Optimize memory usage in the reduce script #4
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
crespocarlos
changed the title
## Summary Close elastic/kibana-team#948 Makes the error message when Kibana fails to load less scary 
…elastic#186987) ## Summary Closes elastic#182112 Added modal to manage agent policies. To verify: - go to an integration where the integration policies are listed - click on the `+` button in the agent policies column - click on `Manage agent policies` in the popover - add/remove agent policies in the modal - click submit, the integration policy should be updated to be linked to the updated agent policies <img width="1614" alt="image" src="https://github.com/elastic/kibana/assets/90178898/33101f7e-8563-4990-9a52-74e5448c21da"> Made a change to the table column display to show a `+` button even if there is only one policy. Previously the popover could only be accessed if there are at least 2 agent policies. Also restored the agent policy link, lock icon and revision display (instead of a badge) if there are multiple agent policies. @simosilvestri Let me know if you have any UX recommendation as it differs slightly from the prototype. <img width="982" alt="image" src="https://github.com/elastic/kibana/assets/90178898/51aff39c-3f84-4861-8614-c0e16b64f4bf"> <img width="1533" alt="image" src="https://github.com/elastic/kibana/assets/90178898/f08de084-d4c2-47c6-b532-f875ceaf10ef"> EDIT: after discussing with Simona, removed the + button in case of a single agent policy assigned to the integration policy. <img width="1391" alt="image" src="https://github.com/elastic/kibana/assets/90178898/9ce5e98a-3ea2-4b79-a073-62047012db03"> Disabling `Manage agent policies` button if the current user doesn't have at least write integration policies and write agent policies privilege. This is how it looks with read privileges: <img width="2294" alt="image" src="https://github.com/elastic/kibana/assets/90178898/625843fb-8a50-4a06-b3a3-dc95a9fc2654"> ### Checklist - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
## Summary This adds a browser event-based event listener to the `useUnsavedChangesPrompt` hook, so that we also show an unsaved changes prompt when the user closes the browser or navigates outside our SPA. Co-authored-by: Elastic Machine <[email protected]>
…astic#186961) ## Summary This fixes the inference endpoint creation API being called multiple times on error. The call will often time out because downloading/deploying the model takes longer than the Kibana request timeout limit. Setting the timeout limit higher would still be fragile, so ignoring the timeout error makes more sense. This PR also contains a few small language fixes and variable renames for clarity.
## Summary This adds a prompt when users try to leave the mappings editor page with unsaved changes. <img width="1311" alt="Screenshot 2024-06-28 at 17 13 18" src="https://github.com/elastic/kibana/assets/94373878/50aac235-0671-4479-bb27-b2ebde7e6920"> ## Testing Go to the index management index details page Open the mappings tab Add a field to your mappings but don't hit save Try to navigate away within Kibana and you should see the above dismissable callout --------- Co-authored-by: kibanamachine <[email protected]> Co-authored-by: Elastic Machine <[email protected]>
…ay values (elastic#186323) ## Summary Related ticket: elastic#180162 Adds the diff algorithm for arrays of scalar values (right now we only have fields of strings) and unit tests to cover all the base cases of what the algorithm can return. ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: Elastic Machine <[email protected]>
…roidic pipeline (elastic#186613) ## Summary Fixes elastic#181684 This PR creates scripts required to run threat hunting tests API tests in ESS and Serverless mode for Quality Gate periodic run pipeline. --------- Co-authored-by: Kibana Machine <[email protected]> Co-authored-by: Gloria Hornero <[email protected]>
Fix type - Cirtcuit -> Circuit ## Summary Summarize your PR. If it involves visual changes include a screenshot or gif. ### Checklist Delete any items that are not applicable to this PR. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) - [ ] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US)) - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)) - [ ] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers) ### Risk Matrix Delete this section if it is not applicable to this PR. Before closing this PR, invite QA, stakeholders, and other developers to identify risks that should be tested prior to the change/feature release. When forming the risk matrix, consider some of the following examples and how they may potentially impact the change: | Risk | Probability | Severity | Mitigation/Notes | |---------------------------|-------------|----------|-------------------------| | Multiple Spaces—unexpected behavior in non-default Kibana Space. | Low | High | Integration tests will verify that all features are still supported in non-default Kibana Space and when user switches between spaces. | | Multiple nodes—Elasticsearch polling might have race conditions when multiple Kibana nodes are polling for the same tasks. | High | Low | Tasks are idempotent, so executing them multiple times will not result in logical error, but will degrade performance. To test for this case we add plenty of unit tests around this logic and document manual testing procedure. | | Code should gracefully handle cases when feature X or plugin Y are disabled. | Medium | High | Unit tests will verify that any feature flag or plugin combination still results in our service operational. | | [See more potential risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) | ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
Closes elastic#182219 ## Summary Show a `shared` label with a tooltip in integration table when an integration policy is shared by multiple policies.    --------- Co-authored-by: Kibana Machine <[email protected]>
