Skip to content

[Sig Events] Unified KIs table in Stream details UI #259553

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
achyutjhunjhunwala merged 33 commits into from
Apr 1, 2026
Merged

[Sig Events] Unified KIs table in Stream details UI #259553

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
33 commits
Select commit Hold shift + click to select a range
40d6815
[Sig Events] Unified table for KIs and Rules
mykolaharmash Mar 23, 2026
778562d
Merge remote-tracking branch 'upstream/main' into sig-events-stream-d…
mykolaharmash Mar 23, 2026
bf65a67
Merge remote-tracking branch 'upstream/main' into sig-events-stream-d…
mykolaharmash Mar 23, 2026
a03a934
[Sig Events] Unified table for KIs and Rules
mykolaharmash Mar 23, 2026
f9b8cb1
fixup! [Sig Events] Unified table for KIs and Rules
mykolaharmash Mar 24, 2026
89f099e
KI generation
mykolaharmash Mar 25, 2026
d57d2e9
Row actions
mykolaharmash Mar 25, 2026
110a6cf
Flyouts
mykolaharmash Mar 25, 2026
bddcdeb
Merge remote-tracking branch 'upstream/main' into sig-events-stream-d…
mykolaharmash Mar 25, 2026
f51eab9
fixup! Merge remote-tracking branch 'upstream/main' into sig-events-s…
mykolaharmash Mar 25, 2026
b7ef6ec
Merge remote-tracking branch 'upstream/main' into sig-events-stream-d…
mykolaharmash Mar 25, 2026
66465dd
Changes from node scripts/lint_ts_projects --fix
kibanamachine Mar 25, 2026
73c156a
Changes from node scripts/regenerate_moon_projects.js --update
kibanamachine Mar 25, 2026
6053ca7
Empty state
mykolaharmash Mar 25, 2026
4e64211
Merge remote-tracking branch 'origin/sig-events-stream-details-unifie…
mykolaharmash Mar 25, 2026
825d01c
Clean up unused components
mykolaharmash Mar 25, 2026
0699493
Merge branch 'main' into sig-events-stream-details-unified-table
mykolaharmash Mar 26, 2026
b98061c
Merge remote-tracking branch 'upstream/main' into sig-events-stream-d…
mykolaharmash Mar 30, 2026
c900f07
Resolve conflicts after the file structure change
mykolaharmash Mar 30, 2026
07ec962
Merge remote-tracking branch 'origin/sig-events-stream-details-unifie…
mykolaharmash Mar 30, 2026
5a332a4
Add periodical re-fetch while generating
mykolaharmash Mar 30, 2026
4bef739
Remove features generation recency check
mykolaharmash Mar 30, 2026
cf5fb5f
Merge remote-tracking branch 'upstream/main' into sig-events-stream-d…
mykolaharmash Mar 30, 2026
30c5bb6
Remove Features section in Stream Advanced tab
mykolaharmash Mar 30, 2026
5d46be3
fixup! Remove Features section in Stream Advanced tab
mykolaharmash Mar 30, 2026
29a7fba
Missing default connector callout
mykolaharmash Mar 30, 2026
438cf12
Tests clean up
mykolaharmash Mar 31, 2026
6cc7f97
Merge remote-tracking branch 'upstream/main' into sig-events-stream-d…
mykolaharmash Mar 31, 2026
486e1d9
fixup! Merge remote-tracking branch 'upstream/main' into sig-events-s…
mykolaharmash Mar 31, 2026
4d6d9f7
Merge remote-tracking branch 'upstream/main' into sig-events-stream-d…
ruflin Apr 1, 2026
8d37212
Address comments
mykolaharmash Apr 1, 2026
f89d590
Merge remote-tracking branch 'origin/sig-events-stream-details-unifie…
mykolaharmash Apr 1, 2026
27d6425
Merge remote-tracking branch 'upstream/main' into sig-events-stream-d…
mykolaharmash Apr 1, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion x-pack/platform/packages/shared/kbn-streams-schema/src/tasks/types.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,4 +30,5 @@ export type TaskResult<TPayload> =
| TaskStatus.Canceled;
}
| { status: TaskStatus.Failed; error: string }
| ({ status: TaskStatus.Completed | TaskStatus.Acknowledged } & TPayload);
| ({ status: TaskStatus.Completed } & TPayload)
| ({ status: TaskStatus.Acknowledged } & TPayload);
64 changes: 14 additions & 50 deletions x-pack/platform/plugins/shared/streams/server/lib/tasks/task_definitions/onboarding.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,30 +54,6 @@ export function getOnboardingTaskId(streamName: string, saveQueries: boolean = t
return saveQueries ? base : `${base}_no_save_queries`;
}

