Merge branch '8.x' into backport/8.x/pr-199185

.buildkite/pipelines/security_solution_quality_gate/mki_quality_gate/mki_quality_gate_detection_engine.yml

@@ -61,9 +61,9 @@ steps:
             - exit_status: '1'
               limit: 2
 
-       - label: Running exception_lists:common:lists:qa:serverless:release
-        command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh exception_lists:common:lists:qa:serverless:release
-        key: exception_lists:common:lists:qa:serverless:release
+      - label: Running exception_lists:auth:common:qa:serverless:release
+        command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh exception_lists:auth:common:qa:serverless:release
+        key: exception_lists:auth:common:qa:serverless:release
         agents:
           image: family/kibana-ubuntu-2004
           imageProject: elastic-images-prod
@@ -75,9 +75,9 @@ steps:
             - exit_status: '1'
               limit: 2
 
-       - label: Running exception_lists:items:lists:qa:serverless:release
-        command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh exception_lists:items:lists:qa:serverless:release
-        key: exception_lists:items:lists:qa:serverless:release
+      - label: Running exception_lists:auth:items:qa:serverless
+        command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh exception_lists:auth:items:qa:serverless
+        key: exception_lists:auth:items:qa:serverless
         agents:
           image: family/kibana-ubuntu-2004
           imageProject: elastic-images-prod

.eslintrc.js

@@ -1026,7 +1026,9 @@ module.exports = {
      */
     {
       files: ['x-pack/plugins/fleet/**/*.{js,mjs,ts,tsx}'],
+      plugins: ['testing-library'],
       rules: {
+        'testing-library/await-async-utils': 'error',
         '@typescript-eslint/consistent-type-imports': 'error',
         'import/order': [
           'warn',
@@ -1954,6 +1956,16 @@ module.exports = {
       },
     },
 
+    /**
+     * Cloud Security Team overrides
+     */
+    {
+      files: ['x-pack/plugins/cloud_security_posture/**/*.{js,mjs,ts,tsx}'],
+      plugins: ['testing-library'],
+      rules: {
+        'testing-library/await-async-utils': 'error',
+      },
+    },
     /**
      * Code inside .buildkite runs separately from everything else in CI, before bootstrap, with ts-node. It needs a few tweaks because of this.
      */
@@ -1978,6 +1990,34 @@ module.exports = {
         'max-classes-per-file': 'off',
       },
     },
+    {
+      files: [
+        // logsShared depends on o11y/private plugins, but platform plugins depend on it
+        'x-pack/plugins/observability_solution/logs_shared/**',
+
+        // this plugin depends on visTypeTimeseries plugin (for TSVB viz) which is platform/private ATM
+        'x-pack/plugins/observability_solution/infra/**',
+
+        // TODO @kibana/operations
+        'scripts/create_observability_rules.js', // is importing "@kbn/observability-alerting-test-data" (observability/private)
+        'src/cli_setup/**', // is importing "@kbn/interactive-setup-plugin" (platform/private)
+        'src/dev/build/tasks/install_chromium.ts', // is importing "@kbn/screenshotting-plugin" (platform/private)
+
+        // @kbn/osquery-plugin could be categorised as Security, but @kbn/infra-plugin (observability) depends on it!
+        'x-pack/plugins/osquery/**',
+
+        // For now, we keep the exception to let tests depend on anythying.
+        // Ideally, we need to classify the solution specific ones to reduce CI times
+        'test/**',
+        'x-pack/test_serverless/**',
+        'x-pack/test/**',
+        'x-pack/test/plugin_functional/plugins/resolver_test/**',
+      ],
+      rules: {
+        '@kbn/imports/no_group_crossing_manifests': 'warn',
+        '@kbn/imports/no_group_crossing_imports': 'warn',
+      },
+    },
   ],
 };
 

docs/CHANGELOG.asciidoc

@@ -94,7 +94,7 @@ Deprecated functionality does not have an immediate impact on your application,
 you make the necessary updates after you upgrade to 8.16.0.
 