## Summary Changed connector configuration flow to include more user friendly deployment sections. See screenshots and recordings. https://github.com/elastic/kibana/assets/1410658/3c6a882b-1fff-45cb-ad5d-c90c0d1275c4 <img width="1279" alt="Screenshot 2024-07-01 at 15 01 30" src="https://github.com/elastic/kibana/assets/1410658/fa1b4fa6-df60-4a68-b231-35fc1d8b5f51"> <img width="1282" alt="Screenshot 2024-07-01 at 15 01 37" src="https://github.com/elastic/kibana/assets/1410658/af3103e2-8ffd-4d98-a5b0-d23acfd99448"> <img width="1239" alt="Screenshot 2024-07-01 at 15 02 31" src="https://github.com/elastic/kibana/assets/1410658/388fe8dd-7fbc-4e28-84dd-57b78aa73e95"> <img width="1229" alt="Screenshot 2024-07-01 at 15 02 36" src="https://github.com/elastic/kibana/assets/1410658/0f2de0f4-6df9-45cd-a140-64167bbfb870"> <img width="1229" alt="Screenshot 2024-07-01 at 15 02 42" src="https://github.com/elastic/kibana/assets/1410658/f369248b-176e-4e9d-84e7-ea64a6320538"> ### Checklist Delete any items that are not applicable to this PR. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [x] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) - [ ] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US)) - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [x] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)) - [x] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers) --------- Co-authored-by: José Luis González <[email protected]>
…ge (elastic#187283) ## Summary Addresses elastic#184904. This PR updates UI FTR serverless tests to not run with operator privilege. ### Checklist Delete any items that are not applicable to this PR. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) - [ ] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US)) - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)) - [ ] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers) ### Risk Matrix Delete this section if it is not applicable to this PR. Before closing this PR, invite QA, stakeholders, and other developers to identify risks that should be tested prior to the change/feature release. When forming the risk matrix, consider some of the following examples and how they may potentially impact the change: | Risk | Probability | Severity | Mitigation/Notes | |---------------------------|-------------|----------|-------------------------| | Multiple Spaces—unexpected behavior in non-default Kibana Space. | Low | High | Integration tests will verify that all features are still supported in non-default Kibana Space and when user switches between spaces. | | Multiple nodes—Elasticsearch polling might have race conditions when multiple Kibana nodes are polling for the same tasks. | High | Low | Tasks are idempotent, so executing them multiple times will not result in logical error, but will degrade performance. To test for this case we add plenty of unit tests around this logic and document manual testing procedure. | | Code should gracefully handle cases when feature X or plugin Y are disabled. | Medium | High | Unit tests will verify that any feature flag or plugin combination still results in our service operational. | | [See more potential risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) | ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
crespocarlos
force-pushed
the
179229-service-map-reduce-script-improvement
branch
from
ca10023 to
84430f4
Compare
…ic#187347) ## Summary This PR contains 2 different fixes: - License upgrade: The `isAvailable` route context function was returning _false_ after the license was upgraded to `Enterprise`, the server needed to be restarted for the license check to pass. That was happening because we were using the same flag for the license and the `setIsAvailable` contract API (serverless). The flags had been split so the license check can now be updated to _true_ if needed, without issues. - Default logo: We were using a different default logo than the integrations application, when the user was not setting a custom one we were forcing our default logo, which was inconsistent with the Integrations app's default logo:  This logic has been removed and, in the scenario where the user doesn't want a custom logo, we leave the package manifest without logo definition so the integration app can apply their default logo (package) and everything is consistent.  --------- Co-authored-by: Elastic Machine <[email protected]>
…lastic#186857) ## Summary This PR enables alert preview in the document flyout. How to test: - Enable feature flag `entityAlertPreviewEnabled` - Generate some alerts and open alert flyout - Go to correlations details (expanded section) - Click on any hyperlinked rule to open an alert preview https://github.com/elastic/kibana/assets/18648970/118a3e22-94d2-4b68-bf23-0f77ad5e8cfd ### Checklist - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
Small update to Fleet readme
## Updates ### Latest updates - Expose whether KB is configured to run in FIPS mode from Core -> Security <img width="653" alt="Screenshot 2024-06-20 at 9 55 17 PM" src="https://github.com/elastic/kibana/assets/21210601/56a9f50f-0a05-41ca-9292-ed225b3d8062"> Consolidating all FIPS PRs into this PR *Previous PRs were Approved ### Changes - Config option is now experimental: `xpack.security.experimental.fipsMode.enabled` - Documentation has been revised - Listed as an experimental feature - Added keystore references for adding a password ## Summary Closes elastic#169738 Closes elastic#169739 Closes elastic#169740 Closes elastic#185948 FIPS is a platinum license feature. KIbana instances must have a platinum or better license to start up in FIPS mode, a lesser license will result in Kibana failing to start up If the license is degraded, Kibana will still run, but an error will be logged letting the user know that Kibana will not be able to restart. ## Config changes This PR required the changes that were approved from [a previous PR](elastic#174558), since that PR couldn't be merged into main, I merged it here. ## Testing ### Locally In your `kibana.dev.yml` add: `xpack.security.experimental.fipsMode.enabled: true` To allow Kibana to start without actually providing a compliant OpenSSL provider, in `x-pack/plugins/security/server/config.ts` change L328 from `if (isFipsEnabled !