Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution][DQD] Persist new fields in results storage #185025

Merged
merged 3 commits into from
Jun 13, 2024
Merged

[Security Solution][DQD] Persist new fields in results storage #185025

merged 3 commits into from
Jun 13, 2024

Conversation

kapral18
Copy link
Contributor

@kapral18 kapral18 commented Jun 7, 2024
edited
Loading

Addresses #184751

Summary

This PR addresses couple of issues:

Main:

Persist revamped resultsFieldMap schema fields, namely incompatibleFieldMappingItems, incompatibleFieldValueItems and sameFamilyFieldItems in the StorageResult after index check, so that after release user can start accumulating data in these fields, while we prepare main UI changes.

Additional:

Improve and narrow down existing in-house EcsFlat override type that originally comes from @elastic/ecs npm package, because currently it is too generic and too loose, resulting in an unnecessary conditional checks and leads to perception of impossible states most of which are refactored, cleaned and fixed in this PR.

Screenshots

image
image
image

How to test

  1. Prepare index with invalid mapping and value fields + 1 same family field
DELETE test-field-items

PUT test-field-items
{
  "mappings": {
    "properties": {
      "event.category": { "type": "keyword"},
      "agent.type": {"type": "constant_keyword" },
      "source.ip": {"type": "text"}
    }
  }
}

PUT test-field-items/_doc/1
{
  "@timestamp": "2016-05-23T08:05:34.853Z",
  "event.category": "behavior"
}

PUT test-field-items/_doc/2
{
  "@timestamp": "2016-05-23T08:05:34.853Z",
  "event.category": "shmehavior"
}
  1. Open DQD dashboard in kibana
  2. Create test-* data-view with test-* index pattern
  3. Select it in the sourcerer
  4. Click expand button near test-field-items index
  5. Verify that you have 1 mapping + 1 value incompatible field + 1 same family field
  6. Open kibana devtools
  7. Run
GET .kibana-data-quality-dashboard-results-default/_search
{
  "size": 0,
  "query": { 
    "term": {
      "indexName": {
        "value": "test-field-items"
      }
    } 
  },
  "aggs": {
    "latest": {
      "terms": { "field": "indexName", "size": 10000 },
      "aggs": { 
        "latest_doc": { 
          "top_hits": { 
            "size": 1, 
            "sort": [{ "@timestamp": { "order": "desc" } }] 
          } 
        } 
      }
    }
  }
}
  1. Verify that latest result contains incompatibleFieldItems and sameFamilyFieldItems of expected shape:
//...
                     "incompatibleFieldValueItems": [
                      {
                        "fieldName": "event.category",
                        "expectedValues": [
                          "api",
                          "authentication",
                          "configuration",
                          "database",
                          "driver",
                          "email",
                          "file",
                          "host",
                          "iam",
                          "intrusion_detection",
                          "library",
                          "malware",
                          "network",
                          "package",
                          "process",
                          "registry",
                          "session",
                          "threat",
                          "vulnerability",
                          "web"
                        ],
                        "actualValues": [
                          { "name": "behavior",  count: 2 },
                          { "name": "shmehavior", count: 1}
                        ],
                        "description": """This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy.
`event.category` represents the "big buckets" of ECS categories. For example, filtering on `event.category:process` yields all events relating to process activity. This field is closely related to `event.type`, which is used as a subcategory.
This field is an array. This will allow proper categorization of some events that fall in multiple categories."""
                      }
                     ],
                     "incompatibleFieldMappingItems": [
                      {
                        "fieldName": "source.ip",
                        "expectedValue": "ip",
                        "actualValue": "text",
                        "description": "IP address of the source (IPv4 or IPv6)."
                      }
                    ]
//...
"sameFamilyFieldItems": [
                      {
                        "fieldName": "agent.type",
                        "expectedValue": "keyword",
                        "actualValue": "constant_keyword",
                        "description": """Type of the agent.
The agent type always stays the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine."""
                      }
                    ]

@kapral18 kapral18 self-assigned this Jun 7, 2024
@kapral18 kapral18 requested a review from a team as a code owner June 7, 2024 15:41
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-threat-hunting-explore (Team:Threat Hunting:Explore)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)

@kapral18 kapral18 added the release_note:skip Skip the PR/issue when compiling release notes label Jun 7, 2024
@kapral18 kapral18 requested a review from andrew-goldstein June 7, 2024 16:09
@kapral18 kapral18 force-pushed the feat/DQD/184751-persist-new-fields-in-results-storage branch from 3e8839a to 251a3a8 Compare June 7, 2024 18:07
@kapral18 kapral18 force-pushed the feat/DQD/184751-persist-new-fields-in-results-storage branch from 251a3a8 to d7481b2 Compare June 7, 2024 18:31
@kapral18 kapral18 force-pushed the feat/DQD/184751-persist-new-fields-in-results-storage branch 3 times, most recently from eb873c2 to c907d30 Compare June 10, 2024 19:27
angorayc
angorayc approved these changes Jun 11, 2024
View reviewed changes
Copy link
Contributor

@angorayc angorayc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested locally, all worked as expected.

...data_quality_dashboard/impl/data_quality/data_quality_panel/index_properties/helpers.test.ts Show resolved Hide resolved
@kapral18 kapral18 force-pushed the feat/DQD/184751-persist-new-fields-in-results-storage branch 2 times, most recently from 984665f to f8e62c8 Compare June 11, 2024 15:21
andrew-goldstein
andrew-goldstein approved these changes Jun 11, 2024
View reviewed changes
Copy link
Contributor

@andrew-goldstein andrew-goldstein left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @kapral18 for the enhancements to persistence, and the improved types! 🙏
✅ Desk tested locally
LGTM 🚀

@kapral18 kapral18 force-pushed the feat/DQD/184751-persist-new-fields-in-results-storage branch from f8e62c8 to 69966f6 Compare June 12, 2024 06:19
@kapral18 kapral18 requested review from semd and angorayc June 12, 2024 11:25
kapral18 added 3 commits June 12, 2024 15:32
@kapral18
refactor: update types and refactor tests for ECS data quality dashboard
ffbec11 
- Refactor `EnrichedFieldMetadata` into `EcsBasedFieldMetadata` and `CustomFieldMetadata`
- Update tests to use new types
- Remove unnecessary null checks for `ecsMetadata`
- Simplify rendering logic in various components
- Add `constants.ts` for ECS metadata constants
@kapral18
feat(ecs_data_quality_dashboard): enhance StorageResult with detailed…
cd8e3af 
… field items

- Added `incompatibleFieldItems` and `sameFamilyFieldItems` to `StorageResult` for detailed field information.
- Updated tests to validate the new functionality.
- Adjusted type definitions and mock data to support the changes.