 [discrete]
-* The Logs Stream is now hidden by default in favor of the Logs Explorer app.
+.The Logs Stream is now hidden by default in favor of the Logs Explorer app.
 [%collapsible]
 ====
 *Details* +
@@ -105,7 +105,7 @@ You can still show the Logs Stream app again by navigating to Stack Management >
 ====
 
 [discrete]
-* Deprecates the Observability AI Assistant specific advanced setting `observability:aiAssistantLogsIndexPattern`.
+.Deprecates the Observability AI Assistant specific advanced setting `observability:aiAssistantLogsIndexPattern`.
 [%collapsible]
 ====
 *Details* +

docs/canvas/canvas-tutorial.asciidoc

@@ -9,15 +9,11 @@ To familiarize yourself with *Canvas*, add the Sample eCommerce orders data, the
 
 To create a workpad of the eCommerce store data, add the data set, then create the workpad.
 
-. On the home page, click *Try sample data*.
+. <<gs-get-data-into-kibana,Install the eCommerce sample data>>.
 
-. Click *Other sample data sets*. 
+. Go to **Canvas** using the navigation menu or the <<kibana-navigation-search,global search field>>.
 
-. On the *Sample eCommerce orders* card, click *Add data*.
-
-. Open the main menu, then click *Canvas*.
-
-. On the *Canvas workpads* page, click *Create workpad*.
+. Select *Create workpad*.
 
 [float]
 === Customize your workpad with images

docs/concepts/data-views.asciidoc

@@ -168,7 +168,7 @@ and field popularity data. Deleting a {data-source} does not remove any indices
 
 WARNING: Deleting a {data-source} breaks all visualizations, saved searches, and other saved objects that reference the data view.
 
-. Open the main menu, and then click *Stack Management > Data Views*.
+. Go to the **Data Views** management page using the navigation menu or the <<kibana-navigation-search,global search field>>.
 
 . Find the {data-source} that you want to delete, and then
 click image:management/index-patterns/images/delete.png[Delete icon] in the *Actions* column.

docs/concepts/esql.asciidoc

@@ -8,15 +8,12 @@ Based on the query, Lens suggestions in Discover create a visualization of the q
 
 {esql} comes with its own dedicated {esql} Compute Engine for greater efficiency. With one query you can search, aggregate, calculate and perform data transformations without leaving **Discover**. Write your query directly in **Discover** or use the **Dev Tools** with the {ref}/esql-rest.html[{esql} API].
 
-Here's how to use {esql} in the data view selector in **Discover**:
+You can switch to the ES|QL mode of Discover from the application menu bar.
 
-[role="screenshot"]
-image:images/esql-data-view-menu.png[An image of the Discover UI where users can access the {esql} feature, width=30%, align="center"]
-
-{esql} also features in-app help, so you can get started faster and don't have to leave the application to check syntax. 
+{esql} also features in-app help and suggestions, so you can get started faster and don't have to leave the application to check syntax. 
 
 [role="screenshot"]
-image:images/esql-in-app-help.png[An image of the Discover UI where users can browse the in-app help]
+image:images/esql-in-app-help.png[The ES|QL syntax reference and the autocomplete menu]
 
 You can also use ES|QL queries to create panels on your dashboards, create enrich policies, and create alerting rules.
 

docs/dev-tools/grokdebugger/index.asciidoc

@@ -36,7 +36,8 @@ is automatically enabled in {kib}.
 NOTE: If you're using {stack-security-features}, you must have the `manage_pipeline`
 permission to use the Grok Debugger.
 
-. Open the main menu, click *Dev Tools*, then click *Grok Debugger*.
+. Find the *Grok Debugger* by navigating to the *Developer tools* page using the
+navigation menu or the <<kibana-navigation-search,global search field>>.
 . In *Sample Data*, enter a message that is representative of the data that you
 want to parse. For example:
 +

docs/dev-tools/painlesslab/index.asciidoc

@@ -12,7 +12,8 @@ process {ref}/docs-reindex.html[reindexed data], define complex
 <<watcher-create-advanced-watch, Watcher conditions>>,
 and work with data in other contexts.
 
-To get started, open the main menu, click *Dev Tools*, and then click *Painless Lab*.
+Find *Painless Lab* by navigating to the *Developer tools* page using the
+navigation menu or the <<kibana-navigation-search,global search field>>.
 
