[DO NOT MERGE] Test feat/flyout-system build of EUI#241126
Closed
tkajtoch wants to merge 42 commits intoelastic:mainfrom
Closed
[DO NOT MERGE] Test feat/flyout-system build of EUI#241126tkajtoch wants to merge 42 commits intoelastic:mainfrom
feat/flyout-system build of EUI#241126tkajtoch wants to merge 42 commits intoelastic:mainfrom
Conversation
- addresses TS2742 inferred type error
- due to removed euiTheme.flags
- due to changes from amsterdam to borealis
- rebase cleanup
…lastic#240317) ## Summary Closes elastic#237003 Show prerelease upgrade versions if beta integrations are enabled. Verification: - Install a prerelease integration with an old version ``` POST kbn:/api/fleet/epm/packages/entityanalytics_ad/0.13.0 { "force": true } ``` - Switch on Show beta integrations on Integrations landing page - Go to Installed Integrations UI - Verify that the available upgrade is visible <img width="1532" height="721" alt="image" src="https://github.com/user-attachments/assets/d58180ee-25df-4da9-8d24-faecb1e5881c" /> ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [ ] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels.
## Summary This PR fixes the filter that was selecting the asset for a given `template_path`. When compiling the template for a given input, fleet was selecting it through the asset map taking into account the rule "path ends with X". This method opened the door to some bug behavour in the following case: - A template path `log.yml.hbs` - An asset map with `log.yml.hbs` and `syslog.yml.hbs` Both assets where selected, the first one was chosen, but not necessary the first was `log.yml.hbs` although both end with this string. The change introduces a change when selecting the template path to get the exact file, although a fallback to the old logic is kept as there are cases where the endsWith logic makes sense. This is when a default template path is used (`stream.yml.hbs`) and the asset is called `filestream.yml.hbs` Related change at package-spec elastic/package-spec#1002 Original issue elastic/package-spec#703 ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [ ] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. ## Release note Fixes `template_path` asset selection for some cases of integration packages
…c#240472) When `length > MAX_ARTIFACTS_INVESTIGATION_GUIDE_LENGTH` this code was constantly setting a new `errorMessages` causing a `Maximum update depth exceeded` error. In this PR we also set a new value for `MAX_ARTIFACTS_INVESTIGATION_GUIDE_LENGTH`. ``` const [errorMessages, setErrorMessages] = React.useState<string[]>([]); const onParse = useCallback( (_: EuiMarkdownParseError | null, { ast }: { ast: EuiMarkdownAstNode }) => { const length = ast.position?.end.offset ?? 0; if (length > MAX_ARTIFACTS_INVESTIGATION_GUIDE_LENGTH) { setErrorMessages([ i18n.translate('responseOpsRuleForm.investigationGuide.editor.errorMessage', { defaultMessage: 'The Investigation Guide is too long. Please shorten it.\nCurrent length: {length}.\nMax length: {maxLength}.', values: { length, maxLength: MAX_ARTIFACTS_INVESTIGATION_GUIDE_LENGTH }, }), ]); } else if (errorMessages.length) { setErrorMessages([]); } }, [errorMessages] ); ``` Before: https://github.com/user-attachments/assets/5a07984c-f9bf-4938-b31b-c4375558dca9 After: https://github.com/user-attachments/assets/a7f1f132-6e1f-41df-9320-6a0abe2041a4 --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
…lastic#240809) ## Summary Closes elastic#236679 Set [the index.mode setting](https://www.elastic.co/docs/reference/elasticsearch/index-settings/index-modules#index-mode-setting) to `lookup` so that `LOOKUP` operations are possible on `.entities.v1.latest*` indices. This will make the indices single-sharded, but they already are due to [this default setting](https://www.elastic.co/docs/reference/elasticsearch/index-settings/index-modules#_static_index_settings). ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [ ] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels.