== isNodeRunningWithFipsEnabled)` to `if (false)` You are now configured to run in FIPS-spoof mode! Run: `yarn es snapshot` and `yarn start` > You should see Kibana fail to start with an error about using a basic license. Run: `yarn es snapshot --license trial` and `yarn start` > Kibana should start. Login as `elastic` and navigate to Stack Management > License Management Switch your license to `basic` and accept. In your logs, you will see an error letting users know that you no longer have an appropriate license and Kibana will not restart. ### For FIPS enthusiasts Start an ES instance in a method of your choosing, but not using `yarn es snapshot`. I like to use an 8.15.0-snapshot from the `.es/cache` directory by running `tar -xzvf elasticsearch-8.15.0-SNAPSHOT-darwin-aarch64.tar.gz ` and cd into the new directory's `bin` folder to run `./elasticsearch` Ensure you have Docker running locally. From any command line, run: `docker run --rm -it -e XPACK_SECURITY_FIPSMODE_ENABLED='true' -p 5601:5601/tcp docker.elastic.co/kibana-ci/kibana-ubi-fips:8.15.0-SNAPSHOT-bc3150316ed317c08d57c6bd785ba39586072e1d` This will start Kibana into Interactive Setup mode, copy and paste the token from the ES startup logs. Kibana should fail to start and you should see Kibana fail to start with an error about using a basic license. Repeat the above process except before you paste the token from ES, do the following to enable a trial license on your ES instance: In a new terminal window, navigate to your the top level of your elasticsearch folder and run `curl -X POST --cacert config/certs/http_ca.crt -u elastic:YOUR_PASSWORD_HERE "https://localhost:9200/_license/start_trial?acknowledge=true&pretty"` You should receive a successful response. Now paste the token from the ES startup logs into the Kibana Interactive Setup window and Kibana should start. Login as `elastic` and navigate to Stack Management > License Management Switch your license to `basic` and accept. In your logs, you will see an error letting users know that you no longer have an appropriate license and Kibana will not restart. --------- Co-authored-by: kibanamachine <[email protected]> Co-authored-by: lcawl <[email protected]>
…ys (elastic#187361) ## Summary We introduced `manage_connector` privilege in ES: elastic/elasticsearch#110128 Let's use it for new generated API keys for connectors. Note: this privilege was merged to ES yesterday, so CI might fail if the ES image was not updated yet. ### Checklist Delete any items that are not applicable to this PR. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - We will add this privilege in ES docs - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
## Summary Fixes elastic#185875. Since we created the correlations feature for APM, some new options were added to the `_field_caps` API which allow us to improve the way we retrieve field candidates for the analysis. Previously we used 2 queries to get field candidates: We fetched all fields via `_field_caps`, then searched for a random sample of 1000 docs to identify fields with values. Additional code would then filter the supported fields. Now we can use additional `_field_caps` options to get rid of the random docs request and simplify some of the filtering code. - `filters: '-metadata,-parent'` will exclude metadata and object fields, - `include_empty_fields: false` will include populated fields only, - `index_filter: ...` allows to provide a range filter with `start/end` to limit the scope of indices, - `types: ...` allows us to get only fields of the type supported by the analysis (keyword, boolean, ip). ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
elastic#187179) Part of elastic#186574 ## Summary This PR migrates the Lists Plugin's `ListsRequestHandlerContext`, which consumes `authc.getCurrentUser`, to use `coreStart.security`. Background: This PR serves as an example of a plugin migrating away from depending on the Security plugin, which is a high priority effort for the last release before 9.0. ### Checklist Delete any items that are not applicable to this PR. - [X] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: kibanamachine <[email protected]>
…ity (elastic#186924) Part of elastic#186574 Background: This PR serves as an example of a plugin migrating away from depending on the Security plugin, which is a high priority effort for the last release before 9.0. The Actions plugin uses the `authc.getCurrentUser` method to attribute the current user to persisted actions that are created in the system. ### Checklist Delete any items that are not applicable to this PR. - [X] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
…ve on resize (elastic#185907) ## Summary This PR ensures the SMV chart in dashboards is responsive. This PR takes the height on panel change and calculates the percentage height of each part of the SMV chart - these heights are then passed to the chart element. <img width="1332" alt="image" src="https://github.com/elastic/kibana/assets/6446462/fadcc0f5-420a-4417-872e-bec3fb9f14b6"> ## Known issues: While the svg of the chart as a whole grows as expected with increased height, the focus chart doesn't resize correctly until a full page refresh. There probably needs to be a comparison of previous/current height to force a full chart rerender - digging more into that. Same thing happens when resizing back down likely due to the same issue. ### Checklist Delete any items that are not applicable to this PR. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) - [ ] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US)) - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)) - [ ] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers) --------- Co-authored-by: Kibana Machine <[email protected]> Co-authored-by: Elastic Machine <[email protected]>
