elastic · tomsonpl · Apr 11, 2026 · Mar 20, 2026 · Mar 23, 2026 · Mar 23, 2026
@@ -19,12 +19,12 @@ export const allowedExperimentalValues = Object.freeze({
    *   - Introduces search input and users filter
    *   - Introduces scheduled responses support
    */
-  queryHistoryRework: false,
+  queryHistoryRework: true,
   /**
    * Replaces the legacy EuiDataGrid results table with UnifiedDataTable,
    * adding KQL search, document flyout, per-row actions, and column curation.
    */
-  unifiedDataTable: false,
+  unifiedDataTable: true,
 });
 
 type ExperimentalFeatures = { [K in keyof typeof allowedExperimentalValues]: boolean };

@@ -147,7 +147,7 @@ describe('ALL - Add Integration', { tags: ['@ess', '@serverless'] }, () => {
         policyContainsIntegration(integrationName, policyName);
         checkDataStreamsInPolicyDetails();
         cy.visit(OSQUERY);
-        cy.contains('Live queries history');
+        cy.contains('History');
       }
     );
   });

@@ -7,7 +7,7 @@
 
 import { initializeDataViews } from '../../tasks/login';
 import { cleanupRule, loadRule } from '../../tasks/api_fixtures';
-import { checkActionItemsInResults, loadRuleAlerts, navigateToRule } from '../../tasks/live_query';
+import { loadRuleAlerts, navigateToRule } from '../../tasks/live_query';
 
 const UUID_REGEX = '[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{12}';
 
@@ -41,13 +41,9 @@ describe(
       cy.getBySel('securitySolutionFlyoutResponseSectionHeader').click();
       cy.getBySel('securitySolutionFlyoutResponseButton').click();
       cy.getBySel('responseActionsViewWrapper').should('exist');
-      checkActionItemsInResults({
-        lens: true,
-        discover: true,
-        cases: true,
-        timeline: true,
-      });
-      cy.contains('View in Discover')
+      cy.getBySel('osquery-results-comment').first().should('exist');
+      cy.get('[aria-label="View in Discover"]')
+        .first()
         .should('exist')
         .should('have.attr', 'href')
         .then(($href) => {
@@ -66,12 +62,7 @@ describe(
       cy.getBySel('securitySolutionFlyoutResponseSectionHeader').click();
       cy.getBySel('securitySolutionFlyoutResponseButton').click();
       cy.getBySel('responseActionsViewWrapper').should('exist');
-      checkActionItemsInResults({
-        lens: true,
-        discover: true,
-        cases: true,
-        timeline: true,
-      });
+      cy.getBySel('osquery-results-comment').first().should('exist');
       cy.getBySel('osquery-results-comment')
         .first()
         .within(() => {
@@ -104,21 +95,12 @@ describe(
         cy.getBySel('securitySolutionFlyoutResponseSectionHeader').click();
         cy.getBySel('securitySolutionFlyoutResponseButton').click();
         cy.getBySel('responseActionsViewWrapper').should('exist');
-        checkActionItemsInResults({
-          lens: true,
-          discover: true,
-          cases: true,
-          timeline: true,
-        });
         cy.getBySel('osquery-results-comment')
           .first()
           .within(() => {
-            cy.get('.euiTableRow')
-              .first()
-              .within(() => {
-                cy.getBySel('add-to-timeline').click();
-              });
+            cy.get('[data-test-subj^="packQueriesTableKebab-"]').first().click();
           });
+        cy.getBySel('add-to-timeline').click();
         cy.contains(timelineRegex);
         cy.getBySel('securitySolutionFlyoutNavigationCollapseDetailButton').click();
         cy.getBySel('timeline-bottom-bar').contains('Untitled timeline').click();

