[Security Solution] Update "Execution events" tab UI#252168
Merged
nikitaindik merged 10 commits intoelastic:mainfrom Feb 12, 2026
Merged
[Security Solution] Update "Execution events" tab UI#252168nikitaindik merged 10 commits intoelastic:mainfrom
nikitaindik merged 10 commits intoelastic:mainfrom
Conversation
Contributor
Flaky Test Runner Stats🎉 All tests passed! - kibana-flaky-test-suite-runner#10695[✅] Security Solution Rule Management - Cypress: 50/50 tests passed. |
nikitaindik
force-pushed
the
fix-execution-events-filters
branch
from
b96e499 to
7ab62c8
Compare
nikitaindik
added
release_note:skip
Contributor
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
Contributor
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
Contributor
|
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management) |
nikitaindik
changed the title
NicholasPeretti
approved these changes
Feb 9, 2026
nkhristinin
approved these changes
Feb 11, 2026
Contributor
nkhristinin
left a comment
nkhristinin
left a comment
There was a problem hiding this comment.
Nice update! DE changes LGTM!
maximpn
approved these changes
Feb 11, 2026
Contributor
maximpn
left a comment
maximpn
left a comment
There was a problem hiding this comment.
@nikitaindik Thanks for polishing the execution events tab 🙏
I left a few comments regarding the diff but overall it LGTM. And local testing didn't reveal any issues.
I'd recommend considering to move out rule execution id to the table row. UUID is quite long so we could show a short version displaying the full value upon hovering. Different rule execution it could be shown in badge style with colored background. It should help to visually distinguish event from different rule executions.
nikitaindik
force-pushed
the
fix-execution-events-filters
branch
from
7ab62c8 to
71a556c
Compare
Contributor
Author
Thanks. I addressed the comments.
I was also thinking about something like this. Kind of like table rows are rendered with alternating colors to easily distinguish between rows (in our case this would be groups of rows). I agree that we def need some visual separation between events from different executions. I'd say let's get back to this once we start implementing the filtering by rule execution IDs. |
Contributor
⏳ Build in-progress, with failures
Failed CI StepsHistory
cc @nikitaindik |
nikitaindik
added a commit
that referenced
this pull request
Feb 12, 2026
mistic
pushed a commit
to mistic/kibana
that referenced
this pull request
Feb 13, 2026
**Resolves: elastic#251206 ## Summary This PR adds some polishing to the "Execution events" tab on the rule details page to make it more user-friendly and usable for debugging issues with rule execution. Cypress tests were also added. > NOTE: Currently this functionality is hidden behind a feature flag and is not visible by default. ## Screenshots <details> <summary>Click to see screenshots</summary> **Before** <img width="1441" height="669" alt="543710465-c3cc2781-1e80-4a34-af25-65e70d880623" src="https://github.com/user-attachments/assets/e8e3a326-84b1-4dae-bfba-c1d25ea41979" /> **After** <img width="1611" height="862" alt="Screenshot 2026-02-09 at 10 31 34" src="https://github.com/user-attachments/assets/59fa9829-1d60-41cf-82d3-d72904430763" /> </details> ## Changes - Replaced the "Message" column with a "Summary" column. It shows more user friendly summaries of "status changes" and "metrics" events and truncated "message" for "message" events. - Simplified the display of the details in the expandable sections: displaying only what's relevant to current event, without duplicating info that's shown elsewhere in UI. - Made event message filtering send a request only on hitting "Enter" (previously it was on every keypress). - Replaced event type icons with ones that are are more directly related to event types. - Updated the Event Log Reader to pass additional details, specific to an event type. This helps to display proper rule statuses in UI, for example ("Warning" instead of technical "partial failure"). - Added Cypress tests to cover the functionality. ## How to test Enable the feature flag and the advanced settings in Kibana config ``` xpack.securitySolution.enableExperimental: ['extendedRuleExecutionLoggingEnabled'] uiSettings.overrides: 'securitySolution:extendedRuleExecutionLoggingEnabled': true 'securitySolution:extendedRuleExecutionLoggingMinLevel': 'debug' ``` You can use this script to create rules of different types that will generate execution events. https://gist.github.com/nikitaindik/6e9eb707a0f5a53c8fbb65510caa8807
mistic
pushed a commit
to mistic/kibana
that referenced
this pull request
Feb 13, 2026
## Summary I accidentally merged a commit in PR [elastic#252168](elastic#252168) that was destined for another PR elastic#252374. 🤦♂️ The commit adjusted log levels for rule executors. Opening this PR to revert the unwanted commit.