Addresses elastic#184751
@kapral18
refactor: split incompatibleFieldItems into mapping and value items
00aa6c7 
- Refactored `incompatibleFieldItems` into `incompatibleFieldMappingItems` and `incompatibleFieldValueItems`.
- Updated related test cases in `helpers.test.ts`.
- Modified `helpers.ts` to handle the new structure.
- Updated type definitions in `types.ts`.
- Adjusted `results_field_map.ts` to reflect the new structure.
- Updated mock data in `results.mock.ts`.
- Modified schema definitions in `result.ts`.
@kapral18 kapral18 force-pushed the feat/DQD/184751-persist-new-fields-in-results-storage branch from 7347cc5 to 00aa6c7 Compare June 12, 2024 13:33
@kibana-ci
Copy link
Collaborator

💛 Build succeeded, but was flaky

Failed CI Steps

Test Failures

  • [job] [logs] FTR Configs #46 / GenAI - NLP @serverless NLP Cleanup Task in Essentials Tier New Essentials Deployment Model Loading "before all" hook for "executes NLP Cleanup Task and successfully cleans up only pytorch models"
  • [job] [logs] FTR Configs #38 / X-Pack Accessibility Tests - Group 3 Security Solution Accessibility Detections Create Rule Flow Custom Query Rule Define Step preview section meets a11y requirements

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
securitySolution 5507 5508 +1

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 13.6MB 13.6MB +394.0B

History

  • 💔 Build #215404 failed 7347cc5b2c799b563f9df8445568e82665281be6
  • 💛 Build #215376 was flaky 69966f6e697fc89bbb5e9c2a38a65788fceb4d34
  • 💛 Build #215264 was flaky f8e62c8937a760500a5816f51826df5a5770faa1
  • 💚 Build #215066 succeeded c907d302fec4d54d267f44e06bd627cd5cdcdfb2
  • 💛 Build #214959 was flaky eb873c2c6aceccb39e1ac175acb0740a690d1006

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @kapral18

@kapral18 kapral18 merged commit 4bc1227 into elastic:main Jun 13, 2024
36 checks passed
@kibanamachine kibanamachine added the backport:skip This commit does not require backporting label Jun 13, 2024
@kapral18 kapral18 deleted the feat/DQD/184751-persist-new-fields-in-results-storage branch June 13, 2024 09:14
@kapral18 kapral18 mentioned this pull request Oct 8, 2024
Merged
kapral18 added a commit that referenced this pull request Oct 11, 2024
@kapral18
[Secuity Solution][DQD] add historical results (Phase 1) (#191898)
e5f7739 
addresses #185882 

leverages changes introduced in
#188468

# Data Quality Dashboard Historical Results (Phase 1)

This PR introduces new functionality to the Data Quality Dashboard

History tab (new):
- view last 30 days of check results by default:
- filter by historical checks by outcome (PASS/FAIL/ALL)
- paginate all results (10 per page by default)
- each result can be viewed in individually and independently
expandable/collapsible accordion panel (collapsed by default)
- each result contains an extended index stats panel with (custom, ecs
and all fields counts)
- each result contains index properties tabs (incompatible and same
family)
- check now checks and redirects to latest check tab with latest check
info
- switching from initial historical tab to latest check tab triggers
latest check
- subsequent switching back and forth between already open history or
latest check tabs doesn't trigger a check
- legacy data (before release of this
#185025) is supported with
degraded view (same family tab is disabled with warning tooltip),
incompatible tab tables are statically rendered from markdown

Latest checks list view (changes):
- remove check index button icon from list view
- add historical results button icon instead of check index button
- historical results button icon directly opens history tab without
going through latest check

# UI Changes (before/after):

## ESS Changes

### Latest check expand icon
- expand icon is replaced with check now icon (functionality is the
same)
- tooltip text is updated
- this new icon is still opening the index check flyout tab (latest
check tab)

![ess_before_after_0](https://github.com/user-attachments/assets/795af721-6867-4f56-882e-2a0f52793560)

### Historical check icon **(NEW)**
- inline check now functionality is removed
- view history icon is added in its stead to open a flyout with history
tab
- tooltip text is updated

![ess_before_after_1](https://github.com/user-attachments/assets/7f2c6009-35c3-488c-87ac-3048f4bded7b)

### Flyout Header
- "checked at" subheader is now shorter (milliseconds are removed)
- Tabline with Latest check and History tabs is added **(NEW)**

![ess_before_after_2](https://github.com/user-attachments/assets/728ff743-500e-435a-a07e-4287647a0af5)

### History tab **(NEW)**
- top left: filter by check outcome
- top right: filter by date range
- list of checks collapsed by default (individually separately
controlled, multiple can be open at a time)
- pagination (10,25,50). 10 by default

![ess_after_3](https://github.com/user-attachments/assets/36fc0cee-b103-483d-ba79-d583bba89acf)

### Individual check result view **(NEW)**
- topline: extended index stats including new "custom", "ecs compliant"
& "all fields".
- incompatible fields and same family fields view (custom, ecs compliant
and all fields view is unavailable in history tab)

![ess_after_4](https://github.com/user-attachments/assets/57e6d5a1-1470-4c4b-9272-ccc872d80dc5)

### Legacy check result view **(NEW)**
- before this PR went to production
#185025 check result data
contained information allowing to recreate detailed view of incompatible
fields from markdown only (without same family fields)
- we recreate incompatible field tables in degraded view from markdown
- same family tab is permanently disabled with an explanation tooltip
- action buttons still work as is for incompatible fields view
- index stats panel is showing as for non-legacy result

![SCR-20241009-lmcu](https://github.com/user-attachments/assets/cd11435e-7335-40f3-a0b8-4e5c6bcc2f38)

### No results

![SCR-20241009-llzw](https://github.com/user-attachments/assets/a942ce8e-6e0e-46d3-9104-c30648a18208)