@@ -7,11 +7,7 @@
 
 import { ServerlessRoleName } from '../../support/roles';
 import { initializeDataViews } from '../../tasks/login';
-import {
-  addLiveQueryToCase,
-  checkActionItemsInResults,
-  viewRecentCaseAndCheckResults,
-} from '../../tasks/live_query';
+import { addLiveQueryToCase, viewRecentCaseAndCheckResults } from '../../tasks/live_query';
 import { navigateTo } from '../../tasks/navigation';
 import { loadLiveQuery, loadCase, cleanupCase } from '../../tasks/api_fixtures';
 
@@ -52,12 +48,6 @@ describe('Add to Cases', () => {
       viewRecentCaseAndCheckResults();
 
       cy.contains(liveQueryQuery);
-      checkActionItemsInResults({
-        lens: true,
-        discover: true,
-        cases: false,
-        timeline: false,
-      });
     });
   });
 
@@ -84,12 +74,6 @@ describe('Add to Cases', () => {
       viewRecentCaseAndCheckResults();
 
       cy.contains('SELECT * FROM os_version;');
-      checkActionItemsInResults({
-        lens: true,
-        discover: true,
-        cases: false,
-        timeline: false,
-      });
     });
   });
 });
@@ -74,7 +74,7 @@ describe('ALL - Custom space', () => {
       });
 
       it('Discover should be opened in new tab in results table', { tags: testSpace.tags }, () => {
-        cy.contains('New live query').click();
+        cy.contains('Run query').click();
         selectAllAgents();
         inputQuery('select * from uptime;');
         submitQuery();

@@ -25,7 +25,7 @@ describe('EcsMapping', { tags: ['@ess', '@serverless', '@skipInServerlessMKI'] }
 
   it('should properly show static values in form and results', () => {
     navigateTo('/app/osquery');
-    cy.contains('New live query').click();
+    cy.contains('Run query').click();
     selectAllAgents();
     inputQuery('select * from processes;');
     getAdvancedButton().click();
@@ -53,7 +53,7 @@ describe('EcsMapping', { tags: ['@ess', '@serverless', '@skipInServerlessMKI'] }
 
   it('should hide and show ecs mappings on Advanced accordion click', () => {
     navigateTo('/app/osquery');
-    cy.contains('New live query').click();
+    cy.contains('Run query').click();
     selectAllAgents();
     cy.getBySel('savedQuerySelect').within(() => {
       cy.getBySel('comboBoxInput').type('processes_elastic{downArrow}{enter}');

@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import { customActionEditSavedQuerySelector, UPDATE_QUERY_BUTTON } from '../../screens/packs';
+import { rowActionsMenuSelector, UPDATE_QUERY_BUTTON } from '../../screens/packs';
 import { navigateTo } from '../../tasks/navigation';
 import { loadSavedQuery, cleanupSavedQuery } from '../../tasks/api_fixtures';
 import { ServerlessRoleName } from '../../support/roles';
@@ -31,7 +31,8 @@ describe('ALL - Edit saved query', { tags: ['@ess', '@serverless'] }, () => {
   });
 
   it('by changing ecs mappings and platforms', () => {
-    cy.get(customActionEditSavedQuerySelector(savedQueryName)).click();
+    cy.get(rowActionsMenuSelector(savedQueryName)).click();
+    cy.contains('Edit query').click();
     cy.contains('Custom key/value pairs.').should('exist');
     cy.contains('Hours of uptime').should('exist');
     cy.get('[data-test-subj="ECSMappingEditorForm"]')
@@ -52,7 +53,8 @@ describe('ALL - Edit saved query', { tags: ['@ess', '@serverless'] }, () => {
 
     cy.wait(5000);
 
-    cy.get(customActionEditSavedQuerySelector(savedQueryName)).click();
+    cy.get(rowActionsMenuSelector(savedQueryName)).click();
+    cy.contains('Edit query').click();
 
     cy.contains('Custom key/value pairs').should('not.exist');
     cy.contains('Hours of uptime').should('not.exist');