…Fields bulk action (elastic#187307) ## Summary With these changes we update the copies of the "Custom Highlighted Fields" bulk action. <img width="1775" alt="Screenshot 2024-07-01 at 22 28 43" src="https://github.com/elastic/kibana/assets/2700761/2effc5d6-4876-48e3-805f-69507d43dce2"> <img width="1775" alt="Screenshot 2024-07-01 at 22 28 36" src="https://github.com/elastic/kibana/assets/2700761/569c82fd-5a6f-43d2-9ce7-5b4ce56c879e"> <img width="1775" alt="Screenshot 2024-07-01 at 22 28 21" src="https://github.com/elastic/kibana/assets/2700761/bd5954ac-abba-42cb-9996-2688782d88c9"> --------- Co-authored-by: Elastic Machine <[email protected]>
…t filtering on event filter cards (elastic#187174) ## Summary The modifications indicate to the users if an Event Filter filters process descendants, displayed in 3 places. It's a bit of a prop drilling to be honest, but that was needed to keep `ArtifactXZ` components generic by passing a 'decorator' component from the outside. ### Testing Modifications are behind feature flag: `xpack.securitySolution.enableExperimental.filterProcessDescendantsForEventFiltersEnabled` To change an Event Filter to Process descendant filtering, you just need to change the toggle on the new/edit flyout: <img width="400" alt="image" src="https://github.com/elastic/kibana/assets/39014407/23c64d77-7d28-44c1-9a7f-07499652610b"> ### Manage / Event Filters - `ArtifactEntryCard` <img width="1393" alt="image" src="https://github.com/elastic/kibana/assets/39014407/79459f08-3b30-4f66-b058-e9b2bbaed705"> <img width="675" alt="image" src="https://github.com/elastic/kibana/assets/39014407/7be9d2d8-85d4-4a8d-b650-f1371bcaa903"> ### Manage / Policies / Event Filters tab / Assign flyout - `ArtifactEntryCardMinified` <img width="1315" alt="image" src="https://github.com/elastic/kibana/assets/39014407/57b6564b-8b43-4a37-9d4b-c7db5cbefbeb"> <img width="668" alt="image" src="https://github.com/elastic/kibana/assets/39014407/7e3e1b4a-e0f0-4b20-8b9b-f7d24589ce2a"> ### Manage / Policies / Event Filters tab - when there are assigned filters - `ArtifactEntryCollapsibleCard` <img width="1068" alt="image" src="https://github.com/elastic/kibana/assets/39014407/af31b89e-9845-4625-a95d-f610a57203f4"> <img width="1067" alt="image" src="https://github.com/elastic/kibana/assets/39014407/f9b98c4b-ed47-4f62-8bed-95c65420ab4f"> ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: Elastic Machine <[email protected]>
) ## Summary This PR introduces below mentioned 3 changes: ### Row Renderer Switch A quick switch to switch on/off all the row-renderers without going into settings. > [!Caution] > This is only available with feature flag `unifiedComponentsInTimelineEnabled` https://github.com/elastic/kibana/assets/7485038/88fcf4e0-a5a2-4158-bc86-b313002790ec ### Notes in a separate Flyout - Notes do not appear inline anymore. They are now part of separate Flyout. - This Change also introduces a notification dot to highlight that existing notes are available. https://github.com/elastic/kibana/assets/7485038/491e256f-36dc-42f3-89f3-4c8c90c969a5 ### Color Distinction between enabled/disabled Row Renderers. Previously it was difficult to see what row renderers are available and what are not. This change introduces a small color distinction. https://github.com/elastic/kibana/assets/7485038/ba250c4c-cb93-4bc7-b593-235ccaf207cb ## Desk Testing Please desk test following functionalities with AND without below feature flag: 1. Add Note 2. Cancel when adding note. 3. Create a new timeline 4. Load saved timeline 5. Change from one timeline to other 6. Open Timeline page directly with saved timeline in the address bar. In all above scenarios row renders and notes should be shown as expected. ``` xpack.securitySolution.enableExperimental: - unifiedComponentsInTimelineEnabled ```
Co-authored-by: jennypavlova <[email protected]>
## Summary Closes elastic#186494 - Adds ~~`top_list`~~ `top` function definition - Adds basic smoke tests ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios ### For maintainers - [x] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --------- Co-authored-by: Elastic Machine <[email protected]>
# Testing instructions * The k8s flow should work already for logs but won't report any metrics * The linux/mac flow requires the following stopgap measure until everything is ready * Run the provided snippet * It will fail with `No such file or directory` * Run either `touch otel.yml && mkdir otel_samples && curl https://raw.githubusercontent.com/elastic/elastic-agent/871ad33afc5ac1614f0645e86f2a13c05631aa6d/internal/pkg/otel/samples/darwin/platformlogs_hostmetrics.yml -o otel_samples/platformlogs_hostmetrics.yml` for mac or `touch otel.yml && mkdir otel_samples && curl https://raw.githubusercontent.com/elastic/elastic-agent/871ad33afc5ac1614f0645e86f2a13c05631aa6d/internal/pkg/otel/samples/linux/platformlogs_hostmetrics.yml -o otel_samples/platformlogs_hostmetrics.yml` for linux * Re-run the second part of the snippet (the part starting with `rm`) * The rest should work as before Closes elastic#184433 <img width="931" alt="Screenshot 2024-06-20 at 15 04 19" src="https://github.com/elastic/kibana/assets/1508364/f50392ae-d956-463f-9120-0d01b0fbfa80"> <img width="937" alt="Screenshot 2024-06-20 at 15 04 32" src="https://github.com/elastic/kibana/assets/1508364/a968f615-f173-4210-bb47-6700cc989d5a"> TODOs: * Real kubernetes snippet * Do not show on serverless (disabled for testability) * Remove snapshot version and CDN url --------- Co-authored-by: kibanamachine <[email protected]>
## Summary Currently is not possible to see at first sight which execution is from Cypress and which one from API. <img width="2545" alt="Screenshot 2024-07-02 at 17 18 04" src="https://github.com/elastic/kibana/assets/17427073/c89c204d-e2cf-4661-87f4-1e206ad822d7"> In this PR we are updating the naming to make it easier to find out as well as simplifying the names.
