - "Running privilege monitoring task" should show UI should have closed modal, onto the privmon screen. **Dev Tools Test:** 1. **Create test index/ indicies** ``` PUT /tatooine- { "mappings": { "properties": { "user": { "properties": { "name": { "type": "keyword", "fields": { "text": { "type": "text" } } } } } } } } ``` 2. **OPTIONAL - Add some users to this** ``` POST tatooine-/_bulk { "index": {} } { "user": { "name": "Luke Skywalker" } } { "index": {} } { "user": { "name": "Leia Organa" } } { "index": {} } { "user": { "name": "Han Solo" } } { "index": {} } { "user": { "name": "Chewbacca" } } { "index": {} } { "user": { "name": "Obi-Wan Kenobi" } } { "index": {} } { "user": { "name": "Yoda" } } { "index": {} } { "user": { "name": "R2-D2" } } { "index": {} } { "user": { "name": "C-3PO" } } { "index": {} } { "user": { "name": "Darth Vader" } } ``` 3. **Register Monitoring Entity Source Saved Objects** ``` POST kbn:/api/entity_analytics/monitoring/entity_source { "type": "index", "name": "StarWars", "managed": true, "indexPattern": "tatooine-", "enabled": true, "matchers": [ { "fields": ["user.role"], "values": ["admin"] } ], "filter": {} } ``` 4. **Initialise monitoring engine:** ``` POST kbn:/api/entity_analytics/monitoring/engine/init {} ``` Should all work as expected (famous last words) --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: machadoum <pablo.nevesmachado@elastic.co>
NicholasPeretti
pushed a commit
to NicholasPeretti/kibana
that referenced
this pull request
Aug 18, 2025
…ource engine - bug fix (elastic#230263) ## Summary This PR moves the scheduleNow call from the monitoring engine initialization to the privilege monitoring initialisation step. This change ensures the task is only scheduled after the Privileged Monitoring Engine has been properly created and is ready — resolving the dependency issue. The flow for starting a sync with the monitoring engine is - 1. Create privileged users. 2. Register these with the monitoring source 3. Initialise the privilege monitoring engine - will trigger scheduleNow, and therefore the task. Also added a try catch around engine status for handling the case of status undefined within scheduleNow call. ### Testing Changes 1. Open fresh kibana and ES 2. Enable Advanced Settings **UI Test:** 1. Navigate to privileged monitoring page 2. Select index modal - create new index from here 3. Select 'add Privileged users' Look at kibana logs - "Running privilege monitoring task" should show UI should have closed modal, onto the privmon screen. **Dev Tools Test:** 1. **Create test index/ indicies** ``` PUT /tatooine- { "mappings": { "properties": { "user": { "properties": { "name": { "type": "keyword", "fields": { "text": { "type": "text" } } } } } } } } ``` 2. **OPTIONAL - Add some users to this** ``` POST tatooine-/_bulk { "index": {} } { "user": { "name": "Luke Skywalker" } } { "index": {} } { "user": { "name": "Leia Organa" } } { "index": {} } { "user": { "name": "Han Solo" } } { "index": {} } { "user": { "name": "Chewbacca" } } { "index": {} } { "user": { "name": "Obi-Wan Kenobi" } } { "index": {} } { "user": { "name": "Yoda" } } { "index": {} } { "user": { "name": "R2-D2" } } { "index": {} } { "user": { "name": "C-3PO" } } { "index": {} } { "user": { "name": "Darth Vader" } } ``` 3. **Register Monitoring Entity Source Saved Objects** ``` POST kbn:/api/entity_analytics/monitoring/entity_source { "type": "index", "name": "StarWars", "managed": true, "indexPattern": "tatooine-", "enabled": true, "matchers": [ { "fields": ["user.role"], "values": ["admin"] } ], "filter": {} } ``` 4. **Initialise monitoring engine:** ``` POST kbn:/api/entity_analytics/monitoring/engine/init {} ``` Should all work as expected (famous last words) --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: machadoum <pablo.nevesmachado@elastic.co>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This PR moves the scheduleNow call from the monitoring engine initialization to the privilege monitoring initialisation step. This change ensures the task is only scheduled after the Privileged Monitoring Engine has been properly created and is ready — resolving the dependency issue.
The flow for starting a sync with the monitoring engine is -
Also added a try catch around engine status for handling the case of status undefined within scheduleNow call.
Testing Changes
UI Test:
Look at kibana logs - "Running privilege monitoring task" should show
UI should have closed modal, onto the privmon screen.
Dev Tools Test:
Should all work as expected (famous last words)