@@ -26,7 +26,7 @@ describe('ALL - Live Query', { tags: ['@ess', '@serverless'] }, () => {
   });
 
   it('should validate the form', () => {
-    cy.contains('New live query').click();
+    cy.contains('Run query').click();
     submitQuery();
     cy.contains('Agents is a required field');
     cy.contains('Query is a required field');
@@ -58,10 +58,6 @@ describe('ALL - Live Query', { tags: ['@ess', '@serverless'] }, () => {
       expect(interception.response?.body.data.queries[0]).to.have.property('timeout', 890);
     });
     checkResults();
-    const firstCell = '[data-gridcell-column-index="0"][data-gridcell-row-index="0"]';
-    cy.get(firstCell).should('exist');
-    cy.get(firstCell).find('[data-euigrid-tab-managed="true"]').click();
-    cy.url().should('include', 'app/fleet/agents/');
   });
 
   it('should run multiline query', () => {
@@ -82,7 +78,7 @@ describe('ALL - Live Query', { tags: ['@ess', '@serverless'] }, () => {
       '    on pos.pid=p.pid{esc}{shift+enter}' +
       "where pos.remote_port !='0' {shift+enter}" +
       'limit 1000;';
-    cy.contains('New live query').click();
+    cy.contains('Run query').click();
     cy.getBySel(LIVE_QUERY_EDITOR).invoke('height').and('be.gt', 99).and('be.lt', 110);
     cy.getBySel(LIVE_QUERY_EDITOR).click().invoke('val', multilineQuery);
 

@@ -8,7 +8,6 @@
 import { navigateTo } from '../../tasks/navigation';
 import {
   addToCase,
-  checkActionItemsInResults,
   checkResults,
   selectAllAgents,
   submitQuery,
@@ -68,7 +67,7 @@ describe('ALL - Live Query Packs', { tags: ['@ess', '@serverless'] }, () => {
   });
 
   it('should run live pack', () => {
-    cy.contains('New live query').click();
+    cy.contains('Run query').click();
     cy.contains('Run a set of queries in a pack.').click();
     cy.getBySel(LIVE_QUERY_EDITOR).should('not.exist');
     cy.getBySel('select-live-pack').click().type(`${packName}{downArrow}{enter}`);
@@ -79,17 +78,11 @@ describe('ALL - Live Query Packs', { tags: ['@ess', '@serverless'] }, () => {
     submitQuery();
     cy.getBySel('toggleIcon-system_memory_linux_elastic').click();
     checkResults();
-    checkActionItemsInResults({
-      lens: true,
-      discover: true,
-      cases: true,
-      timeline: false,
-    });
     cy.contains('Status').click();
-    cy.getBySel('tableHeaderCell_status_0').should('exist');
-    cy.getBySel('tableHeaderCell_fields.agent_id[0]_1').should('exist');
-    cy.getBySel('tableHeaderCell__source.action_response.osquery.count_2').should('exist');
-    cy.getBySel('tableHeaderCell_fields.error[0]_3').should('exist');
+    cy.getBySel('dataGridHeaderCell-status').should('exist');
+    cy.getBySel('dataGridHeaderCell-agent_id').should('exist');
+    cy.getBySel('dataGridHeaderCell-action_response.osquery.count').should('exist');
+    cy.getBySel('dataGridHeaderCell-error').should('exist');
 
     cy.getBySel('toggleIcon-system_memory_linux_elastic').click();
     cy.getBySel('toggleIcon-failingQuery').click();