### Loading view

![ess_after_8](https://github.com/user-attachments/assets/1411ccc2-4978-41f6-a02d-2ca404a01c16)

### Error view

![ess_after_9](https://github.com/user-attachments/assets/adc80e19-0005-46f9-a667-ffd3bf8ecb4f)

## Serverless Changes
### Empty checks result badge **(FIX)**
- **previously empty pattern check result badge was marked as `PASS`
which was incorrect. It was removed.**

![serverless_before_after_0](https://github.com/user-attachments/assets/67e02e9c-cd7f-46d7-9b7a-9bdaa0abfc6c)

### Latest check expand icon
- expand icon is replaced with check now icon (functionality is the
same)
- tooltip text is updated
- this new icon is still opening the index check flyout tab (latest
check tab)

![serverless_before_after_1](https://github.com/user-attachments/assets/dfac9aad-158b-4863-b719-47d50b06bda3)

### Historical check icon **(NEW)**
- inline check now functionality is removed
- view history icon is added in its stead to open a flyout with history
tab
- tooltip text is updated

![serverless_before_after_2](https://github.com/user-attachments/assets/c688c28c-2d86-4669-a9bb-ffc297d21bbf)

### Flyout Header and Body Topline
- "checked at" subheader is now shorter (milliseconds are removed)
- Tabline with Latest check and History tabs is added **(NEW)**
- **Index Stats Panel is now also showing here just like in latest check
tab (but without phase label as ilm is not available in serverless)**
**(NEW)**

![serverless_before_after_3](https://github.com/user-attachments/assets/c3ae4160-d07c-4049-b8b4-4b66faa50320)

### History tab **(NEW)**
- top left: filter by check outcome
- top right: filter by date range
- list of checks collapsed by default (individually separately
controlled, multiple can be open at a time)
- pagination (10,25,50). 10 by default

![serverless_after_4](https://github.com/user-attachments/assets/8b767de3-1ab1-4b9f-b0b8-84754a3776ae)

### Individual check result view **(NEW)**
- topline: extended index stats including new "custom", "ecs compliant"
& "all fields" but **excluding ilm phase label section**.
- incompatible fields and same family fields view (custom, ecs compliant
and all fields view is unavailable in history tab)

![serverless_after_5](https://github.com/user-attachments/assets/d8fdd48f-63f2-48f2-8ede-3613bffaa157)

### Legacy check result view **(NEW)**
- before this PR went to production
#185025 check result data
contained information allowing to recreate detailed view of incompatible
fields from markdown only (without same family fields)
- we recreate incompatible field tables in degraded view from markdown
- same family tab is permanently disabled with an explanation tooltip
- action buttons still work as is for incompatible fields view
- index stats panel is showing as for non-legacy result

![SCR-20241009-lkhi](https://github.com/user-attachments/assets/10adee1c-c11a-428a-9c56-ecc20a37f97f)

### No results

![SCR-20241009-ljwg](https://github.com/user-attachments/assets/8bf48778-98d6-4a96-a713-b49d4cc5165a)

### Loading view

![serverless_after_9](https://github.com/user-attachments/assets/5ba1f2cc-cbd9-4cfa-964c-962be150016f)

### Error view

![serverless_after_10](https://github.com/user-attachments/assets/b5c33ded-4ee5-46ff-9e13-f9e5dfc7546e)
kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request Oct 11, 2024
@kapral18
[Secuity Solution][DQD] add historical results (Phase 1) (elastic#191898
80c7080 
)

addresses elastic#185882

leverages changes introduced in
elastic#188468

# Data Quality Dashboard Historical Results (Phase 1)

This PR introduces new functionality to the Data Quality Dashboard

History tab (new):
- view last 30 days of check results by default:
- filter by historical checks by outcome (PASS/FAIL/ALL)
- paginate all results (10 per page by default)
- each result can be viewed in individually and independently
expandable/collapsible accordion panel (collapsed by default)
- each result contains an extended index stats panel with (custom, ecs
and all fields counts)
- each result contains index properties tabs (incompatible and same
family)
- check now checks and redirects to latest check tab with latest check
info
- switching from initial historical tab to latest check tab triggers
latest check
- subsequent switching back and forth between already open history or
latest check tabs doesn't trigger a check
- legacy data (before release of this
elastic#185025) is supported with
degraded view (same family tab is disabled with warning tooltip),
incompatible tab tables are statically rendered from markdown

Latest checks list view (changes):
- remove check index button icon from list view
- add historical results button icon instead of check index button
- historical results button icon directly opens history tab without
going through latest check

# UI Changes (before/after):

## ESS Changes

### Latest check expand icon
- expand icon is replaced with check now icon (functionality is the
same)
- tooltip text is updated
- this new icon is still opening the index check flyout tab (latest
check tab)

![ess_before_after_0](https://github.com/user-attachments/assets/795af721-6867-4f56-882e-2a0f52793560)

### Historical check icon **(NEW)**
- inline check now functionality is removed
- view history icon is added in its stead to open a flyout with history
tab
- tooltip text is updated

![ess_before_after_1](https://github.com/user-attachments/assets/7f2c6009-35c3-488c-87ac-3048f4bded7b)

### Flyout Header
- "checked at" subheader is now shorter (milliseconds are removed)
- Tabline with Latest check and History tabs is added **(NEW)**

![ess_before_after_2](https://github.com/user-attachments/assets/728ff743-500e-435a-a07e-4287647a0af5)

### History tab **(NEW)**
- top left: filter by check outcome
- top right: filter by date range
- list of checks collapsed by default (individually separately
controlled, multiple can be open at a time)
- pagination (10,25,50). 10 by default

![ess_after_3](https://github.com/user-attachments/assets/36fc0cee-b103-483d-ba79-d583bba89acf)

### Individual check result view **(NEW)**
- topline: extended index stats including new "custom", "ecs compliant"
& "all fields".
- incompatible fields and same family fields view (custom, ecs compliant
and all fields view is unavailable in history tab)

![ess_after_4](https://github.com/user-attachments/assets/57e6d5a1-1470-4c4b-9272-ccc872d80dc5)

### Legacy check result view **(NEW)**
- before this PR went to production
elastic#185025 check result data
contained information allowing to recreate detailed view of incompatible
fields from markdown only (without same family fields)
- we recreate incompatible field tables in degraded view from markdown
- same family tab is permanently disabled with an explanation tooltip
- action buttons still work as is for incompatible fields view
- index stats panel is showing as for non-legacy result