## Summary From elastic#239314 (comment) the `entityID` is expected to be supplied in the request body, but the path parameter was only partially removed. This results in an invalid API specification which breaks [client generation](elastic/terraform-provider-elasticstack#1402 (comment)). ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [x] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [x] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [x] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [x] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
…al denial of service in ensureFieldIsSafeForQuery() function due to permissive regex search (elastic#239280) Closes elastic/response-ops-team#438 ## Summary - applied recommended change
…fall (elastic#240843) ## Summary Closes elastic#238405 Since we upgraded the error handling strategy to catch Fatal React Errors, we’ve started seeing `TypeError: Cannot read properties of undefined (reading 'map')` in versions 8.19.x and 9.1.x. <img width="809" height="121" alt="Screenshot 2025-10-27 at 16 03 48" src="https://github.com/user-attachments/assets/042a4118-8294-4701-8d0b-590321a2bde8" /> After reviewing the error stack, we found that this occurs because `traceItems` is occasionally arrive as `undefined`. Although TS enforces that it should always be defined, a potential API malfunction may cause this scenario. To prevent users from encountering an uncontrolled error, this PR adds a check for `undefined` for `data` coming from the `useFetcher` (more details in [this comment](elastic#240843 (comment))). This ensures that the UI behaves safely even if `traceItems` is unexpectedly `undefined`. |Before|After| |-|-| ||<img width="1405" height="968" alt="Screenshot 2025-10-28 at 14 26 04" src="https://github.com/user-attachments/assets/1d4453df-25b5-4573-b29f-0da76f42b064" />| I also took the chance to update the UI, so the error message is more visible: |Before|After| |-|-| |<img width="1405" height="968" alt="Screenshot 2025-10-28 at 14 26 04" src="https://github.com/user-attachments/assets/1d4453df-25b5-4573-b29f-0da76f42b064" />|<img width="1405" height="966" alt="Screenshot 2025-10-28 at 14 24 51" src="https://github.com/user-attachments/assets/3426defd-58fc-4ea8-950c-1163bb11cb20" />| The same error has been now added to the `TraceWaterfallEmbeddable`: <img width="1387" height="135" alt="Screenshot 2025-10-28 at 14 27 31" src="https://github.com/user-attachments/assets/3bd01cb3-b716-4216-82de-ec02d7f01bdf" />
…ic#236653) Closes elastic#240349 This fixed issues around forwarding requests based on the origin header and `request.url`. Instead the kibana tool now uses the configured `server.publicBaseUrl`. Note: Setting `server.publicBaseUrl: "http://localhost:5601"` in kibana.yml is now required in order to use the kibana tool. **To reviewers:** Please follow these steps to reproduce the problem: elastic#240349 --------- Co-authored-by: Viduni Wickramarachchi <viduni.ushanka@gmail.com>
…ate (elastic#240005) ## Summary This PR addresses the Accesibility Issues we have with Misconfiguration Page <img width="1468" height="379" alt="Screenshot 2025-10-29 at 2 45 28 AM" src="https://github.com/user-attachments/assets/ef20674b-937f-4063-b6f6-170ef6b01d20" /> How to test: - Turn on Voice over - Tab to the highlighted part of the screenshot - Cmd + Option space on the highlighted part Expected result: - For Findings number, it should announce the number of findings - For Fields, it should announce details of the button (what is it used for)
## Summary Another attempt to fix the flaky tests with the embeddable alerts panel. The issue is that alerts are not being generated. I made the rules more sensitive so they will always produce alerts and use the event log to check the rules' execution status. I run the flaky test runner 3 x 200 without any issues. Fixes: elastic#227748 Fixes: elastic#220807 ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary Closes elastic#240925 elastic#239567 limited remote integrations sync to packages installed from registry. This PR adds allowing bundled packages as well. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [x] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
## Summary
Fixes internal Kibana actions not respecting space context when executed
through workflows.
## Problem
Actions were executing in the default space regardless of which space
the workflow was running in, breaking space isolation.
## Solution
- Pass `spaceId` from workflow context to `buildKibanaRequestFromAction`
- Apply `/s/{spaceId}` prefix to API paths for non-default spaces
- Maintain correct behavior for default space (no prefix required)
## Impact
All 454+ Kibana internal actions now correctly execute in their intended
space context.