## Summary This PR fixes an SDH issue where users are writing with a Japanese keyboard and transform the English to Japanese, they have to press ENTER key. Our OnKeyDown functionality automatically submits the form when the user hits the ENTER key from the question input text field. We removed the form submission from the text field. ### Checklist Delete any items that are not applicable to this PR. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) - [ ] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US)) - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)) - [ ] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers) ### Risk Matrix Delete this section if it is not applicable to this PR. Before closing this PR, invite QA, stakeholders, and other developers to identify risks that should be tested prior to the change/feature release. When forming the risk matrix, consider some of the following examples and how they may potentially impact the change: | Risk | Probability | Severity | Mitigation/Notes | |---------------------------|-------------|----------|-------------------------| | Multiple Spaces—unexpected behavior in non-default Kibana Space. | Low | High | Integration tests will verify that all features are still supported in non-default Kibana Space and when user switches between spaces. | | Multiple nodes—Elasticsearch polling might have race conditions when multiple Kibana nodes are polling for the same tasks. | High | Low | Tasks are idempotent, so executing them multiple times will not result in logical error, but will degrade performance. To test for this case we add plenty of unit tests around this logic and document manual testing procedure. | | Code should gracefully handle cases when feature X or plugin Y are disabled. | Medium | High | Unit tests will verify that any feature flag or plugin combination still results in our service operational. | | [See more potential risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) | ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --------- Co-authored-by: Elastic Machine <[email protected]>
Closes elastic#186663 ## Summary Follow-up to elastic#186321. This PR updates the Rollup badges in the Data view create form so that they show that Rollup is deprecated. <details> <summary>Before:</summary> <img width="1327" alt="Screenshot 2024-07-01 at 11 48 21" src="https://github.com/elastic/kibana/assets/59341489/9f4e1cd1-a34c-42dd-926a-ed6758f06ed7"> </details> <details> <summary>Now:</summary> <img width="1323" alt="Screenshot 2024-07-01 at 17 50 48" src="https://github.com/elastic/kibana/assets/59341489/084873f2-3707-46c4-b4ba-19b4e68c2d87"> <img width="1323" alt="Screenshot 2024-07-01 at 17 50 54" src="https://github.com/elastic/kibana/assets/59341489/d021ef34-3a84-4406-b23e-027aa2e8e868"> <img width="1323" alt="Screenshot 2024-07-01 at 17 50 59" src="https://github.com/elastic/kibana/assets/59341489/ef1246c5-00ed-4eaa-af21-e0515bce956a"> </details> **How to test:** 1. Start Es and Kibana 2. Add the sample data "Sample web logs" 3. Elasticsearch only allows creating a rollup job if there is an existing rollup usage in the cluster. To simulate rollup usage, create a mock rollup index through Console: ``` PUT /mock_rollup_index { "mappings": { "_meta": { "_rollup": { "id": "logs_job" } } } } ``` 4. Create a sample rollup job through Console: ``` PUT _rollup/job/logs_job { "id": "logs_job", "index_pattern": "kibana_sample_data_logs", "rollup_index": "rollup_logstash", "cron": "* * * * * ?", "page_size": 1000, "groups": { "date_histogram": { "interval": "60m", "delay": "7d", "time_zone": "UTC", "field": "@timestamp" }, "terms": { "fields": [ "geo.src", "machine.os.keyword" ] }, "histogram": { "interval": "1003", "fields": [ "bytes", "memory" ] } } } ``` 5. Delete the mock rollup index since it causes issues for the rollup API that we use to fetch rollup indices: `DELETE /mock_rollup_index` 6. Navigate to Stack Management -> Data Views and start creating a new data view. 7. Verify that the rollup badges are updated. <!-- ### Checklist Delete any items that are not applicable to this PR. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) - [ ] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US)) - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)) - [ ] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers) ### Risk Matrix Delete this section if it is not applicable to this PR. Before closing this PR, invite QA, stakeholders, and other developers to identify risks that should be tested prior to the change/feature release. When forming the risk matrix, consider some of the following examples and how they may potentially impact the change: | Risk | Probability | Severity | Mitigation/Notes | |---------------------------|-------------|----------|-------------------------| | Multiple Spaces—unexpected behavior in non-default Kibana Space. | Low | High | Integration tests will verify that all features are still supported in non-default Kibana Space and when user switches between spaces. | | Multiple nodes—Elasticsearch polling might have race conditions when multiple Kibana nodes are polling for the same tasks. | High | Low | Tasks are idempotent, so executing them multiple times will not result in logical error, but will degrade performance. To test for this case we add plenty of unit tests around this logic and document manual testing procedure. | | Code should gracefully handle cases when feature X or plugin Y are disabled. | Medium | High | Unit tests will verify that any feature flag or plugin combination still results in our service operational. | | [See more potential risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) | ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --> --------- Co-authored-by: kibanamachine <[email protected]>