![SCR-20241009-lmcu](https://github.com/user-attachments/assets/cd11435e-7335-40f3-a0b8-4e5c6bcc2f38)

### No results

![SCR-20241009-llzw](https://github.com/user-attachments/assets/a942ce8e-6e0e-46d3-9104-c30648a18208)

### Loading view

![ess_after_8](https://github.com/user-attachments/assets/1411ccc2-4978-41f6-a02d-2ca404a01c16)

### Error view

![ess_after_9](https://github.com/user-attachments/assets/adc80e19-0005-46f9-a667-ffd3bf8ecb4f)

## Serverless Changes
### Empty checks result badge **(FIX)**
- **previously empty pattern check result badge was marked as `PASS`
which was incorrect. It was removed.**

![serverless_before_after_0](https://github.com/user-attachments/assets/67e02e9c-cd7f-46d7-9b7a-9bdaa0abfc6c)

### Latest check expand icon
- expand icon is replaced with check now icon (functionality is the
same)
- tooltip text is updated
- this new icon is still opening the index check flyout tab (latest
check tab)

![serverless_before_after_1](https://github.com/user-attachments/assets/dfac9aad-158b-4863-b719-47d50b06bda3)

### Historical check icon **(NEW)**
- inline check now functionality is removed
- view history icon is added in its stead to open a flyout with history
tab
- tooltip text is updated

![serverless_before_after_2](https://github.com/user-attachments/assets/c688c28c-2d86-4669-a9bb-ffc297d21bbf)

### Flyout Header and Body Topline
- "checked at" subheader is now shorter (milliseconds are removed)
- Tabline with Latest check and History tabs is added **(NEW)**
- **Index Stats Panel is now also showing here just like in latest check
tab (but without phase label as ilm is not available in serverless)**
**(NEW)**

![serverless_before_after_3](https://github.com/user-attachments/assets/c3ae4160-d07c-4049-b8b4-4b66faa50320)

### History tab **(NEW)**
- top left: filter by check outcome
- top right: filter by date range
- list of checks collapsed by default (individually separately
controlled, multiple can be open at a time)
- pagination (10,25,50). 10 by default

![serverless_after_4](https://github.com/user-attachments/assets/8b767de3-1ab1-4b9f-b0b8-84754a3776ae)

### Individual check result view **(NEW)**
- topline: extended index stats including new "custom", "ecs compliant"
& "all fields" but **excluding ilm phase label section**.
- incompatible fields and same family fields view (custom, ecs compliant
and all fields view is unavailable in history tab)

![serverless_after_5](https://github.com/user-attachments/assets/d8fdd48f-63f2-48f2-8ede-3613bffaa157)

### Legacy check result view **(NEW)**
- before this PR went to production
elastic#185025 check result data
contained information allowing to recreate detailed view of incompatible
fields from markdown only (without same family fields)
- we recreate incompatible field tables in degraded view from markdown
- same family tab is permanently disabled with an explanation tooltip
- action buttons still work as is for incompatible fields view
- index stats panel is showing as for non-legacy result

![SCR-20241009-lkhi](https://github.com/user-attachments/assets/10adee1c-c11a-428a-9c56-ecc20a37f97f)

### No results

![SCR-20241009-ljwg](https://github.com/user-attachments/assets/8bf48778-98d6-4a96-a713-b49d4cc5165a)

### Loading view

![serverless_after_9](https://github.com/user-attachments/assets/5ba1f2cc-cbd9-4cfa-964c-962be150016f)

### Error view

![serverless_after_10](https://github.com/user-attachments/assets/b5c33ded-4ee5-46ff-9e13-f9e5dfc7546e)

(cherry picked from commit e5f7739)
@kapral18 kapral18 mentioned this pull request Oct 11, 2024
Closed
kibanamachine added a commit that referenced this pull request Oct 11, 2024
@kibanamachine @kapral18
[8.x] [Secuity Solution][DQD] add historical results (Phase 1) (#191898
3926570 
…) (#195962)