Closes elastic/security-team#14425
…Alert Filtering - Backend Implementation (elastic#235770) ## 🎯 Summary This PR implements the backend infrastructure for **Risk Scoring Alert Filtering**, enabling users to apply entity-specific KQL filters during risk score calculations. This enhancement allows for more targeted risk scoring by filtering alerts based on custom criteria. ## 🚀 What's New ### Core Features - **Entity-Specific Filtering**: Apply KQL filters to specific entity types (host, user, service) - **Backward Compatibility**: Existing configurations continue to work without changes - **Graceful Error Handling**: Invalid KQL filters are silently ignored to prevent query failures - **Migration Support**: Automatic migration of existing saved objects to include new filters field ### Technical Implementation #### 1. **Saved Object Schema Enhancement** - Added `filters` field to `risk-engine-configuration` saved object - Implemented migration logic (version 3) for existing configurations - Updated mappings version to 5 #### 2. **Enhanced Risk Scoring Logic** - Created `buildFiltersForEntityType` helper function for entity-specific filter construction - Integrated KQL parsing using `@kbn/es-query` utilities - Applied filters at the aggregation level for optimal performance #### 3. **API Endpoint Updates** - Enhanced configuration endpoint to accept filters parameter - Updated preview endpoint to support filter testing - Maintained backward compatibility with existing API contracts ## 🏗️ Architecture ```mermaid graph TD A[User Configuration] --> B[Risk Engine Saved Object] B --> C[buildFiltersForEntityType] C --> D[KQL Parser] D --> E[Elasticsearch Query] E --> F[Risk Score Aggregation] F --> G[Filtered Results] H[API Request] --> I[Route Handler] I --> J[Risk Score Service] J --> K[calculateRiskScores] K --> C ``` ## 🔧 Filter Processing Flow ```mermaid sequenceDiagram participant U as User participant API as API Endpoint participant S as Risk Score Service participant F as Filter Builder participant ES as Elasticsearch U->>API: POST /api/risk_scores/preview API->>S: calculateScores(filters) S->>F: buildFiltersForEntityType() F->>F: Parse KQL filters F->>F: Build ES queries F-->>S: Return filters array S->>ES: Execute aggregation with filters ES-->>S: Return filtered results S-->>API: Return risk scores API-->>U: Return response ``` ## 🧪 Testing ### Unit Tests Added - `buildFiltersForEntityType` function tests - Saved object migration tests - API endpoint filter parameter tests - Error handling for invalid KQL filters ### Test Coverage - ✅ Entity-specific filter application - ✅ Multiple filters for same entity type - ✅ Empty filter arrays handling - ✅ Invalid KQL filter graceful handling - ✅ Backward compatibility verification ## 📋 API Testing ### 1. **Configure Risk Engine with Filters** ```bash curl -X PUT "http://localhost:5601/api/risk_score/engine/saved_object/configure" \ -H "Content-Type: application/json" \ -H "kbn-xsrf: true" \ -H "Authorization : Basic ***" \ -d '{ "filters": [ { "entity_types": ["host"], "filter": "agent.type: filebeat" }, { "entity_types": ["user"], "filter": "user.name: ubuntu" } ] }' ``` **Expected Response:** ```json { "risk_engine_saved_object_configured": true } ``` **Get risk engine saved object configuration:** ```bash curl --location --request GET 'http://localhost:5601/api/saved_objects/_find?type=risk-engine-configuration' \ --header 'elastic-api-version: 1' \ --header 'kbn-xsrf: true' \ --header 'x-elastic-internal-origin: true' \ --header 'Content-Type: application/json' \ --header 'Authorization: Basic ***' \ --data '{ "range": { "start": "now-30d", "end": "now" }, "includeClosedAlerts": false }' ``` **Expected Response:** ```bash { "page": 1, "per_page": 20, "total": 1, "saved_objects": [ { "type": "risk-engine-configuration", "id": "36e6f63d-e5d0-4919-8d41-4988dd708754", "namespaces": [ "default" ], "attributes": { "dataViewId": ".alerts-security.alerts-default", "enabled": false, "filter": {}, "interval": "1h", "pageSize": 