## Summary test suite was skipped in elastic@8c18091
## Summary https://github.com/elastic/kibana/assets/315764/8f8e618c-22e6-4a33-957e-c9d1664cc000 Close elastic#184238 --------- Co-authored-by: Stratoula Kalafateli <[email protected]>
…stic#186417) ## Summary elastic#179229 This PR addresses the need to limit the amount of data that the scripted metric aggregation in the service map processes in one request which can lead to timeouts and OOMs, often resulting in the user seeing [parent circuit breaker](https://www.elastic.co/guide/en/elasticsearch/reference/current/circuit-breaker.html#parent-circuit-breaker) errors and no service map visualization. This query can fire up to 20 times max depending on how many trace ids are fetched in subsequent query, contributing more to exceeding the total allowable memory. These changes will not remove the possibility of OOMs or circuit breaker errors. It doesn't control for multiple users or other processes happening in kibana, rather we are removing the current state of querying for an unknown number of documents by providing a hard limit and a way to easily tweak that limit. ## Changes - Make get_service_paths_from_trace_ids "shard aware" by adding an initial query, `get_trace_ids_shard_data` without the aggregations and only the trace id filter and other filters in order to see how many shards were searched - Use a baseline of 2_576_980_377 bytes max from new config `serverlessServiceMapMaxAvailableBytes`, for all get_service_paths_from_trace_ids queries when hitting the `/internal/apm/service-map` - Calculate how many docs we should retrieve per shard and set that to `terminateAfter` and also as part of the map phase to ensure we never send more than this number to reduce - Calculation is: ((serverlessServiceMapMaxAvailableBytes / average document size) / totalRequests) / numberOfShards Eg: 2_576_980_377 / 495 avg doc size = 5,206,020 total docs 5,206,020 total docs / 10 requests = 520,602 docs per query 520,602 docs per query / 3 shards = **173,534 docs per shard** Since 173,534 is greater than the default setting `serviceMapTerminateAfter`, docs per shard is 100k - Ensure that `map_script` phase won't process duplicate events - Refactor the `processAndReturnEvent` function to replace recursion with a loop to mitigate risks of stack overflow and excessive memory consumption when processing deep trees ## Testing ### Testing that the scripted metric agg query does not exceed the request circuit breaker - start elasticsearch with default settings - on `main`, without these changes, update the request circuit breaker limit to be 2mb: ``` PUT /_cluster/settings { "persistent": { "indices.breaker.request.limit": "2mb" } } ``` - run synthtrace `node scripts/synthtrace.js service_map_oom --from=now-15m --to=now --clean` - Go to the service map, and you should see this error: <img width="305" alt="Screenshot 2024-06-20 at 2 41 18 PM" src="https://github.com/elastic/kibana/assets/1676003/517709e5-f5c0-46bf-a06f-5817458fe292"> - checkout this PR - set the apm kibana setting to 2mb(binary): `xpack.apm.serverlessServiceMapMaxAvailableBytes: 2097152`. this represents the available space for the [request circuit breaker](https://www.elastic.co/guide/en/elasticsearch/reference/current/circuit-breaker.html#request-circuit-breaker), since we aren't grabbing that dynamically. - navigate to the service map and you should not get this error and the service map should appear --------- Co-authored-by: Carlos Crespo <[email protected]> Co-authored-by: Elastic Machine <[email protected]>
…nt (elastic#186564) ## Summary Adds a Defend Advanced Policy option to allow 8.15.0 users to opt out of Registry Event Filtering. ### Checklist Delete any items that are not applicable to this PR. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
…nflicting configuration is provided via CLI arguments (elastic#187337) ## Summary Our functional test server provides Kibana configuration via CLI arguments that the code configuring the mock SAML IdP realm in dev mode didn't account for. This means that when we run the test server locally, both FTR and Kibana try to configure the mock SAML IdP, which crashes the local Kibana. This issue only affects those who run functional tests locally and doesn't impact CI, where we use the built version of Kibana to run tests. This built version doesn't include the mock SAML IdP, delegating the mock SAML IdP configuration solely to FTR. This PR updates the code that attempts to automatically configure the mock SAML IdP in dev mode to check the configuration from both config files and CLI arguments to determine whether automatic configuration is possible.
…rvices (elastic#186468) ## Summary Implements part 1 of elastic/observability-dev#3498 (adds an advanced setting and data access services for consumers). ## Reviewer notes - Please see note comments inline with the code. - The `limits.yml` change was generated by `node scripts/build_kibana_platform_plugins.js --update-limits`. - There are no consumers using this yet, so you'll need to make some minor adjustments if you'd like to test the access services. In a plugin (`infra` for example) the server side access could look like this: ```ts const [, { logsDataAccess }] = await getStartServices(); const logSourcesService = await logsDataAccess.services.getLogSourcesService(request); await logSourcesService.setLogSources([ { indexPattern: 'logs-*-*' }, { indexPattern: 'test-logs-*' }, ]); ``` Public access could look like this: ```ts const logSourcesService = plugins.logsDataAccess.services.logSourcesService; logSourcesService.setLogSources([{ indexPattern: 'client-side-logs-*' }]); ``` - I haven't added any tests here yet as any unit tests would more or less just be re-testing a UI settings mock. Functional tests will be valuable once there are consumers. ## UI <img width="1425" alt="Screenshot 2024-06-20 at 10 41 16" src="https://github.com/elastic/kibana/assets/471693/30608dcf-4c34-4d29-9a22-441b06757c28"> --------- Co-authored-by: kibanamachine <[email protected]>