const FEATURES_IDENTIFICATION_RECENCY_MS = 12 * 60 * 60 * 1000; // 12 hours
async function areFeaturesUpToDate({
taskClient,
featuresTaskId,
}: {
taskClient: TaskClient<StreamsTaskType>;
featuresTaskId: string;
}) {
const featuresTask = await taskClient.get<
FeaturesIdentificationTaskParams,
IdentifyFeaturesResult
>(featuresTaskId);

if (featuresTask.status !== TaskStatus.Completed) {
return false;
}

return (
featuresTask.last_completed_at &&
Date.now() - new Date(featuresTask.last_completed_at).getTime() <
FEATURES_IDENTIFICATION_RECENCY_MS
);
}

export function createStreamsOnboardingTask(taskContext: TaskContext) {
return {
[STREAMS_ONBOARDING_TASK_TYPE]: {
Expand Down Expand Up @@ -115,32 +91,20 @@ export function createStreamsOnboardingTask(taskContext: TaskContext) {
case OnboardingStep.FeaturesIdentification: {
const featuresTaskId = getFeaturesIdentificationTaskId(streamName);

if (
await areFeaturesUpToDate({
taskClient,
featuresTaskId,
})
) {
featuresTaskResult = await taskClient.getStatus<
FeaturesIdentificationTaskParams,
IdentifyFeaturesResult
>(featuresTaskId);
} else {
await scheduleFeaturesIdentificationTask(
{
start: from,
end: to,
streamName,
},
taskClient,
runContext.fakeRequest
);

featuresTaskResult = await waitForSubtask<
FeaturesIdentificationTaskParams,
IdentifyFeaturesResult
>(featuresTaskId, runContext.taskInstance.id, taskClient);
}
await scheduleFeaturesIdentificationTask(
{
start: from,
end: to,
streamName,
},
taskClient,
runContext.fakeRequest
);

featuresTaskResult = await waitForSubtask<
FeaturesIdentificationTaskParams,
IdentifyFeaturesResult
>(featuresTaskId, runContext.taskInstance.id, taskClient);

if (featuresTaskResult.status !== TaskStatus.Completed) {
return;
Expand Down
2 changes: 1 addition & 1 deletion x-pack/platform/plugins/shared/streams/server/routes/internal/streams/onboarding/route.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,10 @@ import { BooleanFromString } from '@kbn/zod-helpers/v4';
import type { OnboardingResult, TaskResult } from '@kbn/streams-schema';
import { OnboardingStep } from '@kbn/streams-schema';
import { STREAMS_API_PRIVILEGES } from '../../../../../common/constants';
import type { OnboardingTaskParams } from '../../../../lib/tasks/task_definitions/onboarding';
import {
getOnboardingTaskId,
STREAMS_ONBOARDING_TASK_TYPE,
type OnboardingTaskParams,
} from '../../../../lib/tasks/task_definitions/onboarding';
import { createServerRoute } from '../../../create_server_route';
import { assertSignificantEventsAccess } from '../../../utils/assert_significant_events_access';
Expand Down
1 change: 1 addition & 0 deletions x-pack/platform/plugins/shared/streams_app/moon.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -107,6 +107,7 @@ dependsOn:
- '@kbn/inference-endpoint-ui-common'
- '@kbn/stack-connectors-plugin'
- '@kbn/std'
- '@kbn/streams-ai'
- '@kbn/cps'
tags:
- plugin
Expand Down
122 changes: 34 additions & 88 deletions ...sig_events/significant_events_discovery/components/queries_table/query_details_flyout.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@ import {
EuiButton,
EuiButtonEmpty,
EuiButtonIcon,
EuiCodeBlock,
EuiConfirmModal,
EuiContextMenuItem,
EuiContextMenuPanel,
Expand All @@ -30,33 +29,19 @@ import {
EuiText,
EuiTextArea,
EuiTitle,
EuiToolTip,
useEuiTheme,
useGeneratedHtmlId,
} from '@elastic/eui';
import { css } from '@emotion/react';
import { i18n } from '@kbn/i18n';
import React, { useEffect, useMemo, useState } from 'react';
import { StreamsESQLEditor } from '../../../../esql_query_editor';
import React, { useEffect, useState } from 'react';
import type { SignificantEventItem } from '../../../../../hooks/sig_events/use_fetch_significant_events';
import { StreamsESQLEditor } from '../../../../esql_query_editor';
import { InfoPanel } from '../../../../info_panel';
import { SparkPlot } from '../../../../spark_plot';
import { SeveritySelector } from '../../../stream_detail_significant_events_view/add_significant_event_flyout/common/severity_selector';
import { SeveritySelector } from '../severity_selector';
import { SeverityBadge } from '../severity_badge/severity_badge';
import {
BACKED_STATUS_COLUMN,
IMPACT_COLUMN,
LAST_OCCURRED_COLUMN,
NOT_PROMOTED_BADGE_LABEL,
NOT_PROMOTED_TOOLTIP_CONTENT,
OCCURRENCES_COLUMN,
OCCURRENCES_TOOLTIP_NAME,
PROMOTED_BADGE_LABEL,
PROMOTED_TOOLTIP_CONTENT,
STREAM_COLUMN,
} from './translations';
import { formatLastOccurredAt } from './utils';
import { AssetImage } from '../../../../asset_image';
import { OCCURRENCES_COLUMN, OCCURRENCES_TOOLTIP_NAME } from './translations';