# Backport

This will backport the following commits from `main` to `8.x`:
- [[Secuity Solution][DQD] add historical results (Phase 1)
(#191898)](#191898)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Karen
Grigoryan","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-10-11T16:14:11Z","message":"[Secuity
Solution][DQD] add historical results (Phase 1) (#191898)\n\naddresses
#185882 \r\n\r\nleverages changes introduced
in\r\nhttps://github.com//pull/188468\r\n\r\n# Data
Quality Dashboard Historical Results (Phase 1)\r\n\r\nThis PR introduces
new functionality to the Data Quality Dashboard\r\n\r\nHistory tab
(new):\r\n- view last 30 days of check results by default:\r\n- filter
by historical checks by outcome (PASS/FAIL/ALL)\r\n- paginate all
results (10 per page by default)\r\n- each result can be viewed in
individually and independently\r\nexpandable/collapsible accordion panel
(collapsed by default)\r\n- each result contains an extended index stats
panel with (custom, ecs\r\nand all fields counts)\r\n- each result
contains index properties tabs (incompatible and same\r\nfamily)\r\n-
check now checks and redirects to latest check tab with latest
check\r\ninfo\r\n- switching from initial historical tab to latest check
tab triggers\r\nlatest check\r\n- subsequent switching back and forth
between already open history or\r\nlatest check tabs doesn't trigger a
check\r\n- legacy data (before release of
this\r\nhttps://github.com//pull/185025) is supported
with\r\ndegraded view (same family tab is disabled with warning
tooltip),\r\nincompatible tab tables are statically rendered from
markdown\r\n\r\nLatest checks list view (changes):\r\n- remove check
index button icon from list view\r\n- add historical results button icon
instead of check index button\r\n- historical results button icon
directly opens history tab without\r\ngoing through latest
check\r\n\r\n# UI Changes (before/after):\r\n\r\n## ESS
Changes\r\n\r\n### Latest check expand icon\r\n- expand icon is replaced
with check now icon (functionality is the\r\nsame)\r\n- tooltip text is
updated\r\n- this new icon is still opening the index check flyout tab
(latest\r\ncheck
tab)\r\n\r\n![ess_before_after_0](https://github.com/user-attachments/assets/795af721-6867-4f56-882e-2a0f52793560)\r\n\r\n###
Historical check icon **(NEW)**\r\n- inline check now functionality is
removed\r\n- view history icon is added in its stead to open a flyout
with history\r\ntab\r\n- tooltip text is
updated\r\n\r\n![ess_before_after_1](https://github.com/user-attachments/assets/7f2c6009-35c3-488c-87ac-3048f4bded7b)\r\n\r\n###
Flyout Header\r\n- \"checked at\" subheader is now shorter (milliseconds
are removed)\r\n- Tabline with Latest check and History tabs is added
**(NEW)**\r\n\r\n![ess_before_after_2](https://github.com/user-attachments/assets/728ff743-500e-435a-a07e-4287647a0af5)\r\n\r\n###
History tab **(NEW)**\r\n- top left: filter by check outcome\r\n- top
right: filter by date range\r\n- list of checks collapsed by default
(individually separately\r\ncontrolled, multiple can be open at a
time)\r\n- pagination (10,25,50). 10 by
default\r\n\r\n![ess_after_3](https://github.com/user-attachments/assets/36fc0cee-b103-483d-ba79-d583bba89acf)\r\n\r\n###
Individual check result view **(NEW)**\r\n- topline: extended index
stats including new \"custom\", \"ecs compliant\"\r\n& \"all
fields\".\r\n- incompatible fields and same family fields view (custom,
ecs compliant\r\nand all fields view is unavailable in history
tab)\r\n\r\n![ess_after_4](https://github.com/user-attachments/assets/57e6d5a1-1470-4c4b-9272-ccc872d80dc5)\r\n\r\n###
Legacy check result view **(NEW)**\r\n- before this PR went to
production\r\nhttps://github.com//pull/185025 check result
data\r\ncontained information allowing to recreate detailed view of
incompatible\r\nfields from markdown only (without same family
fields)\r\n- we recreate incompatible field tables in degraded view from
markdown\r\n- same family tab is permanently disabled with an
explanation tooltip\r\n- action buttons still work as is for
incompatible fields view\r\n- index stats panel is showing as for
non-legacy
result\r\n\r\n![SCR-20241009-lmcu](https://github.com/user-attachments/assets/cd11435e-7335-40f3-a0b8-4e5c6bcc2f38)\r\n\r\n###
No
results\r\n\r\n![SCR-20241009-llzw](https://github.com/user-attachments/assets/a942ce8e-6e0e-46d3-9104-c30648a18208)\r\n\r\n###
Loading
view\r\n\r\n![ess_after_8](https://github.com/user-attachments/assets/1411ccc2-4978-41f6-a02d-2ca404a01c16)\r\n\r\n###
Error
view\r\n\r\n![ess_after_9](https://github.com/user-attachments/assets/adc80e19-0005-46f9-a667-ffd3bf8ecb4f)\r\n\r\n##
Serverless Changes\r\n### Empty checks result badge **(FIX)**\r\n-
**previously empty pattern check result badge was marked as
`PASS`\r\nwhich was incorrect. It was
removed.**\r\n\r\n![serverless_before_after_0](https://github.com/user-attachments/assets/67e02e9c-cd7f-46d7-9b7a-9bdaa0abfc6c)\r\n\r\n###
Latest check expand icon\r\n- expand icon is replaced with check now
icon (functionality is the\r\nsame)\r\n- tooltip text is updated\r\n-
this new icon is still opening the index check flyout tab
(latest\r\ncheck
tab)\r\n\r\n![serverless_before_after_1](https://github.com/user-attachments/assets/dfac9aad-158b-4863-b719-47d50b06bda3)\r\n\r\n###
Historical check icon **(NEW)**\r\n- inline check now functionality is
removed\r\n- view history icon is added in its stead to open a flyout
with history\r\ntab\r\n- tooltip text is
updated\r\n\r\n![serverless_before_after_2](https://github.com/user-attachments/assets/c688c28c-2d86-4669-a9bb-ffc297d21bbf)\r\n\r\n###
Flyout Header and Body Topline\r\n- \"checked at\" subheader is now
shorter (milliseconds are removed)\r\n- Tabline with Latest check and
History tabs is added **(NEW)**\r\n- **Index Stats Panel is now also
showing here just like in latest check\r\ntab (but without phase label
as ilm is not available in
serverless)**\r\n**(NEW)**\r\n\r\n![serverless_before_after_3](https://github.com/user-attachments/assets/c3ae4160-d07c-4049-b8b4-4b66faa50320)\r\n\r\n###
History tab **(NEW)**\r\n- top left: filter by check outcome\r\n- top