nikitaindik
added a commit
that referenced
this pull request
Feb 19, 2026
… rule executors (#252374) **Resolves: #251211 ## Summary We'd like to provide a user-friendly way to view rule execution events to our customers, so that they could do some basic rule execution troubleshooting. To achieve this we are currently working ([PR](#252168)) on improving the "Execution events" tab on the Rule Details page (currently hidden behind a feature flag). The "Execution events" tab would show execution events logged to event log, filtered by selected log levels. Ideally, we'd like to give users the most helpful information right away (like which indices are queried, how many alerts were created, how many were filtered by exceptions, etc) and let. Currently, we don't log a lot of info useful for customers, but we do log a lot of developer-useful info. <details> <summary>Screenshot of how "Execution events" messages look currently</summary> <img width="2932" height="675" alt="Screenshot 2026-02-09 at 17 33 56" src="https://github.com/user-attachments/assets/5ec58dd8-6032-49f3-83ec-bfbd13a6fa03" /> </details> <details> <summary>Screenshot of how "Execution events" would look after we apply changes from this PR (much cleaner)</summary> <img width="2291" height="854" alt="Screenshot 2026-02-12 at 12 07 04" src="https://github.com/user-attachments/assets/da74a5da-e6d5-4a07-885c-39ed3a55a132" /> </details> **Changes** This PR adjusts "message" logs written to event log from rule executors: - No new logs added, no information was removed. - Updated log levels: "info" for less technical user-useful info, "debug" for rule execution stages and basic stats, "trace" is for very small details, mostly useful for devs. - Updated the wording to be a bit more UI friendly and consistent. - Edited long log messages to have a summary/most useful piece of info in the first sentence, then details, separated by a newline char. We could show the first line in the "Execution events" table right away and the full message with all the details in the expandable section. > **NOTE**: You'll need to enable these Advanced Settings in Kibana config to write logs of all levels. ``` uiSettings.overrides: 'securitySolution:extendedRuleExecutionLoggingEnabled': true 'securitySolution:extendedRuleExecutionLoggingMinLevel': 'trace' ``` --------- Co-authored-by: Devin W. Hurley <snowmiser111@gmail.com>
ersin-erdal
pushed a commit
to ersin-erdal/kibana
that referenced
this pull request
Feb 19, 2026
… rule executors (elastic#252374) **Resolves: elastic#251211 ## Summary We'd like to provide a user-friendly way to view rule execution events to our customers, so that they could do some basic rule execution troubleshooting. To achieve this we are currently working ([PR](elastic#252168)) on improving the "Execution events" tab on the Rule Details page (currently hidden behind a feature flag). The "Execution events" tab would show execution events logged to event log, filtered by selected log levels. Ideally, we'd like to give users the most helpful information right away (like which indices are queried, how many alerts were created, how many were filtered by exceptions, etc) and let. Currently, we don't log a lot of info useful for customers, but we do log a lot of developer-useful info. <details> <summary>Screenshot of how "Execution events" messages look currently</summary> <img width="2932" height="675" alt="Screenshot 2026-02-09 at 17 33 56" src="https://github.com/user-attachments/assets/5ec58dd8-6032-49f3-83ec-bfbd13a6fa03" /> </details> <details> <summary>Screenshot of how "Execution events" would look after we apply changes from this PR (much cleaner)</summary> <img width="2291" height="854" alt="Screenshot 2026-02-12 at 12 07 04" src="https://github.com/user-attachments/assets/da74a5da-e6d5-4a07-885c-39ed3a55a132" /> </details> **Changes** This PR adjusts "message" logs written to event log from rule executors: - No new logs added, no information was removed. - Updated log levels: "info" for less technical user-useful info, "debug" for rule execution stages and basic stats, "trace" is for very small details, mostly useful for devs. - Updated the wording to be a bit more UI friendly and consistent. - Edited long log messages to have a summary/most useful piece of info in the first sentence, then details, separated by a newline char. We could show the first line in the "Execution events" table right away and the full message with all the details in the expandable section. > **NOTE**: You'll need to enable these Advanced Settings in Kibana config to write logs of all levels. ``` uiSettings.overrides: 'securitySolution:extendedRuleExecutionLoggingEnabled': true 'securitySolution:extendedRuleExecutionLoggingMinLevel': 'trace' ``` --------- Co-authored-by: Devin W. Hurley <snowmiser111@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Resolves: #251206
Summary
This PR adds some polishing to the "Execution events" tab on the rule details page to make it more user-friendly and usable for debugging issues with rule execution. Cypress tests were also added.
Screenshots
Click to see screenshots
Before
After
Changes
How to test
Enable the feature flag and the advanced settings in Kibana config
You can use this script to create rules of different types that will generate execution events.
https://gist.github.com/nikitaindik/6e9eb707a0f5a53c8fbb65510caa8807