interface QueryDetailsFlyoutProps {
item: SignificantEventItem;
Expand Down Expand Up @@ -99,14 +84,6 @@ export function QueryDetailsFlyout({
setSeverityScore(item.query.severity_score);
}, [item]);

const lastOccurredAt = useMemo(
() => formatLastOccurredAt(item.occurrences, DEFAULT_QUERY_PLACEHOLDER),
[item.occurrences]
);
const hasDetectedOccurrences = useMemo(
() => item.occurrences.some((occurrence) => occurrence.y > 0),
[item.occurrences]
);
const isSaveDisabled = !title.trim() || !query.trim() || isSaving;

const handleCancelEdit = () => {
Expand All @@ -131,12 +108,14 @@ export function QueryDetailsFlyout({
};

const infoListItems = [
{
title: TYPE_LABEL,
description: <EuiBadge color="hollow">{QUERY_TYPE_BADGE_LABEL}</EuiBadge>,
},
{
title: QUERY_LABEL,
description: (
<EuiCodeBlock language="esql" paddingSize="none" transparentBackground>
{getDisplayQueryValue(item)}
</EuiCodeBlock>
<EuiText size="s">{getQueryInputValue(item) || DEFAULT_QUERY_PLACEHOLDER}</EuiText>
),
},
{
Expand All @@ -146,30 +125,9 @@ export function QueryDetailsFlyout({
),
},
{
title: IMPACT_COLUMN,
title: SEVERITY_DETAILS_LABEL,
description: <SeverityBadge score={item.query.severity_score} />,
},
{
title: LAST_OCCURRED_COLUMN,
description: <EuiText size="s">{lastOccurredAt}</EuiText>,
},
{
title: STREAM_COLUMN,
description: <EuiBadge color="hollow">{item.stream_name}</EuiBadge>,
},
{
title: BACKED_STATUS_COLUMN,
description: (
<EuiToolTip
content={item.rule_backed ? PROMOTED_TOOLTIP_CONTENT : NOT_PROMOTED_TOOLTIP_CONTENT}
>
<span tabIndex={0}>
{item.rule_backed && <EuiBadge color="hollow">{PROMOTED_BADGE_LABEL}</EuiBadge>}
{!item.rule_backed && <EuiBadge color="warning">{NOT_PROMOTED_BADGE_LABEL}</EuiBadge>}
</span>
</EuiToolTip>
),
},
];

return (
Expand All @@ -193,6 +151,7 @@ export function QueryDetailsFlyout({
<EuiFlexGroup gutterSize="xs" responsive={false}>
<EuiFlexItem grow={false}>
<EuiPopover
aria-label={ACTIONS_BUTTON_ARIA_LABEL}
button={
<EuiButtonIcon
data-test-subj="queriesTableQueryDetailsFlyoutActionsButton"
Expand Down Expand Up @@ -275,29 +234,14 @@ export function QueryDetailsFlyout({
</EuiFlexItem>
<EuiFlexItem>
<InfoPanel title={OCCURRENCES_COLUMN}>
{hasDetectedOccurrences ? (
<SparkPlot
id={`query-details-occurrences-${item.query.id}`}
name={OCCURRENCES_TOOLTIP_NAME}
type="bar"
timeseries={item.occurrences}
annotations={[]}
height={160}
/>
) : (
<EuiFlexGroup
direction="column"
gutterSize="s"
alignItems="center"
justifyContent="center"
css={{ height: '100%', minHeight: '200px', padding: '30px' }}
>
<AssetImage type="barChart" size="xs" />
<EuiText color="subdued" size="s" textAlign="center">
{NO_OCCURRENCES_DESCRIPTION}
</EuiText>
</EuiFlexGroup>
)}
<SparkPlot
id={`query-details-occurrences-${item.query.id}`}
name={OCCURRENCES_TOOLTIP_NAME}
type="bar"
timeseries={item.occurrences}
annotations={[]}
height={160}
/>
</InfoPanel>
</EuiFlexItem>
</EuiFlexGroup>
Expand Down Expand Up @@ -397,16 +341,21 @@ function getQueryInputValue(item: SignificantEventItem) {
return item.query.esql?.query ?? '';
}