## Summary This PR introduces Alert Suppression for ML Detection Rules. This feature is behaviorally similar to alerting suppression for other Detection Engine Rule types, and nearly identical to the analogous features for EQL rules. There are some additional UI behaviors introduced here as well, mainly intended to cover the shortcomings discovered in elastic#183100. Those behaviors are: 1. Populating the suppression field list with fields from the anomaly index(es). 1. Disabling the suppression UI if no selected ML jobs are running (because we cannot populate the list of fields on which they'll be suppressing). 1. Warning the user if _some_ selected ML jobs are not running (because the list of suppression fields may be incomplete). See screenshots below for more info. ### Intermediate Serverless Deployment As per the "intermediate deployment" requirements for serverless, while the schema (and declared alert SO mappings) will be extended to allow this functionality, the user-facing features are currently hidden behind a feature flag. Once this is merged and released, we can issue a "final" deployment in which the feature flag is enabled, and the feature effectively released. ## Screenshots * Overview of new UI fields <img width="1044" alt="Screenshot 2024-05-16 at 3 22 02 PM" src="https://github.com/elastic/kibana/assets/657252/8c07700d-5860-4d1e-a701-eac84fc35558"> * Example of Anomaly fields in suppression combobox <img width="881" alt="Screenshot 2024-06-06 at 5 14 17 PM" src="https://github.com/rylnd/kibana/assets/657252/9aa6ed99-1e02-44a0-ad1b-785136510d68"> * Suppression disabled due to no jobs running <img width="668" alt="Screenshot 2024-06-17 at 11 23 39 PM" src="https://github.com/elastic/kibana/assets/657252/a8636a52-31bd-4579-9bcd-d59d93c26984"> * Warning due to not all jobs running <img width="776" alt="Screenshot 2024-06-17 at 11 26 16 PM" src="https://github.com/elastic/kibana/assets/657252/f44c2400-570e-4fde-adce-e5841a2de08d"> ## Steps to Review 1. Review the Test Plan for an overview of behavior 2. Review Integration tests for an overview of implementation and edge cases 3. Review Cypress tests for an overview of UX changes 4. Testing on [Demo Instance](https://rylnd-pr-181926-ml-rule-alert-suppression.kbndev.co/) (elastic/changeme) 1. This instance has the relevant feature flag enabled, has some sample auditbeat data, as well as the [anomalies archive data](https://github.com/elastic/kibana/tree/main/x-pack/test/functional/es_archives/security_solution/anomalies) for the purposes of exercising an ML rule against "real" anomalies 1. There are a few example rules in the default space: 1. A simple [query rule](https://rylnd-pr-181926-ml-rule-alert-suppression.kbndev.co/app/security/rules/id/f6f5960d-7e4b-40c1-ae15-501112822130) against auditbeat data 1. An [ML rule](https://rylnd-pr-181926-ml-rule-alert-suppression.kbndev.co/app/security/rules/id/9122669e-b2e1-41ce-af25-eeae15aa9ece) with per-execution suppression on both `by_field_name` and `by_field_value` (which ends up not actually suppressing anything) 1. An [ML rule](https://rylnd-pr-181926-ml-rule-alert-suppression.kbndev.co/app/security/rules/id/0aabc280-00bd-42d4-82e6-65997c751797) with per-execution suppression on `by_field_name` (which suppresses all anomalies into a single alert) ## Related Issues - This feature was temporarily blocked by elastic#183100, but those changes are now in this PR. ## Checklist - [x] Functional changes are hidden behind a feature flag. If not hidden, the PR explains why these changes are being implemented in a long-living feature branch. - [x] Functional changes are covered with a test plan and automated tests. * [Test Plan](elastic/security-team#9279) - [x] Stability of new and changed tests is verified using the [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner) in both ESS and Serverless. By default, use 200 runs for ESS and 200 runs for Serverless. * [ESS - Cypress x 200](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/6449) * [Serverless - Cypress x 200](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/6450) * [ESS - API x 200](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/6447) * [Serverless - API x 200](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/6448) - [ ] Comprehensive manual testing is done by two engineers: the PR author and one of the PR reviewers. Changes are tested in both ESS and Serverless. - [ ] Mapping changes are accompanied by a technical design document. It can be a GitHub issue or an RFC explaining the changes. The design document is shared with and approved by the appropriate teams and individual stakeholders. - [ ] (OPTIONAL) OpenAPI specs changes include detailed descriptions and examples of usage and are ready to be released on https://docs.elastic.co/api-reference. NOTE: This is optional because at the moment we don't have yet any OpenAPI specs that would be fully "documented" and "GA-ready" for publishing on https://docs.elastic.co/api-reference. - [ ] Functional changes are communicated to the Docs team. A ticket is opened in https://github.com/elastic/security-docs using the [Internal documentation request (Elastic employees)](https://github.com/elastic/security-docs/issues/new?assignees=&labels=&projects=&template=docs-request-internal.yaml&title=%5BRequest%5D+) template. The following information is included: feature flags used, target ESS version, planned timing for ESS and Serverless releases. --------- Co-authored-by: Nastasha Solomon <[email protected]> Co-authored-by: kibanamachine <[email protected]>
## Summary With 8.14 released, we want to make sure our CSP is using the latest CSP version for our test environment
## Summary report following events: - open modal window for manual rule run - execute manual rule run + save time range in ms - cancel backfill job - filter in event log by run type - show source event date range Epic - elastic/security-team#2840 ### How to test enable feature flag - `manualRuleRunEnabled` You can see feature demo here - elastic#184500 Check that events appears here after some time - https://telemetry-v2-staging.elastic.dev/s/securitysolution/app/r/s/7YYlg --------- Co-authored-by: Kibana Machine <[email protected]> Co-authored-by: Elastic Machine <[email protected]>
…r scan w.r.to. PLIs (elastic#187376) ## Summary As `scan` response action is categorized now with Endpoint complete PLI include `scan` action in serverless tests using `responseActionScanEnabled` feature flag. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed
This disables a change in polling behavior of the ESE search strategy, which was introduced with elastic#178921. The response processing and progress reporting depends on it.