@@ -8,7 +8,6 @@
 import { SAVED_QUERY_DROPDOWN_SELECT } from '../../screens/packs';
 import { navigateTo } from '../../tasks/navigation';
 import {
-  checkActionItemsInResults,
   checkResults,
   fillInQueryTimeout,
   inputQuery,
@@ -18,7 +17,7 @@ import {
   typeInOsqueryFieldInput,
   verifyQueryTimeout,
 } from '../../tasks/live_query';
-import { LIVE_QUERY_EDITOR, RESULTS_TABLE, RESULTS_TABLE_BUTTON } from '../../screens/live_query';
+import { LIVE_QUERY_EDITOR, RESULTS_TABLE } from '../../screens/live_query';
 import { getAdvancedButton } from '../../screens/integrations';
 import { loadSavedQuery, cleanupSavedQuery } from '../../tasks/api_fixtures';
 import { ServerlessRoleName } from '../../support/roles';
@@ -52,25 +51,16 @@ describe(
 
     it('should run query and enable ecs mapping', () => {
       const cmd = Cypress.platform === 'darwin' ? '{meta}{enter}' : '{ctrl}{enter}';
-      cy.contains('New live query').click();
+      cy.contains('Run query').click();
       selectAllAgents();
       inputQuery('select * from uptime;');
       cy.wait(500);
       // checking submit by clicking cmd+enter
       inputQuery(cmd);
       checkResults();
-      checkActionItemsInResults({
-        lens: true,
-        discover: true,
-        cases: true,
-        timeline: false,
+      cy.getBySel(RESULTS_TABLE).within(() => {
+        cy.get('[data-test-subj^="dataGridHeaderCell-"]').should('have.length.greaterThan', 0);
       });
-      cy.get(
-        '[data-gridcell-column-index="1"][data-test-subj="dataGridHeaderCell-osquery.days.number"]'
-      ).should('exist');
-      cy.get(
-        '[data-gridcell-column-index="2"][data-test-subj="dataGridHeaderCell-osquery.hours.number"]'
-      ).should('exist');
 
       getAdvancedButton().click();
       typeInECSFieldInput('message{downArrow}{enter}');
@@ -79,22 +69,12 @@ describe(
 
       checkResults();
       cy.getBySel(RESULTS_TABLE).within(() => {
-        cy.getBySel(RESULTS_TABLE_BUTTON).should('exist');
+        cy.get('[data-test-subj="dataGridHeaderCell-message"]').should('exist');
       });
-      cy.get(
-        '[data-gridcell-column-index="1"][data-test-subj="dataGridHeaderCell-message"]'
-      ).should('exist');
-      cy.get(
-        '[data-gridcell-column-index="2"][data-test-subj="dataGridHeaderCell-osquery.days.number"]'
-      )
-        .should('exist')
-        .within(() => {
-          cy.get(`.euiToolTipAnchor`);
-        });
     });
 
     it('should run customized saved query', () => {
-      cy.contains('New live query').click();
+      cy.contains('Run query').click();
       selectAllAgents();
       cy.getBySel(SAVED_QUERY_DROPDOWN_SELECT).type(`${savedQueryName}{downArrow}{enter}`);
       inputQuery('{selectall}{backspace}select * from users;');
@@ -111,7 +91,7 @@ describe(
 
     it('should open query details by clicking the details icon', () => {
       cy.get('[aria-label="Details"]').first().should('be.visible').click();
-      cy.contains('Live query details');
+      cy.contains('View history');
       cy.contains('select * from users;');
     });
   }

@@ -196,9 +196,7 @@ describe(
         cy.getBySel(UPDATE_PACK_BUTTON).click();
         closeModalIfVisible();
 
-        cy.contains(
-          'Create packs to organize sets of queries and to schedule queries for agent policies.'
-        );
+        cy.contains('Create pack');
         const queries = {
           Query1: {
             interval: 3600,

@@ -162,7 +162,7 @@ describe.skip('ALL - Packs', { tags: ['@ess', '@serverless'] }, () => {
 
       it('should be able to run live prebuilt pack', () => {
         navigateTo('/app/osquery/live_queries');
-        cy.contains('New live query').click();
+        cy.contains('Run query').click();
         cy.getBySel('globalLoadingIndicator').should('not.exist');
         cy.contains('Run a set of queries in a pack.').click();
         cy.getBySel(LIVE_QUERY_EDITOR).should('not.exist');