3500, "range": { "start": "now-30d", "end": "now" }, "excludeAlertStatuses": [ "closed" ], "_meta": { "mappingsVersion": 5 }, "filters": [ { "entity_types": [ "host" ], "filter": "agent.type: filebeat" }, { "entity_types": [ "user" ], "filter": "user.name: ubuntu" } ] }, "references": [], "managed": false, "migrationVersion": { "risk-engine-configuration": "10.3.0" }, "updated_at": "2025-09-29T06:52:46.483Z", "created_at": "2025-09-26T08:42:58.037Z", "version": "WzExLDFd", "coreMigrationVersion": "8.8.0", "typeMigrationVersion": "10.3.0", "score": 0 } ] } ``` ### 2. **Preview Risk Scores with and without Filters** I added 5 alerts for this test host.name : "pessimistic-permafrost.name" host.name : "yellowish-minority.info" user.name : "Roscoe_Stehr-Murazik" user.name : "Sheridan_MacGyver55" user.name : "ubuntu" **Without filters** ```bash curl --location 'http://localhost:5601/internal/risk_score/preview' \ --header 'kbn-xsrf: true' \ --header 'elastic-api-version: 1' \ --header 'x-elastic-internal-origin: true' \ --header 'Content-Type: application/json' \ --header 'Authorization: Basic ****' \ --data '{ "data_view_id": ".alerts-security.alerts-default", "range": { "start": "now-30d", "end": "now" }}' | jq '{ hosts: [.scores.host[] | {id_field, id_value}], users: [.scores.user[] | {id_field, id_value}] }' { "hosts": [ { "id_field": "host.name", "id_value": "pessimistic-permafrost.name" }, { "id_field": "host.name", "id_value": "yellowish-minority.info" } ], "users": [ { "id_field": "user.name", "id_value": "Roscoe_Stehr-Murazik" }, { "id_field": "user.name", "id_value": "Sheridan_MacGyver55" }, { "id_field": "user.name", "id_value": "ubuntu" } ] } ``` **With user filter** ```bash curl --location 'http://localhost:5601/internal/risk_score/preview' \ --header 'kbn-xsrf: true' \ --header 'elastic-api-version: 1' \ --header 'x-elastic-internal-origin: true' \ --header 'Content-Type: application/json' \ --header 'Authorization: Basic ****' \ --data '{ "data_view_id": ".alerts-security.alerts-default", "range": { "start": "now-30d", "end": "now" }, "filters": [ { "entity_types": ["user"], "filter": "user.name: ubuntu" } ] }' | jq '{ hosts: [.scores.host[] | {id_field, id_value}], users: [.scores.user[] | {id_field, id_value}] }' { "hosts": [ { "id_field": "host.name", "id_value": "pessimistic-permafrost.name" }, { "id_field": "host.name", "id_value": "yellowish-minority.info" } ], "users": [ { "id_field": "user.name", "id_value": "Roscoe_Stehr-Murazik" }, { "id_field": "user.name", "id_value": "Sheridan_MacGyver55" } ] } ``` **With user and host filter** ```bash curl --location 'http://localhost:5601/internal/risk_score/preview' \ --header 'kbn-xsrf: true' \ --header 'elastic-api-version: 1' \ --header 'x-elastic-internal-origin: true' \ --header 'Content-Type: application/json' \ --header 'Authorization: Basic ****' \ --data '{ "data_view_id": ".alerts-security.alerts-default", "range": { "start": "now-30d", "end": "now" }, "filters": [ { "entity_types": ["user"], "filter": "user.name: ubuntu" }, { "entity_types" : ["host"], "filter": "agent.type: filebeat" } ] }' | jq '{ hosts: [.scores.host[] | {id_field, id_value}], users: [.scores.user[] | {id_field, id_value}] }' { "hosts": [ { "id_field": "host.name", "id_value": "pessimistic-permafrost.name" } ], "users": [ { "id_field": "user.name", "id_value": "Roscoe_Stehr-Murazik" }, { "id_field": "user.name", "id_value": "Sheridan_MacGyver55" } ] } ``` ### 3. **Test Invalid KQL Filter Handling** ```bash curl -X POST "http://localhost:5601/api/risk_scores/preview" \ -H "Content-Type: application/json" \ -H "kbn-xsrf: true" \ -d '{ "data_view_id": "security-solution-default", "range": { "start": "now-30d", "end": "now" }, "filters": [ { "entity_types": ["host"], "filter": "invalid kql syntax {" } ] }' ``` **Expected Response:** Should return results without the invalid filter applied (graceful degradation) ## 🔄 Migration Strategy - **Automatic Migration**: Existing saved objects are automatically migrated to include empty `filters` array ## 