right: filter by date range\r\n- list of checks collapsed by default
(individually separately\r\ncontrolled, multiple can be open at a
time)\r\n- pagination (10,25,50). 10 by
default\r\n\r\n![serverless_after_4](https://github.com/user-attachments/assets/8b767de3-1ab1-4b9f-b0b8-84754a3776ae)\r\n\r\n###
Individual check result view **(NEW)**\r\n- topline: extended index
stats including new \"custom\", \"ecs compliant\"\r\n& \"all fields\"
but **excluding ilm phase label section**.\r\n- incompatible fields and
same family fields view (custom, ecs compliant\r\nand all fields view is
unavailable in history
tab)\r\n\r\n![serverless_after_5](https://github.com/user-attachments/assets/d8fdd48f-63f2-48f2-8ede-3613bffaa157)\r\n\r\n###
Legacy check result view **(NEW)**\r\n- before this PR went to
production\r\nhttps://github.com//pull/185025 check result
data\r\ncontained information allowing to recreate detailed view of
incompatible\r\nfields from markdown only (without same family
fields)\r\n- we recreate incompatible field tables in degraded view from
markdown\r\n- same family tab is permanently disabled with an
explanation tooltip\r\n- action buttons still work as is for
incompatible fields view\r\n- index stats panel is showing as for
non-legacy
result\r\n\r\n![SCR-20241009-lkhi](https://github.com/user-attachments/assets/10adee1c-c11a-428a-9c56-ecc20a37f97f)\r\n\r\n###
No
results\r\n\r\n![SCR-20241009-ljwg](https://github.com/user-attachments/assets/8bf48778-98d6-4a96-a713-b49d4cc5165a)\r\n\r\n###
Loading
view\r\n\r\n![serverless_after_9](https://github.com/user-attachments/assets/5ba1f2cc-cbd9-4cfa-964c-962be150016f)\r\n\r\n###
Error
view\r\n\r\n![serverless_after_10](https://github.com/user-attachments/assets/b5c33ded-4ee5-46ff-9e13-f9e5dfc7546e)","sha":"e5f7739b263902bd01aca9fa902be7cc5181e855","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["v9.0.0","Team:Threat
Hunting","release_note:feature","Team:Threat
Hunting:Explore","backport:prev-minor","ci:cloud-deploy","ci:cloud-redeploy","ci:cloud-persist-deployment","ci:build-serverless-image","ci:project-deploy-security","ci:project-persist-deployment","ci:project-redeploy","v8.16.0"],"title":"[Secuity
Solution][DQD] add historical results (Phase 1)
","number":191898,"url":"https://github.com/elastic/kibana/pull/191898","mergeCommit":{"message":"[Secuity
Solution][DQD] add historical results (Phase 1) (#191898)\n\naddresses
#185882 \r\n\r\nleverages changes introduced
in\r\nhttps://github.com//pull/188468\r\n\r\n# Data
Quality Dashboard Historical Results (Phase 1)\r\n\r\nThis PR introduces
new functionality to the Data Quality Dashboard\r\n\r\nHistory tab
(new):\r\n- view last 30 days of check results by default:\r\n- filter
by historical checks by outcome (PASS/FAIL/ALL)\r\n- paginate all
results (10 per page by default)\r\n- each result can be viewed in
individually and independently\r\nexpandable/collapsible accordion panel
(collapsed by default)\r\n- each result contains an extended index stats
panel with (custom, ecs\r\nand all fields counts)\r\n- each result
contains index properties tabs (incompatible and same\r\nfamily)\r\n-
check now checks and redirects to latest check tab with latest
check\r\ninfo\r\n- switching from initial historical tab to latest check
tab triggers\r\nlatest check\r\n- subsequent switching back and forth
between already open history or\r\nlatest check tabs doesn't trigger a
check\r\n- legacy data (before release of
this\r\nhttps://github.com//pull/185025) is supported
with\r\ndegraded view (same family tab is disabled with warning
tooltip),\r\nincompatible tab tables are statically rendered from
markdown\r\n\r\nLatest checks list view (changes):\r\n- remove check
index button icon from list view\r\n- add historical results button icon
instead of check index button\r\n- historical results button icon
directly opens history tab without\r\ngoing through latest
check\r\n\r\n# UI Changes (before/after):\r\n\r\n## ESS
Changes\r\n\r\n### Latest check expand icon\r\n- expand icon is replaced
with check now icon (functionality is the\r\nsame)\r\n- tooltip text is
updated\r\n- this new icon is still opening the index check flyout tab
(latest\r\ncheck
tab)\r\n\r\n![ess_before_after_0](https://github.com/user-attachments/assets/795af721-6867-4f56-882e-2a0f52793560)\r\n\r\n###
Historical check icon **(NEW)**\r\n- inline check now functionality is
removed\r\n- view history icon is added in its stead to open a flyout
with history\r\ntab\r\n- tooltip text is
updated\r\n\r\n![ess_before_after_1](https://github.com/user-attachments/assets/7f2c6009-35c3-488c-87ac-3048f4bded7b)\r\n\r\n###
Flyout Header\r\n- \"checked at\" subheader is now shorter (milliseconds
are removed)\r\n- Tabline with Latest check and History tabs is added
**(NEW)**\r\n\r\n![ess_before_after_2](https://github.com/user-attachments/assets/728ff743-500e-435a-a07e-4287647a0af5)\r\n\r\n###
History tab **(NEW)**\r\n- top left: filter by check outcome\r\n- top
right: filter by date range\r\n- list of checks collapsed by default
(individually separately\r\ncontrolled, multiple can be open at a
time)\r\n- pagination (10,25,50). 10 by
default\r\n\r\n![ess_after_3](https://github.com/user-attachments/assets/36fc0cee-b103-483d-ba79-d583bba89acf)\r\n\r\n###
Individual check result view **(NEW)**\r\n- topline: extended index
stats including new \"custom\", \"ecs compliant\"\r\n& \"all
fields\".\r\n- incompatible fields and same family fields view (custom,
ecs compliant\r\nand all fields view is unavailable in history
tab)\r\n\r\n![ess_after_4](https://github.com/user-attachments/assets/57e6d5a1-1470-4c4b-9272-ccc872d80dc5)\r\n\r\n###
Legacy check result view **(NEW)**\r\n- before this PR went to
production\r\nhttps://github.com//pull/185025 check result
data\r\ncontained information allowing to recreate detailed view of
incompatible\r\nfields from markdown only (without same family
fields)\r\n- we recreate incompatible field tables in degraded view from
markdown\r\n- same family tab is permanently disabled with an
explanation tooltip\r\n- action buttons still work as is for
incompatible fields view\r\n- index stats panel is showing as for
non-legacy