 [role="screenshot"]
 image::dev-tools/painlesslab/images/painless-lab.png[Painless Lab]

docs/dev-tools/searchprofiler/index.asciidoc

@@ -14,9 +14,8 @@ poorly performing queries much faster.
 [[search-profiler-getting-started]]
 === Get started
 
-*{searchprofiler}* is automatically enabled in {kib}. Open the main menu,
-click *Dev Tools*, and then click *{searchprofiler}*
-to get started.
+. Find the *{searchprofiler}* by navigating to the *Developer tools* page using the
+navigation menu or the <<kibana-navigation-search,global search field>>.
 
 *{searchprofiler}* displays the names of the indices searched, the shards in each index,
 and how long it took for the query to complete. To try it out, replace the default `match_all` query

docs/developer/getting-started/sample-data.asciidoc

@@ -8,7 +8,7 @@ There are a couple ways to easily get data ingested into {es}.
 
 The easiest is to install one or more of our available sample data packages. If you have no data, you should be 
 prompted to install when running {kib} for the first time. You can also access and install the sample data packages
-by going to the home page and clicking "add sample data".
+by going to the **Integrations** page and selecting **Sample data**.
 
 [discrete]
 === makelogs script
@@ -27,5 +27,5 @@ Make sure to execute `node scripts/makelogs` *after* {es} is up and running!
 [discrete]
 === CSV upload
 
-You can also use the CSV uploader provided on the {kib} home page.
+You can also use the CSV uploader provided on the **Upload file** page available in the list of **Integrations**.
 Navigate to **Add data** > **Upload file** to upload your data from a file.

docs/discover/document-explorer.asciidoc

@@ -1,43 +1,35 @@
 [[document-explorer]]
-== Explore your documents
+== Customize the Discover view
 
 Fine tune your explorations by customizing *Discover* to bring out the the best view of your documents.
-Adjust the chart height, modify the document table, and look inside a document.
 
 [role="screenshot"]
 image::images/hello-field.png[A view of the Discover app]
 
 
 [float]
 [[document-explorer-c]]
-=== Hide or resize the chart
+=== Hide or resize areas
 
-Hide or resize the chart for a better fit.
+* You can hide and show the chart and the fields list using the available collapse and expand button in the corresponding area.
 
-* To turn off the display of the chart, click
-image:images/chart-icon.png[icon button for opening Show/Hide chart menu, width=24px]
-to open the *Chart options* menu, and then click *Hide chart*.
-
-* To change the chart height, drag the resize handle
-image:images/resize-icon.png[two-line icon for increasing or decreasing the height of the chart, width=24px]
+* Adjust the width and height of each area by dragging their border
 to the size you want.
-The chart size is saved in your browser.
-
-* To reset the height, open the *Chart options* menu, and then select *Reset to default height*.
+The size of each area is saved in your browser for the next time you open **Discover**.
 
 [float]
 [[document-explorer-customize]]
 === Modify the document table
 
-Customize the appearance of the document table and its contents by resizing the columns and rows,
-sorting and modifying the fields, and filtering the documents.
+Customize the appearance of the document table and its contents to your liking.
+
+image:images/discover-customize-table.png[Options to customize the table in Discover]
 
 [float]
 [[document-explorer-columns]]
 ==== Reorder and resize the columns
 
-* To move a single column, click its header. In the dropdown menu,
-click *Move left* or *Move right*.
+* To move a single column, open the column's contextual options, and select *Move left* or *Move right* in the available options.
 
 * To move multiple columns, click *Columns*.
 In the pop-up, drag the column names to their new order.
@@ -46,17 +38,31 @@ In the pop-up, drag the column names to their new order.
 +
 Column widths are stored with a saved search.  When you visualize saved searches on dashboards, the saved search appears the same as in **Discover**.
 
+[float]
+[[document-explorer-density]]
+==== Customize the table density
+
+You can adjust the density of the table from the **Display options** located in the table toolbar. This can be particularly useful when scrolling through many results.
 