crespocarlos
force-pushed
the
179229-service-map-reduce-script-improvement
branch
from
84430f4 to
bf0bb62
Compare
neptunian
pushed a commit
that referenced
this pull request
Jan 21, 2025
…re replacements (elastic#206660) ## Summary Today, when a developer deprecates a feature and replaces its privileges with those of another feature, we reasonably assume that the new feature fully replaces the old one in all possible contexts - whether in role management UIs or in the Spaces feature toggles visibility UI. However, when deprecated privileges are replaced by the privileges of multiple features, such as in [this case](elastic#202863 (comment)) where the Discover/Dashboard/Maps feature privileges are replaced by the privileges of Discover_v2/Dashboard_v2/Maps_v2, respectively, **and** the privileges of the Saved Query Management feature, the choice is ambiguous. Which of these features should be treated as the replacement for the deprecated feature in contexts that deal with entire features (like the Spaces feature toggles visibility UI) rather than individual privileges (like in role management UIs)? Should all referenced features be considered replacements? Or just a subset - or even a single feature? If so, which one? Currently, we treat all referenced features as replacements for the deprecated feature, which creates problems, as described in detail in [this discussion](elastic#202863 (comment)). This PR allows developers to customize this behavior by specifying which features Kibana should treat as direct successors to deprecated features in contexts that deal with whole features rather than individual privileges: ```ts deps.features.registerKibanaFeature({ deprecated: { notice: 'The feature is deprecated because … well, there’s a reason.', --> replacedBy: ['feature_id_v2'], <-- }, id: 'feature_id' name: `Case #4 feature ${suffix} (DEPRECATED)`, … }); ``` ## How to test 1. Run test server ```bash node scripts/functional_tests_server.js --config x-pack/test/security_api_integration/features.config.ts ``` 2. Execute the following request from the Dev Tools (`case_4_feature_a` is a deprecated feature that is replaced by multiple features and **doesn't use** `deprecated.replacedBy`) ```http PUT kbn:/api/spaces/space/default?overwrite=true { "id":"default", "name":"Default", "description":"This is your default space!", "color":"#00bfb3", "disabledFeatures":["case_4_feature_a"], "_reserved":true, "imageUrl":"", "initials":"D" } ``` 3. Observe that in response deprecated `case_4_feature_a` is replaced by two features (you can also check http://localhost:5620/app/management/kibana/spaces/edit/default to see how it's reflected in UI) ```http { "id": "default", "name": "Default", "description": "This is your default space!", "color": "#00bfb3", "initials": "D", "imageUrl": "", "disabledFeatures": [ "case_4_feature_a_v2", "case_4_feature_c" ], "_reserved": true } ``` 4. Execute the following request from the Dev Tools (`case_4_feature_b` is a deprecated feature that is replaced by multiple features, but **uses** `deprecated.replacedBy` to set the conceptual feature-successor) ```http PUT kbn:/api/spaces/space/default?overwrite=true { "id":"default", "name":"Default", "description":"This is your default space!", "color":"#00bfb3", "disabledFeatures":["case_4_feature_b"], "_reserved":true, "imageUrl":"", "initials":"D" } ``` 5. Observe that in response deprecated `case_4_feature_b` is replaced by a single feature (you can also check http://localhost:5620/app/management/kibana/spaces/edit/default to see how it's reflected in UI) ```http { "id": "default", "name": "Default", "description": "This is your default space!", "color": "#00bfb3", "initials": "D", "imageUrl": "", "disabledFeatures": [ "case_4_feature_b_v2" ], "_reserved": true } ``` __Required by:__ elastic#202863 (comment) //cc @davismcphee
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
POC to improve the memory consumption of the scripted metrics agg.
Current version
Running the script with the
oom.tsscenario caused an Out of Memory (OOM) error. The heap usage spiked to around 96% before crashing.The problem is caused by the
pathsobject, which is a matrix containing the entire path for all events:Rows: 8517
Columns (avg): 252 (could be many more)
Fields in each item: 3 (
service.name,service.environment,agent.name)Size of a field in bytes (avg): 55
pathsobject consumption per ES request (ROUGH ESTIMATION): 8517 rows * 252 columns * (3 fields * 55 bytes/field) = ~355 MBThis amount of data can also lead to a "content length bigger than the maximum allowed string" exception.
Refactored version
With the refactored version, the heap usage appears linear and didn't exceed 90% in any of the 3 calls made.
The query was streamlined to respond with what is necessary for the frontend to render the map in the
connectionsobject. This creates a much smaller object that the query has to hold in memory compared to what paths require.eg:
With the oom scenario,
connectionsholds approximately 550 unique connections. Therefore:Keys: ~550 * 2 (
sourceanddestination) = 1100Fields in each key: 3 (
service.name,service.environment,agent.namefields)Size of a field in bytes (avg): 55
connectionsobject consumption per ES request (ROUGH ESTIMATION): 1100 keys * (3 fields * 55 bytes/field) = ~177KBWorst-case scenarios, such as a long cyclic map, might still cause the space complexity to be O(N^2) and could potentially lead to an OOM.