result\r\n\r\n![SCR-20241009-lmcu](https://github.com/user-attachments/assets/cd11435e-7335-40f3-a0b8-4e5c6bcc2f38)\r\n\r\n###
No
results\r\n\r\n![SCR-20241009-llzw](https://github.com/user-attachments/assets/a942ce8e-6e0e-46d3-9104-c30648a18208)\r\n\r\n###
Loading
view\r\n\r\n![ess_after_8](https://github.com/user-attachments/assets/1411ccc2-4978-41f6-a02d-2ca404a01c16)\r\n\r\n###
Error
view\r\n\r\n![ess_after_9](https://github.com/user-attachments/assets/adc80e19-0005-46f9-a667-ffd3bf8ecb4f)\r\n\r\n##
Serverless Changes\r\n### Empty checks result badge **(FIX)**\r\n-
**previously empty pattern check result badge was marked as
`PASS`\r\nwhich was incorrect. It was
removed.**\r\n\r\n![serverless_before_after_0](https://github.com/user-attachments/assets/67e02e9c-cd7f-46d7-9b7a-9bdaa0abfc6c)\r\n\r\n###
Latest check expand icon\r\n- expand icon is replaced with check now
icon (functionality is the\r\nsame)\r\n- tooltip text is updated\r\n-
this new icon is still opening the index check flyout tab
(latest\r\ncheck
tab)\r\n\r\n![serverless_before_after_1](https://github.com/user-attachments/assets/dfac9aad-158b-4863-b719-47d50b06bda3)\r\n\r\n###
Historical check icon **(NEW)**\r\n- inline check now functionality is
removed\r\n- view history icon is added in its stead to open a flyout
with history\r\ntab\r\n- tooltip text is
updated\r\n\r\n![serverless_before_after_2](https://github.com/user-attachments/assets/c688c28c-2d86-4669-a9bb-ffc297d21bbf)\r\n\r\n###
Flyout Header and Body Topline\r\n- \"checked at\" subheader is now
shorter (milliseconds are removed)\r\n- Tabline with Latest check and
History tabs is added **(NEW)**\r\n- **Index Stats Panel is now also
showing here just like in latest check\r\ntab (but without phase label
as ilm is not available in
serverless)**\r\n**(NEW)**\r\n\r\n![serverless_before_after_3](https://github.com/user-attachments/assets/c3ae4160-d07c-4049-b8b4-4b66faa50320)\r\n\r\n###
History tab **(NEW)**\r\n- top left: filter by check outcome\r\n- top
right: filter by date range\r\n- list of checks collapsed by default
(individually separately\r\ncontrolled, multiple can be open at a
time)\r\n- pagination (10,25,50). 10 by
default\r\n\r\n![serverless_after_4](https://github.com/user-attachments/assets/8b767de3-1ab1-4b9f-b0b8-84754a3776ae)\r\n\r\n###
Individual check result view **(NEW)**\r\n- topline: extended index
stats including new \"custom\", \"ecs compliant\"\r\n& \"all fields\"
but **excluding ilm phase label section**.\r\n- incompatible fields and
same family fields view (custom, ecs compliant\r\nand all fields view is
unavailable in history
tab)\r\n\r\n![serverless_after_5](https://github.com/user-attachments/assets/d8fdd48f-63f2-48f2-8ede-3613bffaa157)\r\n\r\n###
Legacy check result view **(NEW)**\r\n- before this PR went to
production\r\nhttps://github.com//pull/185025 check result
data\r\ncontained information allowing to recreate detailed view of
incompatible\r\nfields from markdown only (without same family
fields)\r\n- we recreate incompatible field tables in degraded view from
markdown\r\n- same family tab is permanently disabled with an
explanation tooltip\r\n- action buttons still work as is for
incompatible fields view\r\n- index stats panel is showing as for
non-legacy
result\r\n\r\n![SCR-20241009-lkhi](https://github.com/user-attachments/assets/10adee1c-c11a-428a-9c56-ecc20a37f97f)\r\n\r\n###
No
results\r\n\r\n![SCR-20241009-ljwg](https://github.com/user-attachments/assets/8bf48778-98d6-4a96-a713-b49d4cc5165a)\r\n\r\n###
Loading
view\r\n\r\n![serverless_after_9](https://github.com/user-attachments/assets/5ba1f2cc-cbd9-4cfa-964c-962be150016f)\r\n\r\n###
Error
view\r\n\r\n![serverless_after_10](https://github.com/user-attachments/assets/b5c33ded-4ee5-46ff-9e13-f9e5dfc7546e)","sha":"e5f7739b263902bd01aca9fa902be7cc5181e855"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/191898","number":191898,"mergeCommit":{"message":"[Secuity
Solution][DQD] add historical results (Phase 1) (#191898)\n\naddresses
#185882 \r\n\r\nleverages changes introduced
in\r\nhttps://github.com//pull/188468\r\n\r\n# Data
Quality Dashboard Historical Results (Phase 1)\r\n\r\nThis PR introduces
new functionality to the Data Quality Dashboard\r\n\r\nHistory tab
(new):\r\n- view last 30 days of check results by default:\r\n- filter
by historical checks by outcome (PASS/FAIL/ALL)\r\n- paginate all
results (10 per page by default)\r\n- each result can be viewed in
individually and independently\r\nexpandable/collapsible accordion panel
(collapsed by default)\r\n- each result contains an extended index stats
panel with (custom, ecs\r\nand all fields counts)\r\n- each result
contains index properties tabs (incompatible and same\r\nfamily)\r\n-
check now checks and redirects to latest check tab with latest
check\r\ninfo\r\n- switching from initial historical tab to latest check
tab triggers\r\nlatest check\r\n- subsequent switching back and forth
between already open history or\r\nlatest check tabs doesn't trigger a
check\r\n- legacy data (before release of
this\r\nhttps://github.com//pull/185025) is supported
with\r\ndegraded view (same family tab is disabled with warning
tooltip),\r\nincompatible tab tables are statically rendered from
markdown\r\n\r\nLatest checks list view (changes):\r\n- remove check
index button icon from list view\r\n- add historical results button icon
instead of check index button\r\n- historical results button icon
directly opens history tab without\r\ngoing through latest
check\r\n\r\n# UI Changes (before/after):\r\n\r\n## ESS
Changes\r\n\r\n### Latest check expand icon\r\n- expand icon is replaced
with check now icon (functionality is the\r\nsame)\r\n- tooltip text is
updated\r\n- this new icon is still opening the index check flyout tab
(latest\r\ncheck
tab)\r\n\r\n![ess_before_after_0](https://github.com/user-attachments/assets/795af721-6867-4f56-882e-2a0f52793560)\r\n\r\n###
Historical check icon **(NEW)**\r\n- inline check now functionality is
removed\r\n- view history icon is added in its stead to open a flyout
with history\r\ntab\r\n- tooltip text is
updated\r\n\r\n![ess_before_after_1](https://github.com/user-attachments/assets/7f2c6009-35c3-488c-87ac-3048f4bded7b)\r\n\r\n###