function getDisplayQueryValue(item: SignificantEventItem) {
const queryText = getQueryInputValue(item);
return queryText || DEFAULT_QUERY_PLACEHOLDER;
}

const QUERY_INFORMATION_TITLE = i18n.translate(
'xpack.streams.significantEventsDiscovery.queryDetailsFlyout.queryInformationTitle',
{ defaultMessage: 'Query information' }
);

const TYPE_LABEL = i18n.translate(
'xpack.streams.significantEventsDiscovery.queryDetailsFlyout.typeLabel',
{ defaultMessage: 'Type' }
);

const QUERY_TYPE_BADGE_LABEL = i18n.translate(
'xpack.streams.significantEventsDiscovery.queryDetailsFlyout.queryTypeBadgeLabel',
{ defaultMessage: 'Query' }
);

const EDIT_QUERY_TITLE = i18n.translate(
'xpack.streams.significantEventsDiscovery.queryDetailsFlyout.editQueryTitle',
{ defaultMessage: 'Edit query' }
Expand Down Expand Up @@ -437,6 +386,11 @@ const SEVERITY_LABEL = i18n.translate(
{ defaultMessage: 'Severity' }
);

const SEVERITY_DETAILS_LABEL = i18n.translate(
'xpack.streams.significantEventsDiscovery.queryDetailsFlyout.severityDetailsLabel',
{ defaultMessage: 'Severity' }
);

const ACTIONS_BUTTON_ARIA_LABEL = i18n.translate(
'xpack.streams.significantEventsDiscovery.queryDetailsFlyout.actionsButtonAriaLabel',
{ defaultMessage: 'Actions' }
Expand Down Expand Up @@ -483,11 +437,3 @@ const DELETE_CONFIRM_BUTTON_LABEL = i18n.translate(
'xpack.streams.significantEventsDiscovery.queryDetailsFlyout.deleteConfirmButtonLabel',
{ defaultMessage: 'Delete query' }
);

const NO_OCCURRENCES_DESCRIPTION = i18n.translate(
'xpack.streams.significantEventsDiscovery.queryDetailsFlyout.noOccurrencesDescription',
{
defaultMessage:
"We currently don't detect any events. You can leave it, as it might happen later or modify the query.",
}
);
8 changes: 1 addition & 7 deletions ...iew/add_significant_event_flyout/types.ts → ...ery/components/severity_selector/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,4 @@
* 2.0.
*/

import type { StreamQuery } from '@kbn/streams-schema';

export type Flow = 'manual' | 'ai';

export type SaveData =
| { type: 'single'; query: StreamQuery; isUpdating?: boolean }
| { type: 'multiple'; queries: StreamQuery[] };
export { SeveritySelector } from './severity_selector';
10 changes: 9 additions & 1 deletion ...event_flyout/common/severity_selector.tsx → ...s/severity_selector/severity_selector.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ import {
SeverityBadge,
SIGNIFICANT_EVENT_SEVERITY,
scoreSeverity,
} from '../../../significant_events_discovery/components/severity_badge/severity_badge';
} from '../severity_badge/severity_badge';

export function SeveritySelector({
severityScore,
Expand All @@ -36,6 +36,7 @@ export function SeveritySelector({

return (
<EuiSuperSelect
aria-label={SEVERITY_SELECTOR_ARIA_LABEL}
disabled={disabled}
options={severityOptions}
valueOfSelected={
Expand All @@ -53,3 +54,10 @@ export function SeveritySelector({
/>
);
}

const SEVERITY_SELECTOR_ARIA_LABEL = i18n.translate(
'xpack.streams.significantEvents.severitySelector.ariaLabel',
{
defaultMessage: 'Select severity',
}
);
Loading
Loading