 [float]
 [[document-explorer-row-height]]
 ==== Adjust the row height
 
 To set the row height to one or more lines, or automatically
-adjust the height to fit the contents, click the row height icon
-image:images/row-height-icon.png[icon to open the Row height pop-up].
+adjust the height to fit the contents, open the **Display options** in the table toolbar, and adjust it as you need.
+
+You can define different settings for the header row and body rows.
+
+[float]
+[[document-explorer-sample-size]]
+==== Limit the sample size
+
+When the number of results returned by your search query (displayed at the top of the **Documents** or **Results** tab) is greater than the value of <<kibana-discover-settings,`discover:sampleSize`>>, the number of results displayed in the table is limited to the configured value by default. You can adjust the initial sample size for searches to any number between 10 and `discover:sampleSize` from the **Display options** located in the table toolbar.
+
+On the last page of the table, a message indicates that you've reached the end of the loaded search results. From that message, you can choose to load more results to continue exploring. 
+
+image:images/discover-limit-sample-size.png[Limit sample size in Discover]
 
-[role="screenshot"]
-image::images/document-explorer-row-height.png[Row height settings for the document table, width="50%"]
 
 [float]
 [[document-explorer-sort-data]]
@@ -70,7 +76,7 @@ column header, and then select the sort order.
 
 To sort by multiple fields:
 
-. Click the *field sorted* option.
+. Click the *Sort fields* option.
 +
 [role="screenshot"]
 image::images/document-explorer-sort-data.png[Pop-up in document table for sorting columns, width="50%"]
@@ -106,62 +112,18 @@ Narrow your results to a subset of documents so you're comparing just the data o
 
 . Select the documents you want to compare.
 
-. Click the *documents selected* option, and then select *Show selected documents only*.
+. Click the *Selected* option, and then select *Show selected documents only*.
 +
 [role="screenshot"]
-image::images/document-explorer-compare-data.png[Compare data in the document table, width="50%"]
-
-[float]
-[[document-explorer-configure-table]]
-==== Set the number of rows per page
-
-To change the numbers of rows you want to display on each page, use the *Rows per page* menu. The default is 100 rows per page.
-
-[role="screenshot"]
-image::images/document-table-rows-per-page.png["Menu with options for setting the number of rows in the document table"]
+image::images/document-explorer-compare-data.png[Compare data in the document table, width="40%"]
 
+You can also compare individual field values using the <<compare-documents-in-discover,*Compare selected* option>>.
 
 [float]
-[[document-explorer-expand-documents]]
-
-=== Go inside a document
-
-Dive into an individual document to inspect its fields, set filters, and view
-the documents that occurred before and after it.
-
-. Click the expand icon
-image:images/expand-icon-2.png[double arrow icon to open a flyout with the document details].
-+
-You can view the document in two ways. The **Table** view displays the document fields row-by-row.
-The **JSON** (JavaScript Object Notation) view allows you to look at how {es} returns the document.
-+
-[role="screenshot"]
-image::images/document-table-expanded.png[Expanded view of the document table]
-+
-. In the *Table* view, scan through the fields and their values, or search for a field by name.
-
-. When you find a field of interest,
-hover your mouse over the *Actions* column
-to:
-.. Filter the results to include or exclude specific fields or values.
-.. Toggle the field in or out the document table.
-.. Pin the field so it stays at the top.
-
-. To navigate to the next and previous documents, click the < and > arrows at the top of the view.
+[[document-explorer-configure-table]]
+==== Set the number of results per page
 
-. To create a view of the document that you can bookmark and share, click **Single document**.
-+
-[role="screenshot"]
-image::images/discover-view-single-document.png[Discover single document view]
-+
-The link is valid for the time the document is available in Elasticsearch. To create a customized view of the document,
-you can create <<external-plugin-development, your own plugin>>.
+To change the numbers of results you want to display on each page, use the *Rows per page* menu. The default is 100 results per page.
 
-. To view documents that occurred before or after the event you are looking at, click **Surrounding documents**.
-+
-Documents are displayed using the same set of columns as the *Discover* view from which
-the context was opened. The filters you applied are also carried over. Pinned
-filters remain active, while other filters are copied in a disabled state.
-+
 [role="screenshot"]
-image::images/discover-context.png[Image showing context view feature, with anchor documents highlighted in blue]
+image::images/document-table-rows-per-page.png["Menu with options for setting the number of results in the document table"]

docs/discover/field-statistics.asciidoc

@@ -12,7 +12,7 @@ for the data and its cardinality?
 This example explores the fields in
 the <<gs-get-data-into-kibana, sample web logs data>>, or you can use your own data.
 
-. Open the main menu, and click *Discover*.
+. Go to *Discover*.
 
 . Expand the {data-source} dropdown, and select *Kibana Sample Data Logs*.