Flyout Header\r\n- \"checked at\" subheader is now shorter (milliseconds
are removed)\r\n- Tabline with Latest check and History tabs is added
**(NEW)**\r\n\r\n![ess_before_after_2](https://github.com/user-attachments/assets/728ff743-500e-435a-a07e-4287647a0af5)\r\n\r\n###
History tab **(NEW)**\r\n- top left: filter by check outcome\r\n- top
right: filter by date range\r\n- list of checks collapsed by default
(individually separately\r\ncontrolled, multiple can be open at a
time)\r\n- pagination (10,25,50). 10 by
default\r\n\r\n![ess_after_3](https://github.com/user-attachments/assets/36fc0cee-b103-483d-ba79-d583bba89acf)\r\n\r\n###
Individual check result view **(NEW)**\r\n- topline: extended index
stats including new \"custom\", \"ecs compliant\"\r\n& \"all
fields\".\r\n- incompatible fields and same family fields view (custom,
ecs compliant\r\nand all fields view is unavailable in history
tab)\r\n\r\n![ess_after_4](https://github.com/user-attachments/assets/57e6d5a1-1470-4c4b-9272-ccc872d80dc5)\r\n\r\n###
Legacy check result view **(NEW)**\r\n- before this PR went to
production\r\nhttps://github.com//pull/185025 check result
data\r\ncontained information allowing to recreate detailed view of
incompatible\r\nfields from markdown only (without same family
fields)\r\n- we recreate incompatible field tables in degraded view from
markdown\r\n- same family tab is permanently disabled with an
explanation tooltip\r\n- action buttons still work as is for
incompatible fields view\r\n- index stats panel is showing as for
non-legacy
result\r\n\r\n![SCR-20241009-lmcu](https://github.com/user-attachments/assets/cd11435e-7335-40f3-a0b8-4e5c6bcc2f38)\r\n\r\n###
No
results\r\n\r\n![SCR-20241009-llzw](https://github.com/user-attachments/assets/a942ce8e-6e0e-46d3-9104-c30648a18208)\r\n\r\n###
Loading
view\r\n\r\n![ess_after_8](https://github.com/user-attachments/assets/1411ccc2-4978-41f6-a02d-2ca404a01c16)\r\n\r\n###
Error
view\r\n\r\n![ess_after_9](https://github.com/user-attachments/assets/adc80e19-0005-46f9-a667-ffd3bf8ecb4f)\r\n\r\n##
Serverless Changes\r\n### Empty checks result badge **(FIX)**\r\n-
**previously empty pattern check result badge was marked as
`PASS`\r\nwhich was incorrect. It was
removed.**\r\n\r\n![serverless_before_after_0](https://github.com/user-attachments/assets/67e02e9c-cd7f-46d7-9b7a-9bdaa0abfc6c)\r\n\r\n###
Latest check expand icon\r\n- expand icon is replaced with check now
icon (functionality is the\r\nsame)\r\n- tooltip text is updated\r\n-
this new icon is still opening the index check flyout tab
(latest\r\ncheck
tab)\r\n\r\n![serverless_before_after_1](https://github.com/user-attachments/assets/dfac9aad-158b-4863-b719-47d50b06bda3)\r\n\r\n###
Historical check icon **(NEW)**\r\n- inline check now functionality is
removed\r\n- view history icon is added in its stead to open a flyout
with history\r\ntab\r\n- tooltip text is
updated\r\n\r\n![serverless_before_after_2](https://github.com/user-attachments/assets/c688c28c-2d86-4669-a9bb-ffc297d21bbf)\r\n\r\n###
Flyout Header and Body Topline\r\n- \"checked at\" subheader is now
shorter (milliseconds are removed)\r\n- Tabline with Latest check and
History tabs is added **(NEW)**\r\n- **Index Stats Panel is now also
showing here just like in latest check\r\ntab (but without phase label
as ilm is not available in
serverless)**\r\n**(NEW)**\r\n\r\n![serverless_before_after_3](https://github.com/user-attachments/assets/c3ae4160-d07c-4049-b8b4-4b66faa50320)\r\n\r\n###
History tab **(NEW)**\r\n- top left: filter by check outcome\r\n- top
right: filter by date range\r\n- list of checks collapsed by default
(individually separately\r\ncontrolled, multiple can be open at a
time)\r\n- pagination (10,25,50). 10 by
default\r\n\r\n![serverless_after_4](https://github.com/user-attachments/assets/8b767de3-1ab1-4b9f-b0b8-84754a3776ae)\r\n\r\n###
Individual check result view **(NEW)**\r\n- topline: extended index
stats including new \"custom\", \"ecs compliant\"\r\n& \"all fields\"
but **excluding ilm phase label section**.\r\n- incompatible fields and
same family fields view (custom, ecs compliant\r\nand all fields view is
unavailable in history
tab)\r\n\r\n![serverless_after_5](https://github.com/user-attachments/assets/d8fdd48f-63f2-48f2-8ede-3613bffaa157)\r\n\r\n###
Legacy check result view **(NEW)**\r\n- before this PR went to
production\r\nhttps://github.com//pull/185025 check result
data\r\ncontained information allowing to recreate detailed view of
incompatible\r\nfields from markdown only (without same family
fields)\r\n- we recreate incompatible field tables in degraded view from
markdown\r\n- same family tab is permanently disabled with an
explanation tooltip\r\n- action buttons still work as is for
incompatible fields view\r\n- index stats panel is showing as for
non-legacy
result\r\n\r\n![SCR-20241009-lkhi](https://github.com/user-attachments/assets/10adee1c-c11a-428a-9c56-ecc20a37f97f)\r\n\r\n###
No
results\r\n\r\n![SCR-20241009-ljwg](https://github.com/user-attachments/assets/8bf48778-98d6-4a96-a713-b49d4cc5165a)\r\n\r\n###
Loading
view\r\n\r\n![serverless_after_9](https://github.com/user-attachments/assets/5ba1f2cc-cbd9-4cfa-964c-962be150016f)\r\n\r\n###
Error
view\r\n\r\n![serverless_after_10](https://github.com/user-attachments/assets/b5c33ded-4ee5-46ff-9e13-f9e5dfc7546e)","sha":"e5f7739b263902bd01aca9fa902be7cc5181e855"}},{"branch":"8.x","label":"v8.16.0","branchLabelMappingKey":"^v8.16.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Karen Grigoryan <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@semd semd semd approved these changes

@angorayc angorayc angorayc approved these changes

@andrew-goldstein andrew-goldstein andrew-goldstein approved these changes

Assignees

@kapral18 kapral18

Labels
backport:skip This commit does not require backporting release_note:skip Skip the PR/issue when compiling release notes Team:Threat Hunting:Explore Team:Threat Hunting Security Solution Threat Hunting Team v8.15.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@kapral18 @elasticmachine @kibana-ci @andrew-goldstein @angorayc @semd @kibanamachine