🎯 User Experience Impact ### Before - Risk scoring applied to all alerts without filtering - Limited control over which alerts contribute to risk scores - No way to focus on specific environments or conditions ### After - **Targeted Risk Scoring**: Filter alerts by environment, agent type, user groups, etc. - **Flexible Configuration**: Apply different filters to different entity types ## 🔍 Key Technical Decisions 1. **Entity-Specific Filtering**: Filters are applied per entity type, allowing granular control 2. **KQL Integration**: Leverages existing Kibana Query Language for consistency 3. **Aggregation-Level Filtering**: Filters applied at ES aggregation level for performance ## 📝 Related Issues - Closes: [elastic/security-team#13606](elastic/security-team#13606) - Related: [elastic#224229](elastic#224229) ## 🚧 Next Steps This PR implements the backend infrastructure. The frontend UI implementation will follow in a separate PR to: - Add filter configuration UI components - Integrate with existing risk engine configuration page - Provide filter testing and validation features --- **Note**: This is a backend-only implementation. Frontend changes will be delivered in a subsequent PR. --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary Closes elastic/security-team#14403 - Uses the correct API action in the server routes from the privilege configuration - UI capabilities and API actions values extracted as enums to the package so they can be easily reused --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary Now "Create lookup index" is displayed as first suggestion. <img width="1153" height="432" alt="image" src="https://github.com/user-attachments/assets/b56c9f6c-3d48-418b-a878-4aa1c5e28f90" />
…lastic#240950) ## Summary Closes: elastic/security-team#14367 ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [ ] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. ### Identify risks Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ...
…stic#241092) fixes [240429](elastic#240429) ## Summary This PR fixes a bug where the Discover `input$` observable emissions were not always captured by the Metrics Experience, depending on the interval between the observable emission and the subscription in the `use_lens_props` hook. ### Before  ### After  ## How to test - Start a local Kibana instance and point it to an oblt cluster - the bug is more likely to occur when the performance is worse ```yml feature_flags.overrides: metricsExperienceEnabled: true ``` - Navigate to Discover and Switch to ESQL mode - Change the date picker to a range with no metrics data, then change it again to a range where metrics data is available.
…lastic#241104) ## Summary This PR skips the serverless APM alerts transaction duration test suite for MKI runs. Details on the failure / flakiness in elastic#241102.
…o group by fields defined (elastic#241022) Fixes a regression in threshold rule logic introduced by elastic#216887 - threshold rules with no "group by" fields defined would no longer generate alerts.
…stem` branch # Conflicts: # package.json # yarn.lock
Contributor
|
🤖 Jobs for this PR can be triggered through checkboxes. 🚧
ℹ️ To trigger the CI, please tick the checkbox below 👇
|
tkajtoch
added
the
ci:project-deploy-observability
Contributor
🤖 GitHub commentsExpand to view the GitHub comments
Just comment with:
|
…ally, or add an exception to src/dev/yarn_deduplicate/index.ts and then commit the changes and push to your branch
Member
Author
|
@elasticmachine merge upstream |
Contributor
|
Project deployed, see credentials at: https://buildkite.com/elastic/kibana-deploy-project-from-pr/builds/703 |
Contributor
⏳ Build in-progress, with failures
Failed CI Steps
Test Failures
History
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Do not review or merge this PR. It's made purely for testing and will not be open for reviews
It's based on #240888 since the
feat/flyout-systemfeature branch already contains the changes released in the latest version of EUI that hasn't yet been merged tomain